Sign in Subscribe
Concepts

PII leakage prevention in shell completion

Andrios Robert

1 min read

PII leakage prevention in shell completion has become a critical layer in secure engineering. Autocomplete is fast, but it is also blind. It can surface file names, environment variables, or command arguments that contain personally identifiable information. When shells like Bash, Zsh, or Fish read from history and filesystem paths to offer completions, they do not know if those values are safe.

Preventing PII leakage in completion means intercepting the process before unsafe data appears on screen or enters command history. Core steps include:

  • Filter completion results: Hook into shell completion functions. Remove matches containing patterns like email addresses, SSNs, or access tokens.
  • Limit history reads: Configure the shell to ignore commands with sensitive arguments when offering suggestions.
  • Sanitize output from scripts: Completion often calls helper scripts. Ensure these scripts redact PII before returning results.
  • Use secure defaults: In design, prefer restrictive completion generation. Expand scope only when safe.

For Bash and Zsh, custom completion scripts can wrap existing completions with pattern matching using tools like grep -v or direct string matching in the shell’s own functions. In Fish, completion definitions are stored in .fish script files—edit them to skip unsafe entries. In all cases, keeping the completion filtering inside the script avoids exposing data to the terminal entirely.

Sensitive data leaks sometimes happen through indirect sources: symlinks with private names, temporary files named after users, or config directories storing tokens. Shell completion is a vector because users trust it as harmless UI. Defense is simple if built at the right layer: before data leaves trusted memory.

The performance cost of filtering is negligible compared to the impact of a breach. Code the checks once, test them with real filesystem data, and keep a list of PII patterns updated with evolving regulations and internal policy. If you integrate CI checks on completion scripts, you catch unsafe suggestions early.

Secure completion isn't about slowing engineers down. It's about ensuring the shell never becomes a source of secrets for the wrong eyes.

See how Pii Leakage Prevention Shell Completion works in practice — try it now with hoop.dev and get it live in minutes.