Skip to main content
The Rehydra OpenCode plugin intercepts the conversation between OpenCode and the LLM. It automatically detects PII and secrets in all messages, replaces them with placeholders before they leave your machine, and transparently restores real values before any tool executes locally.

Installation

Add the plugin to your opencode.json:
The plugin automatically detects PII (emails, phone numbers, credit cards, etc.) and secrets (API keys, JWTs, connection strings, etc.) in all messages. It also reads .env in your project root to catch exact secret values wherever they appear.
Requires Node.js 18+ and depends on the rehydra SDK package (installed automatically).

Configuration

For custom settings, create .opencode/plugins/rehydra.ts:

Options

What Gets Detected

The plugin uses Rehydra’s full detection suite automatically — no configuration needed. Structured PII — detected via pattern matching:
  • Emails, phone numbers, credit card numbers
  • IBANs, BIC/SWIFT codes, account numbers
  • IP addresses, URLs (disabled by default — set disableTypes: [] to enable)
  • Tax IDs, national IDs
Secrets — detected via provider-specific patterns:
  • API keys (OpenAI, Anthropic, GitHub, Stripe, Slack, and others)
  • JWTs, private keys (PEM), connection strings
  • AWS access keys and secret keys
  • Secret values in .env files and JSON/YAML/TOML configs
Soft PII (optional, via NER model — not recommended due to significant added latency):
  • Names, organizations, locations, addresses
Additional sources:
  • Exact values from .env files (matched anywhere in text)
  • Explicit values passed via redactValues

How It Works

The plugin uses five OpenCode hooks — everything runs locally and no data leaves your machine except the scrubbed conversation sent to the LLM provider.
The system prompt instruction is only injected after at least one secret has been anonymized, keeping prompts clean when no secrets are present.

Session Handling

Each OpenCode session gets its own Rehydra session. PII mappings are consistent within a session — the same secret always maps to the same placeholder, so the LLM can reason about relationships between values without seeing the real data.

Tool Argument Rehydration

When the LLM generates a tool call (e.g., a shell command containing a placeholder), the plugin deep-walks all argument values and restores real secrets before execution. This means commands like git push, curl, or zwrm secrets set receive the actual credential values.
OpenCode’s tool.execute.before hook passes args by reference — the plugin mutates args in-place rather than replacing the object, which is required for the rehydrated values to take effect.

Logging

Plugin activity is logged to OpenCode’s log directory (~/.local/share/opencode/log/). Run OpenCode with --log-level DEBUG for detailed output.

Custom Tag Format

Use tagFormat to change placeholder delimiters, for example when XML-style tags interfere with your workflow:
This produces placeholders like [[PII type="EMAIL" id="1"]] instead of <PII type="EMAIL" id="1"/>.

Advanced: Full Anonymizer Config

For full control, pass an anonymizer config directly. This overrides envFiles, redactValues, and minValueLength:
See the createAnonymizer API reference for all available options.

Next Steps

PII Types

See all PII types Rehydra can detect

LLM Proxy

Anonymize API calls in server-side workflows