LUPERSON

Secrets

How secret values are handled, authenticated, and protected before paste.

Secrets

You do not need to keep API tokens or other sensitive data as plain-text rules. ClipReplace treats secret values as Keychain-backed data and uses them only after the required authentication step.

What secret values are

Secret values are replacement items whose storage and display should be handled differently from normal text values.

Examples:

  • API keys
  • short-lived tokens
  • internal fixed passwords
  • connection details you do not want to expose casually

How they differ from normal values

Normal values can be stored and reused directly. Secret values are handled through Keychain and may require authentication or per-run input before replacement.

Authentication flow

Replacements that include secrets always assume a macOS authentication step.

  1. The user runs Replace.
  2. If any active rule needs a secret value, the app requests the required authentication or input.
  3. Replacement runs only with values that passed that step successfully.

Values that must be entered at runtime are collected through the dedicated input window.

Handling after replacement

Results that contain secret values should be treated as temporary data for immediate paste.

Returned to clipboard

After replacement

The replaced text is written back to the clipboard so it can be pasted into the original destination app right away.

Automatic clear

90 seconds

Clipboard results that contain secret values are treated as data for this Mac only and cleared automatically after 90 seconds.

Separated from crash diagnostics

ClipReplace does not intentionally attach clipboard contents or secret values to Crashlytics reports.


Operational assumption

Secret replacement is a paste-time workflow, not a long-term storage workflow. Store long-lived secrets in a separate secure system and use ClipReplace only to insert them when needed.