# pfSense XML Configuration Redactor
The **pfSense XML Configuration Redactor** safely removes sensitive information from `config.xml` exports before they are shared with support, consultants, auditors, or AI tools for security analysis.
## Installation
### From PyPI (recommended)
```bash
pip install pfsense-redactor
```
> **Note:** If you encounter an `externally-managed-environment` error (common on macOS and modern Linux distributions), use one of these alternatives:
>
> **Option 1: Install with pipx (recommended for CLI tools)**
> ```bash
> brew install pipx
> pipx install pfsense-redactor
> ```
>
> **Option 2: Use a virtual environment**
> ```bash
> python3 -m venv venv
> source venv/bin/activate
> pip install pfsense-redactor
> ```
>
> **Option 3: Install in user space**
> ```bash
> pip install --user pfsense-redactor
> ```
### From Source
```bash
git clone https://github.com/grounzero/pfsense-redactor.git
cd pfsense-redactor
```
**Option 1: Development mode (recommended for contributing)**
```bash
pip install -e .
```
**Option 2: With virtual environment**
```bash
python3 -m venv venv
source venv/bin/activate
pip install -e .
```
The tool preserves **network architecture and routing logic** whilst sanitising **secrets and identifiers** allowing safe troubleshooting and topology review without disclosing private data.
> Keeps firewall and routing context
> Removes passwords, keys, public IPs (optional), tokens, certs
> Supports anonymisation for consistent placeholder mapping
> Understands pfSense config structures, namespaces, VPNs, WireGuard, XML attributes, IPv6 zone IDs
---
## Features
### Protects real secrets
- Passwords & encrypted passwords
- Pre-shared keys (IPSec, OpenVPN, WireGuard)
- TLS/OpenVPN static keys & certs
- SNMP community strings
- LDAP / RADIUS secrets
- API keys & tokens
- PEM blocks (RSA / EC / OpenSSH)
### Preserves network logic
- Subnets & masks (255.x.x.x always preserved)
- Router topology
- VLAN and VPN interfaces
- Firewall rules and gateways
### Smart redaction
| Data | Behaviour |
|------|----------|
| Internal IPs | Preserve with `--keep-private-ips` |
| Public IPs | Mask or anonymise |
| Email addresses | Mask or anonymise |
| URLs | Preserve structure, mask hostname |
| MAC addresses | Mask format-preserving |
| Certificates | Collapse to `[REDACTED_CERT_OR_KEY]` |
### Operational modes
| Mode | Purpose |
|------|--------|
| Default | Safe redaction for sharing logs |
| `--keep-private-ips` | Preserve private IPs (best for support/AI) |
| `--anonymise` | Replace identifiers with consistent placeholders (`IP_1`, `domain3.example`) |
| `--aggressive` | Scrub **all** fields (plugins/custom XML) |
---
## Requirements
- **Python 3.8+**
---
## Usage
### Basic usage
```bash
# Output filename auto-generated as config-redacted.xml
pfsense-redactor config.xml
# Or specify output filename explicitly
pfsense-redactor config.xml redacted.xml
```
### Preserve private IPs (recommended)
```bash
pfsense-redactor config.xml redacted.xml --keep-private-ips
```
### Allow-list specific IPs and domains
```bash
# Preserve specific public services (never redact)
pfsense-redactor config.xml --allowlist-ip 8.8.8.8 --allowlist-domain time.nist.gov
# Preserve entire CIDR ranges
pfsense-redactor config.xml --allowlist-ip 203.0.113.0/24
# Use an allow-list file (supports IPs, CIDRs, and domains)
pfsense-redactor config.xml --allowlist-file my-allowlist.txt
```
### Topology-safe anonymisation
```bash
pfsense-redactor config.xml redacted.xml --anonymise
```
### Allow internal DNS names
```bash
pfsense-redactor config.xml redacted.xml --no-redact-domains --keep-private-ips
```
### Aggressive mode
```bash
pfsense-redactor config.xml redacted.xml --aggressive
```
### Dry run
```bash
# Show statistics only
pfsense-redactor config.xml --dry-run
# Show statistics with sample redactions (safely masked)
pfsense-redactor config.xml --dry-run-verbose
```
### Output to STDOUT
```bash
pfsense-redactor config.xml --stdout > redacted.xml
```
### In-place (danger)
```bash
pfsense-redactor config.xml --inplace --force
```
---
## Allow-lists
Allow-lists let you preserve specific well-known IPs and domains that don't leak private information.
### Default allow-list files
The tool automatically loads allow-lists from these locations (if they exist):
1. `.pfsense-allowlist` in current directory
2. `~/.pfsense-allowlist` in home directory
To disable: use `--no-default-allowlist`
### Allow-list file format
Create `.pfsense-allowlist` or use `--allowlist-file`:
```
# Comments start with #
# One item per line (IP, CIDR, or domain)
# Public DNS servers
8.8.8.8
1.1.1.1
# Cloud provider ranges
203.0.113.0/24
198.51.100.0/24
# NTP servers (suffix matching: preserves time.nist.gov and *.time.nist.gov)
time.nist.gov
pool.ntp.org
# Wildcard domains (*.example.org preserves all subdomains)
*.pfsense.org
```
See [`allowlist.example`](allowlist.example) for a complete template.
### CLI allow-list flags
```bash
# Add specific IPs or CIDR ranges (repeatable)
--allowlist-ip 8.8.8.8 --allowlist-ip 203.0.113.0/24
# Add specific domains (repeatable, case-insensitive, supports suffix matching)
--allowlist-domain time.nist.gov --allowlist-domain pool.ntp.org
# Load from file (supports IPs, CIDRs, and domains)
--allowlist-file /path/to/allowlist.txt
# Disable default file loading
--no-default-allowlist
```
**Features:**
- **CIDR support**: `203.0.113.0/24` preserves all IPs in that range
- **Suffix matching**: `example.org` preserves `sub.example.org`, `db.corp.example.org`, etc.
- **Wildcard domains**: `*.example.org` is equivalent to suffix matching on `example.org`
- **IDNA/punycode**: Automatically handles internationalised domains (e.g., `bücher.example` ↔ `xn--bcher-kva.example`)
- **Merged sources**: All CLI flags, files, and default files are combined
**Note:** Items in allow-lists are never redacted in:
- Raw text IP/domain references
- URL hostnames
- Bare FQDNs
---
## Example
### Input
```xml
<openvpn>
<server>
<local>192.168.10.1</local>
<tlsauth>-----BEGIN OpenVPN Static key-----ABC123...</tlsauth>
<remote>198.51.100.10</remote>
<remote_port>443</remote_port>
</server>
</openvpn>
```
### Output (`--keep-private-ips`)
```xml
<openvpn>
<server>
<local>192.168.10.1</local>
<tlsauth>[REDACTED]</tlsauth>
<remote>XXX.XXX.XXX.XXX</remote>
<remote_port>443</remote_port>
</server>
</openvpn>
```
### Output (`--anonymise`)
```xml
<openvpn>
<server>
<local>IP_1</local>
<tlsauth>[REDACTED]</tlsauth>
<remote>IP_2</remote>
<remote_port>443</remote_port>
</server>
</openvpn>
```
---
## Security Notes
> **Never restore the redacted file to pfSense.**
Redacted output is for **analysis only**, because:
- CDATA and comments are removed by XML parser
- PEM blocks and binary data are collapsed
- Some optional metadata fields may be stripped
Always keep the **original secure copy**.
### Path Security
The tool includes built-in protections against malicious file path operations:
**Default behaviour (secure):**
- Only relative paths are allowed by default
- Directory traversal (`../../../etc/passwd`) is blocked
- Paths with null bytes are rejected
- Writing to system directories (`/etc`, `/sys`, `/proc`, `/Windows/System32`, etc.) is blocked
- Safe locations (home directory, current working directory, temp directories) are automatically allowed
**Using `--allow-absolute-paths`:**
- Enables absolute paths for intentional use cases
- Still blocks writes to sensitive system directories
- Still blocks directory traversal attempts
- Useful when you need to specify full paths explicitly
**Examples:**
```bash
# Safe: relative path (default)
pfsense-redactor config.xml output.xml
# Blocked: absolute path without flag
pfsense-redactor /etc/config.xml output.xml
# Error: Absolute paths not allowed (use --allow-absolute-paths)
# Blocked: directory traversal
pfsense-redactor ../../../etc/passwd output.xml
# Error: Path contains directory traversal components (..)
# Blocked: writing to system directory (even with flag)
pfsense-redactor config.xml /etc/output.xml --allow-absolute-paths
# Error: Cannot write to sensitive system directory
# Allowed: absolute path to safe location with flag
pfsense-redactor ~/config.xml ~/output.xml --allow-absolute-paths
# Blocked: in-place editing of system files
pfsense-redactor /etc/hosts --inplace --force --allow-absolute-paths
# Error: Cannot use --inplace with this file
```
**Protected system directories:**
- Unix/Linux: `/etc`, `/sys`, `/proc`, `/dev`, `/boot`, `/root`, `/bin`, `/sbin`, `/usr/bin`, `/usr/sbin`, `/lib`, `/lib64`, `/var/log`, `/var/run`, `/tmp`, `/run`
- Windows: `C:\Windows`, `C:\Windows\System32`, `C:\Program Files`, `C:\ProgramData`
- Critical files: `/etc/passwd`, `/etc/shadow`, `/etc/sudoers`, etc.
---
## Testing
### Dry run summary
```bash
# Statistics only
pfsense-redactor config.xml --dry-run
# Statistics with sample redactions (safely masked to avoid leaks)
pfsense-redactor config.xml --dry-run-verbose
```
**Sample output with `--dry-run-verbose`:**
```
[+] Redaction summary:
- Passwords/keys/secrets: 10
- Certificates: 6
- IP addresses: 26
- Domain names: 47
[+] Samples of changes (limit N=5):
IP: 198.51.***.42 → XXX.XXX.XXX.XXX
IP: 2001:db8:*:****::1 → XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX
URL: https://198.51.***.42/admin → https://XXX.XXX.XXX.XXX/admin
FQDN: db.***.example.org → example.com
MAC: aa:bb:**:**:ee:ff → XX:XX:XX:XX:XX:XX
Secret: p****************d (len=18) → [REDACTED]
Cert/Key: PEM blob (len≈2048) → [REDACTED_CERT_OR_KEY]
```
**Sample masking policy** (prevents leaks in dry-run output):
- **IP**: Keep first and last octet/segment, mask middle (e.g., `198.51.***.42`)
- **URL**: Show full URL but mask host as above
- **FQDN**: Keep TLD and one left label, mask rest (e.g., `db.***.example.org`)
- **MAC**: Mask middle octets (e.g., `aa:bb:**:**:ee:ff`)
- **Secret**: Show length and first/last 2 chars only (e.g., `p****************d (len=18)`)
- **Cert/Key**: Just show placeholder with length (e.g., `PEM blob (len≈2048)`)
### Recommended test flags
| Purpose | Command |
|--------|---------|
| Support & AI review | `--keep-private-ips --no-redact-domains` |
| Topology map w/o identifiers | `--anonymise` |
| Nuke everything | `--aggressive` |
---
## Stats example
```
[+] Redaction summary:
- Passwords/keys/secrets: 4
- Certificates: 2
- IP addresses: 11
- MAC addresses: 3
- Domain names: 5
- Email addresses: 1
- URLs: 2
```
---
## Contributing
Pull requests welcome. Particularly:
- Additional pfSense element coverage
- Plugin XML tag packs (WireGuard, pfBlockerNG, HAProxy, Snort, ACME, FRR)
- Unit test configs
---
## Licence
MIT
Raw data
{
"_id": null,
"home_page": null,
"name": "pfsense-redactor",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.9",
"maintainer_email": null,
"keywords": "pfsense, security, redaction, privacy, firewall, config, xml",
"author": "pfSense Redactor Contributors",
"author_email": null,
"download_url": "https://files.pythonhosted.org/packages/ae/d3/c49c6eb76d2f7261de5cd68843f7422cf3878fdc0fe098f6e68a674e26e5/pfsense_redactor-1.0.8.tar.gz",
"platform": null,
"description": "# pfSense XML Configuration Redactor\n\nThe **pfSense XML Configuration Redactor** safely removes sensitive information from `config.xml` exports before they are shared with support, consultants, auditors, or AI tools for security analysis.\n\n## Installation\n\n### From PyPI (recommended)\n\n```bash\npip install pfsense-redactor\n```\n\n> **Note:** If you encounter an `externally-managed-environment` error (common on macOS and modern Linux distributions), use one of these alternatives:\n>\n> **Option 1: Install with pipx (recommended for CLI tools)**\n> ```bash\n> brew install pipx\n> pipx install pfsense-redactor\n> ```\n>\n> **Option 2: Use a virtual environment**\n> ```bash\n> python3 -m venv venv\n> source venv/bin/activate\n> pip install pfsense-redactor\n> ```\n>\n> **Option 3: Install in user space**\n> ```bash\n> pip install --user pfsense-redactor\n> ```\n\n### From Source\n\n```bash\ngit clone https://github.com/grounzero/pfsense-redactor.git\ncd pfsense-redactor\n```\n\n**Option 1: Development mode (recommended for contributing)**\n```bash\npip install -e .\n```\n\n**Option 2: With virtual environment**\n```bash\npython3 -m venv venv\nsource venv/bin/activate\npip install -e .\n```\n\nThe tool preserves **network architecture and routing logic** whilst sanitising **secrets and identifiers** allowing safe troubleshooting and topology review without disclosing private data.\n\n> Keeps firewall and routing context \n> Removes passwords, keys, public IPs (optional), tokens, certs \n> Supports anonymisation for consistent placeholder mapping \n> Understands pfSense config structures, namespaces, VPNs, WireGuard, XML attributes, IPv6 zone IDs\n\n---\n\n## Features\n\n### Protects real secrets\n- Passwords & encrypted passwords\n- Pre-shared keys (IPSec, OpenVPN, WireGuard)\n- TLS/OpenVPN static keys & certs\n- SNMP community strings\n- LDAP / RADIUS secrets\n- API keys & tokens\n- PEM blocks (RSA / EC / OpenSSH)\n\n### Preserves network logic\n- Subnets & masks (255.x.x.x always preserved)\n- Router topology\n- VLAN and VPN interfaces\n- Firewall rules and gateways\n\n### Smart redaction\n| Data | Behaviour |\n|------|----------|\n| Internal IPs | Preserve with `--keep-private-ips` |\n| Public IPs | Mask or anonymise |\n| Email addresses | Mask or anonymise |\n| URLs | Preserve structure, mask hostname |\n| MAC addresses | Mask format-preserving |\n| Certificates | Collapse to `[REDACTED_CERT_OR_KEY]` |\n\n### Operational modes\n\n| Mode | Purpose |\n|------|--------|\n| Default | Safe redaction for sharing logs |\n| `--keep-private-ips` | Preserve private IPs (best for support/AI) |\n| `--anonymise` | Replace identifiers with consistent placeholders (`IP_1`, `domain3.example`) |\n| `--aggressive` | Scrub **all** fields (plugins/custom XML) |\n\n---\n\n## Requirements\n\n- **Python 3.8+**\n\n---\n\n## Usage\n\n### Basic usage\n```bash\n# Output filename auto-generated as config-redacted.xml\npfsense-redactor config.xml\n\n# Or specify output filename explicitly\npfsense-redactor config.xml redacted.xml\n```\n\n### Preserve private IPs (recommended)\n```bash\npfsense-redactor config.xml redacted.xml --keep-private-ips\n```\n\n### Allow-list specific IPs and domains\n```bash\n# Preserve specific public services (never redact)\npfsense-redactor config.xml --allowlist-ip 8.8.8.8 --allowlist-domain time.nist.gov\n\n# Preserve entire CIDR ranges\npfsense-redactor config.xml --allowlist-ip 203.0.113.0/24\n\n# Use an allow-list file (supports IPs, CIDRs, and domains)\npfsense-redactor config.xml --allowlist-file my-allowlist.txt\n```\n\n### Topology-safe anonymisation\n```bash\npfsense-redactor config.xml redacted.xml --anonymise\n```\n\n### Allow internal DNS names\n```bash\npfsense-redactor config.xml redacted.xml --no-redact-domains --keep-private-ips\n```\n\n### Aggressive mode\n```bash\npfsense-redactor config.xml redacted.xml --aggressive\n```\n\n### Dry run\n```bash\n# Show statistics only\npfsense-redactor config.xml --dry-run\n\n# Show statistics with sample redactions (safely masked)\npfsense-redactor config.xml --dry-run-verbose\n```\n\n### Output to STDOUT\n```bash\npfsense-redactor config.xml --stdout > redacted.xml\n```\n\n### In-place (danger)\n```bash\npfsense-redactor config.xml --inplace --force\n```\n\n---\n\n## Allow-lists\n\nAllow-lists let you preserve specific well-known IPs and domains that don't leak private information.\n\n### Default allow-list files\n\nThe tool automatically loads allow-lists from these locations (if they exist):\n1. `.pfsense-allowlist` in current directory\n2. `~/.pfsense-allowlist` in home directory\n\nTo disable: use `--no-default-allowlist`\n\n### Allow-list file format\n\nCreate `.pfsense-allowlist` or use `--allowlist-file`:\n\n```\n# Comments start with #\n# One item per line (IP, CIDR, or domain)\n\n# Public DNS servers\n8.8.8.8\n1.1.1.1\n\n# Cloud provider ranges\n203.0.113.0/24\n198.51.100.0/24\n\n# NTP servers (suffix matching: preserves time.nist.gov and *.time.nist.gov)\ntime.nist.gov\npool.ntp.org\n\n# Wildcard domains (*.example.org preserves all subdomains)\n*.pfsense.org\n```\n\nSee [`allowlist.example`](allowlist.example) for a complete template.\n\n### CLI allow-list flags\n\n```bash\n# Add specific IPs or CIDR ranges (repeatable)\n--allowlist-ip 8.8.8.8 --allowlist-ip 203.0.113.0/24\n\n# Add specific domains (repeatable, case-insensitive, supports suffix matching)\n--allowlist-domain time.nist.gov --allowlist-domain pool.ntp.org\n\n# Load from file (supports IPs, CIDRs, and domains)\n--allowlist-file /path/to/allowlist.txt\n\n# Disable default file loading\n--no-default-allowlist\n```\n\n**Features:**\n- **CIDR support**: `203.0.113.0/24` preserves all IPs in that range\n- **Suffix matching**: `example.org` preserves `sub.example.org`, `db.corp.example.org`, etc.\n- **Wildcard domains**: `*.example.org` is equivalent to suffix matching on `example.org`\n- **IDNA/punycode**: Automatically handles internationalised domains (e.g., `b\u00fccher.example` \u2194 `xn--bcher-kva.example`)\n- **Merged sources**: All CLI flags, files, and default files are combined\n\n**Note:** Items in allow-lists are never redacted in:\n- Raw text IP/domain references\n- URL hostnames\n- Bare FQDNs\n\n---\n\n## Example\n\n### Input\n```xml\n<openvpn>\n <server>\n <local>192.168.10.1</local>\n <tlsauth>-----BEGIN OpenVPN Static key-----ABC123...</tlsauth>\n <remote>198.51.100.10</remote>\n <remote_port>443</remote_port>\n </server>\n</openvpn>\n```\n\n### Output (`--keep-private-ips`)\n```xml\n<openvpn>\n <server>\n <local>192.168.10.1</local>\n <tlsauth>[REDACTED]</tlsauth>\n <remote>XXX.XXX.XXX.XXX</remote>\n <remote_port>443</remote_port>\n </server>\n</openvpn>\n```\n\n### Output (`--anonymise`)\n```xml\n<openvpn>\n <server>\n <local>IP_1</local>\n <tlsauth>[REDACTED]</tlsauth>\n <remote>IP_2</remote>\n <remote_port>443</remote_port>\n </server>\n</openvpn>\n```\n\n---\n\n## Security Notes\n\n> **Never restore the redacted file to pfSense.**\n\nRedacted output is for **analysis only**, because:\n\n- CDATA and comments are removed by XML parser\n- PEM blocks and binary data are collapsed\n- Some optional metadata fields may be stripped\n\nAlways keep the **original secure copy**.\n\n### Path Security\n\nThe tool includes built-in protections against malicious file path operations:\n\n**Default behaviour (secure):**\n- Only relative paths are allowed by default\n- Directory traversal (`../../../etc/passwd`) is blocked\n- Paths with null bytes are rejected\n- Writing to system directories (`/etc`, `/sys`, `/proc`, `/Windows/System32`, etc.) is blocked\n- Safe locations (home directory, current working directory, temp directories) are automatically allowed\n\n**Using `--allow-absolute-paths`:**\n- Enables absolute paths for intentional use cases\n- Still blocks writes to sensitive system directories\n- Still blocks directory traversal attempts\n- Useful when you need to specify full paths explicitly\n\n**Examples:**\n```bash\n# Safe: relative path (default)\npfsense-redactor config.xml output.xml\n\n# Blocked: absolute path without flag\npfsense-redactor /etc/config.xml output.xml\n# Error: Absolute paths not allowed (use --allow-absolute-paths)\n\n# Blocked: directory traversal\npfsense-redactor ../../../etc/passwd output.xml\n# Error: Path contains directory traversal components (..)\n\n# Blocked: writing to system directory (even with flag)\npfsense-redactor config.xml /etc/output.xml --allow-absolute-paths\n# Error: Cannot write to sensitive system directory\n\n# Allowed: absolute path to safe location with flag\npfsense-redactor ~/config.xml ~/output.xml --allow-absolute-paths\n\n# Blocked: in-place editing of system files\npfsense-redactor /etc/hosts --inplace --force --allow-absolute-paths\n# Error: Cannot use --inplace with this file\n```\n\n**Protected system directories:**\n- Unix/Linux: `/etc`, `/sys`, `/proc`, `/dev`, `/boot`, `/root`, `/bin`, `/sbin`, `/usr/bin`, `/usr/sbin`, `/lib`, `/lib64`, `/var/log`, `/var/run`, `/tmp`, `/run`\n- Windows: `C:\\Windows`, `C:\\Windows\\System32`, `C:\\Program Files`, `C:\\ProgramData`\n- Critical files: `/etc/passwd`, `/etc/shadow`, `/etc/sudoers`, etc.\n\n---\n\n## Testing\n\n### Dry run summary\n```bash\n# Statistics only\npfsense-redactor config.xml --dry-run\n\n# Statistics with sample redactions (safely masked to avoid leaks)\npfsense-redactor config.xml --dry-run-verbose\n```\n\n**Sample output with `--dry-run-verbose`:**\n```\n[+] Redaction summary:\n - Passwords/keys/secrets: 10\n - Certificates: 6\n - IP addresses: 26\n - Domain names: 47\n\n[+] Samples of changes (limit N=5):\n IP: 198.51.***.42 \u2192 XXX.XXX.XXX.XXX\n IP: 2001:db8:*:****::1 \u2192 XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX\n URL: https://198.51.***.42/admin \u2192 https://XXX.XXX.XXX.XXX/admin\n FQDN: db.***.example.org \u2192 example.com\n MAC: aa:bb:**:**:ee:ff \u2192 XX:XX:XX:XX:XX:XX\n Secret: p****************d (len=18) \u2192 [REDACTED]\n Cert/Key: PEM blob (len\u22482048) \u2192 [REDACTED_CERT_OR_KEY]\n```\n\n**Sample masking policy** (prevents leaks in dry-run output):\n- **IP**: Keep first and last octet/segment, mask middle (e.g., `198.51.***.42`)\n- **URL**: Show full URL but mask host as above\n- **FQDN**: Keep TLD and one left label, mask rest (e.g., `db.***.example.org`)\n- **MAC**: Mask middle octets (e.g., `aa:bb:**:**:ee:ff`)\n- **Secret**: Show length and first/last 2 chars only (e.g., `p****************d (len=18)`)\n- **Cert/Key**: Just show placeholder with length (e.g., `PEM blob (len\u22482048)`)\n\n### Recommended test flags\n| Purpose | Command |\n|--------|---------|\n| Support & AI review | `--keep-private-ips --no-redact-domains` |\n| Topology map w/o identifiers | `--anonymise` |\n| Nuke everything | `--aggressive` |\n\n---\n\n## Stats example\n\n```\n[+] Redaction summary:\n - Passwords/keys/secrets: 4\n - Certificates: 2\n - IP addresses: 11\n - MAC addresses: 3\n - Domain names: 5\n - Email addresses: 1\n - URLs: 2\n```\n\n---\n\n## Contributing\n\nPull requests welcome. Particularly:\n\n- Additional pfSense element coverage\n- Plugin XML tag packs (WireGuard, pfBlockerNG, HAProxy, Snort, ACME, FRR)\n- Unit test configs\n\n---\n\n## Licence\n\nMIT\n\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "Safely removes sensitive information from pfSense config.xml exports",
"version": "1.0.8",
"project_urls": {
"Homepage": "https://github.com/grounzero/pfsense-redactor",
"Issues": "https://github.com/grounzero/pfsense-redactor/issues",
"Repository": "https://github.com/grounzero/pfsense-redactor"
},
"split_keywords": [
"pfsense",
" security",
" redaction",
" privacy",
" firewall",
" config",
" xml"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "091792ad545efb628fea44e0036b678578ec18c78ec460a3e660963dc98f4454",
"md5": "d0d7621dbcfe162f714a3fac635d4fec",
"sha256": "f3d168cbd7063af4808586e38f53e065a226b42d56a7f8182eeba00c665ac270"
},
"downloads": -1,
"filename": "pfsense_redactor-1.0.8-py3-none-any.whl",
"has_sig": false,
"md5_digest": "d0d7621dbcfe162f714a3fac635d4fec",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.9",
"size": 29236,
"upload_time": "2025-11-05T20:14:52",
"upload_time_iso_8601": "2025-11-05T20:14:52.764485Z",
"url": "https://files.pythonhosted.org/packages/09/17/92ad545efb628fea44e0036b678578ec18c78ec460a3e660963dc98f4454/pfsense_redactor-1.0.8-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "aed3c49c6eb76d2f7261de5cd68843f7422cf3878fdc0fe098f6e68a674e26e5",
"md5": "ec44fd6550de745b37e588c8983302bd",
"sha256": "27c691732fafc37ae7fd0e164721471b6f08bff2102f57bde81e7fcbba1e8f59"
},
"downloads": -1,
"filename": "pfsense_redactor-1.0.8.tar.gz",
"has_sig": false,
"md5_digest": "ec44fd6550de745b37e588c8983302bd",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.9",
"size": 194286,
"upload_time": "2025-11-05T20:14:54",
"upload_time_iso_8601": "2025-11-05T20:14:54.065448Z",
"url": "https://files.pythonhosted.org/packages/ae/d3/c49c6eb76d2f7261de5cd68843f7422cf3878fdc0fe098f6e68a674e26e5/pfsense_redactor-1.0.8.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-11-05 20:14:54",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "grounzero",
"github_project": "pfsense-redactor",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "pfsense-redactor"
}
JSON
