Skip to main content

String Obfuscator

Mask the middle of a string with asterisks, keeping a configurable number of leading/trailing characters, spaces, and chosen characters visible. Useful for partially hiding emails, card numbers, or IDs in screenshots and docs.

Input

Number of leading characters to leave visible

Number of trailing characters to leave visible

Enter characters to keep visible (e.g., @ for emails, . for domains)

Output

Obfuscated String
Was this helpful?

Guides

The String Obfuscator masks the middle of any text with asterisks (*) while leaving a chosen number of leading and trailing characters visible. It's a quick way to partially hide an email address, card number, phone number, API key, or any other sensitive-looking string before you paste it into a screenshot, a support ticket, documentation, or a Slack message.

Important: this is masking, not encryption. The tool doesn't encode, encrypt, hash, or otherwise transform the original text into something that can be reversed — it simply overwrites characters with * and discards them. That's exactly what makes it useful for redacting text you're about to show someone: there's no key, no decoder, and no way to recover the hidden characters from the output, because they're gone. Don't rely on it as an access-control or security mechanism (it won't stop someone from guessing a short masked value, and it does nothing to protect data at rest or in transit) — it's purely a visual redaction aid for text you're already choosing to share.

How it works

  1. Paste the string you want to obfuscate into the input box.
  2. Set Keep first and Keep last to the number of characters you want visible at the start and end of the string (both default to 4 — enough to show "this is the right account" without exposing it).
  3. Toggle Keep spaces on if you want whitespace inside the masked region left as spaces rather than turned into asterisks — this keeps multi-word or grouped values (like a spaced card number) readable in shape.
  4. Optionally list characters in Keep characters that should always stay visible wherever they appear in the middle of the string — useful for keeping the @ and . in an email address so the structure is still recognizable (e.g. jo**.***@*******.***), or keeping - visible in a formatted ID.
  5. The result appears instantly in Obfuscated String — copy it or download it as a .txt file.

If the string is shorter than or equal to the combined "keep first" + "keep last" count, there's nothing left to mask, so it's returned unchanged rather than being obfuscated down to nothing.

Example

Obfuscating john.doe@example.com with the defaults (keep first 4, keep last 4, keep spaces on, no extra kept characters) produces:

john************.com

Add @. to Keep characters and it becomes:

jo**.***@*******.***

which still visibly reads as "an email address" without exposing the local part or domain.

Common uses

  • Redacting an email or card number in a bug report or support screenshot
  • Hiding most of an API key or token in shared documentation while keeping enough visible to identify which one it is
  • Masking a phone number, SSN-like ID, or account number before pasting it somewhere less trusted
  • Preparing sanitized sample data for a demo or presentation

Does this run on my device?

Yes. Obfuscation happens entirely in your browser — the string you enter is never sent to a server, so it's safe to use on real sensitive values you're about to redact.

Can I get the original string back from the obfuscated output?

No. The masked characters are replaced with * and not stored anywhere in the output, so the transformation is one-way by design. If you need the original later, keep it somewhere separate — the obfuscated string alone can't be reversed.

maskredactobfuscateemailprivacyhide

Love the tools? Lose the ads.

One payment clears every ad from your account, for good. No subscription, no tracking.