# How To: Prevent Secrets from Leaking

Use Warp Rules and built-in secret reduction to prevent API keys and credentials from leaking in agent output, demos, and shared sessions.

Learn how to safeguard credentials and sensitive data using Warp’s secret-reduction and Rule system.

![YouTube video](https://i.ytimg.com/vi/2ECPFKtQpVk/sddefault.jpg)

This tutorial shows how to use Warp’s **Rules** to prevent AI agents or collaborators from exposing sensitive information while coding or sharing output. Whether you’re pair-programming, streaming, or reviewing code, Warp can automatically redact secrets before they’re ever seen by an agent.

1.  #### The Problem
    
    AI assistants often echo API keys, tokens, or credentials in generated code blocks.  
    When collaborating or screen-sharing, that can expose secrets publicly.
    
2.  #### The Rule Setup
    
    Define a simple Rule in Warp that instructs the agent to **never display secrets** in outputs or commands.
    
    ```
    Rule: Protect SecretsBehavior:- Never include or reveal secrets when generating code or commands.- Automatically redact sensitive strings before showing output.
    ```
    
    Note
    
    Enable Warp’s built-in Secret Reduction:
    
    Settings → AI → Enable Secret Reduction
    
    This automatically masks sensitive values before the agent or output logs can access them.
    
3.  #### Benefits
    
    -   Protects API keys and credentials from exposure
    -   Keeps live streams and demos safe
    -   Works seamlessly with pair-programming or AI debugging