# Handling Secrets

### Dynamic Secret Substitution

<figure><img src="https://2684022488-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FOFDKnFMEMmJjoclGx9Hr%2Fuploads%2FJ2Qc8e4CvTCvBxUMOewH%2Fimage.png?alt=media&#x26;token=07d33b67-2d1f-4487-8060-688ac11794b8" alt=""><figcaption></figcaption></figure>

Stakpak can read, compare, and write secret values without seeing them. Secrets are substituted at runtime and never exposed in logs or memory.

{% hint style="info" %}
To disable secret redaction, open your terminal and write `stakpak --disable-secret-redaction`
{% endhint %}

### Secure Password Generation

<figure><img src="https://2684022488-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FOFDKnFMEMmJjoclGx9Hr%2Fuploads%2FqCAihN1xkDbM5njzazWF%2Fimage.png?alt=media&#x26;token=32458c6c-024a-4092-9943-abbcf8336b56" alt=""><figcaption></figcaption></figure>

Generate cryptographically secure passwords with configurable complexity

### Privacy Mode

<figure><img src="https://2684022488-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FOFDKnFMEMmJjoclGx9Hr%2Fuploads%2FA4mpB34Jbb05kWQ7dlIs%2Fimage.png?alt=media&#x26;token=bf1e4201-8d0a-47e9-93db-ef7d503b49f9" alt=""><figcaption></figcaption></figure>

Redacts sensitive data like IP addresses and AWS account IDs

{% hint style="info" %}
To disable privacy mode, open your terminal and write `stakpak --privacy-mode`
{% endhint %}