ChatGPT has become a surprisingly useful tool for network troubleshooting. It can explain why a BGP neighbor goes down, suggest why your IPsec tunnel keeps resetting every four hours, and help you spot misconfigurations in firewall policies that would take you an hour to trace manually.
The problem is the workflow. To get useful help, you need to share your config. And your config contains active VPN pre-shared keys, admin passwords, API tokens, and SNMP strings that are live right now on your production network.
ScrubForge solves exactly this: sanitize the config locally before it leaves your browser, then paste the clean version anywhere.
Why Pasting Raw Configs into ChatGPT Is a Risk
When you paste a config into ChatGPT, that text goes to OpenAI’s servers. Depending on your account settings and region, it may be:
- Stored for a period of time on OpenAI’s infrastructure
- Used for model training if you have not explicitly opted out
- Accessible to support staff in abuse investigations
None of this is unusual — it applies to most cloud services. A production firewall config containing live credentials does not belong on an external server. The fix is not to stop using AI for troubleshooting. The fix is to sanitize first.
The ScrubForge + ChatGPT Workflow
-
1Export your running configOn Cisco IOS:
show running-config. On FortiGate: System > Configuration > Download. Most vendors have a CLI command or a web UI export option. -
2Open ScrubForgeClick the ScrubForge icon in your Chrome toolbar. It opens as a local panel directly in your browser — no upload, no external connection, nothing leaves your machine at this step.
-
3Paste and sanitizePaste your raw config into ScrubForge. It detects passwords, pre-shared keys, API tokens, private keys, and SNMP community strings — replacing each unique value with a consistent placeholder like
[PSK_1]or[ADMIN_PASS_1]. -
4Review the sanitized outputScan for anything that looks like a live credential. ScrubForge catches common patterns, but a 30-second review before sharing is good practice, especially for vendor-specific or custom fields.
-
5Paste into ChatGPT with contextDescribe your problem clearly, then paste the sanitized config. ChatGPT can analyze the logical structure — routing, VPN settings, firewall policies — without seeing any real credentials.
Before and After: What ScrubForge Replaces
Here’s a Cisco IOS snippet showing what the sanitization looks like in practice:
--- BEFORE (raw) --- crypto isakmp key T@nn3lS3cr3t address 198.51.100.10 username netadmin password 7 094F471A1A0A snmp-server community public RO snmp-server community pr1vate_mon RW --- AFTER (sanitized) --- crypto isakmp key [PSK_1] address 198.51.100.10 username netadmin password 7 [ENC_PASS_1] snmp-server community [SNMP_RO_1] RO snmp-server community [SNMP_RW_1] RW
The peer IP address stays. Interface names, routing configurations, and policy structure all stay. ChatGPT sees the same logical layout with none of the live credentials. And because tokens are consistent — if the same password appears five times, all five become [ADMIN_PASS_1] — the AI can still reason about reuse patterns without seeing the actual value.
What AI Assistants Can Help With Once You Share Safely
Once sanitized and pasted, AI troubleshooting works well for:
- Routing and BGP — checking peer configs, identifying missing route reflectors, spotting asymmetric paths
- IPsec/VPN — reviewing IKE phase 1/phase 2 settings, DPD timers, lifetime mismatches between endpoints
- Firewall policies — finding missing allow rules, NAT order issues, policy shadowing
- VLAN and switching — STP issues, native VLAN mismatches, trunk configuration errors
- ACL review — overlapping or conflicting access-list entries
ChatGPT reasons about structure and logic. What it doesn’t need — and what you should not provide — is working credentials.
This Works with Any AI Assistant
The same process applies whether you use Claude, Gemini, Copilot, or any other AI assistant. Sanitize with ScrubForge first, then paste anywhere. The credential exposure risk is identical regardless of which AI you use — the data goes to an external server either way.
A Note on ChatGPT’s Privacy Settings
ChatGPT offers options to disable chat history and opt out of training. These are worth enabling for work contexts. But they depend on your account settings being correct and respected server-side.
ScrubForge gives you a guarantee that does not depend on external settings: the credentials never left your machine in the first place.
Sanitize before you paste
ScrubForge is free to install. Paste your config, strip the credentials locally, then share with ChatGPT or any AI assistant safely — no account, no upload required.
Install ScrubForge — Free