Skip to main content
Use this page to configure privacy-related behavior for a repository or for your local machine. By default, Entire redacts common secrets such as API keys, access tokens, credentialed URLs, database connection strings, and private keys before checkpoint metadata is stored. For the full data storage and security model, see Security & Privacy.

Start here if

Use this page to:
  • add PII or custom redaction rules
  • opt in or out of anonymous CLI analytics
  • change checkpoint commit signing

PII redaction

PII redaction is disabled by default. Enable it when checkpoint metadata may include personal information such as email addresses, phone numbers, or addresses.
Use project settings when PII redaction should apply to everyone working in the repository.
.entire/settings.json
{
  "redaction": {
    "pii": {
      "enabled": true,
      "email": true,
      "phone": true,
      "address": false
    }
  }
}
See PII redaction for categories, defaults, and limitations.

User-defined redaction

User-defined redaction lets you redact project-specific strings that Entire’s built-in secret detection may not catch.
Use inline rules for a small number of patterns.
.entire/settings.json
{
  "redaction": {
    "custom_redactions": {
      "acme_token": "ACME_TOKEN_[A-Za-z0-9]{20,}",
      "internal_id": "INTERNAL_[a-z]{6}_[0-9]{4}"
    }
  }
}
Put shared rules in .entire/settings.json. Put private rules in .entire/settings.local.json.
See User-defined redaction for rule pack format, supported regex behavior, and validation details.

Telemetry

Telemetry controls anonymous CLI usage analytics. It does not send prompts, transcripts, source code, file paths, repository names, or flag values.
To opt out in this repository, set:
.entire/settings.json
{
  "telemetry": false
}
Use .entire/settings.local.json instead when the telemetry preference should apply only to your machine.
See Telemetry and analytics for what is and is not captured.

Checkpoint commit signing

Checkpoint commits are signed by default when your Git signing setup is available. To disable signing for the repository, set:
.entire/settings.json
{
  "sign_checkpoint_commits": false
}
Use .entire/settings.local.json instead when the signing preference should apply only to your machine. See Checkpoint commit signing for requirements and best-effort behavior.

Verify privacy settings

After changing privacy settings, run:
entire status --detailed
For redaction changes, run a normal Entire workflow after updating settings. Invalid regexes or malformed rule packs are skipped and written to the logs instead of stopping the CLI.