Skip to main content

Trust & Transparency

We understand that feeding your secrets through any tool requires trust. This page explains exactly what Shield does with your data — and what it doesn’t.

Your Secrets Never Leave Your Machine

TL;DR: Secret values are processed entirely locally. We never see, store, or transmit your actual secrets.
Here’s exactly what happens when you run dotset run:
  1. Secrets are read from your providers (.env, AWS SM, environment variables)
  2. Values are held in-memory during command execution only
  3. Output streams are scanned for these values and redacted
  4. After exit, secret values are garbage collected — never written to disk

What is NOT Sent to Our Servers

DataSent?Reason
Secret values❌ NeverProcessed locally only
Secret names/keys❌ NeverNot needed for analytics
Build log contents❌ NeverRedaction happens locally
Source code❌ NeverWe never access your code
.env file contents❌ NeverRead locally, never transmitted

What Telemetry IS Sent

When you use dotset link to enable cloud analytics, we send only metadata:
FieldExamplePurpose
secretCount5Track how many secrets you’re protecting
exposureCount2Measure redaction effectiveness
exposures[{patternName: "ENV:API_KEY", count: 1}]Pattern names only (not values)
providers["dotenv", "environment"]Understand provider usage
mode"redact"Track protection mode adoption
duration1234Performance monitoring
command"npm start"General usage patterns
exitCode0Track command success
You can verify this yourself by reading telemetry.ts on GitHub.

Offline-First Design

Shield is designed to work 100% offline. Cloud features are completely optional:
FeatureRequires Cloud?
Secret redaction❌ No
.env file loading❌ No
Protection modes (detect/redact/block)❌ No
HTML report generation❌ No
Local CI runner❌ No
Protection analytics✅ Yes (opt-in)
Custom security policies✅ Yes (opt-in)
Email/Slack alerts✅ Yes (opt-in)

Disabling All Cloud Features

# Run with no telemetry sent
dotset run --no-telemetry -- npm start
Or never link your project — Shield works without any account.

Open Source & Auditable

The entire Shield CLI is open source under the MIT license. You can:

View Source Code

Full source on GitHub

Audit Telemetry

See exactly what data is sent

Build From Source

Clone and build locally instead of using npm

Report Issues

Security issues welcome via responsible disclosure

Verify It Yourself

Don’t trust us? Good. Here’s how to verify our claims:

1. Read the Code

The telemetry module is ~150 lines. All server communication goes through reportProtectionEvent(): 
// From src/telemetry.ts - this is ALL that's sent
export interface ProtectionEventData {
    runId: string;
    command: string;
    mode: 'detect' | 'redact' | 'block';
    providers: string[];
    secretCount: number;        // Just the count
    exposureCount: number;      // Just the count
    exposures: ExposureDetail[]; // Pattern names only
    duration: number;
    exitCode: number;
    timestamp: string;
}
No secret values. No secret names. Just counts and metadata.

2. Monitor Network Traffic

Run with --no-telemetry and watch for network activity: 
# No network requests will be made
dotset run --no-telemetry -- npm start

3. Build From Source

git clone https://github.com/dotsetlabs/shield
cd shield
npm install
npm run build
npm link

# Now use your locally-built version
dotset run -- npm start

Security Contact

Found a security issue? We take security seriously. Email: [email protected] We follow responsible disclosure practices and will work with you to address any vulnerabilities.