Java heap dumps can expose sensitive data like passwords and secrets stored on the heap. hprof-redact is a new open-source CLI tool and library that addresses this by nulling out primitives and string values in HPROF heap dump files. It supports three built-in transformers (zero, zero-strings, drop-strings) and can be used as a Maven library to implement custom redaction logic via the HprofTransformer interface. The tool uses a two-pass parsing approach for efficiency with large files and is available via GitHub releases or jbang.
Table of contents
Heap DumpsWhy do we need to redact?Using hprof-redactImplementing your own redactionConclusionAuthorRelated Posts:Sort: