Skip to main content
Recognizers are the detection building blocks in Rehydra. They decide which spans count as sensitive before placeholders are generated.

Four Recognizer Sources

Built-in Regex Recognizers

These cover structured values with stable formats, such as emails, phone numbers, dates, IBANs, URLs, and credit card numbers. They are fast, local, and usually the default foundation of a Rehydra setup.

NER-Based Detection

The optional NER model handles contextual entities that are hard to capture with regex alone, especially:
  • PERSON
  • ORG
  • LOCATION
  • ADDRESS
  • DATE_OF_BIRTH
This layer is useful when privacy depends on names and other meaning-dependent entities, not just formatted identifiers.

Secrets Recognizers

The opt-in secrets recognizers detect credentials and keys such as API keys, private keys, JWTs, database connection strings, AWS credentials, and secrets embedded in .env files or config files. They are enabled by setting secrets: { enabled: true } in createAnonymizer().

Custom Recognizers

Custom recognizers let you add business-specific patterns like order IDs, support tickets, claim numbers, or internal account references. They are the right tool when your domain has sensitive identifiers the built-in recognizers do not know about.

How Recognizers Work Together

Rehydra can combine multiple sources in one pass:
  • Regex recognizers detect structured values
  • NER detects contextual values if enabled
  • Secrets recognizers detect credentials and keys if enabled
  • Custom recognizers add product- or company-specific coverage
  • Overlapping matches are resolved by policy rules

Registry and Extensibility

The SDK exposes a recognizer registry so you can register or remove recognizers and even supply a custom registry to createAnonymizer(). 
const registry = anonymizer.getRegistry();
registry.register(myRecognizer);

Choosing the Right Recognizer Strategy

Use built-in regex recognizers when:
  • Formats are predictable
  • You want fast local detection
  • You do not need model downloads
Use NER when:
  • You need names, organizations, or locations
  • Context matters more than fixed format
Use secrets recognizers when:
  • Your text may contain API keys, tokens, or database credentials
  • You process .env files or config files with embedded secrets
  • You want to prevent credential leaks to LLMs or external services
Use custom recognizers when:
  • You need to protect internal identifiers
  • Your domain uses proprietary patterns
  • You want narrow, high-precision rules for business data

Next Steps

PII Types

See the categories recognizers map into.

Secrets Detection

Enable detection for credentials and keys.

Custom Recognizers

Implement your own recognizers and registry setup.