What is Argument Redaction?
Completely removing sensitive argument values from logs and audit trails. Stronger than masking — the value is never persisted in any form. Redaction ensures that even if logs are compromised, the sensitive data cannot be recovered.
WHY IT MATTERS
Some data is too sensitive for even partial logging. Medical records, encryption keys, full credentials, biometric data — these should never appear in an audit log, not even in masked form. Argument redaction removes the value entirely, replacing it with a placeholder like [REDACTED].
Redaction is the strongest privacy guarantee a proxy can offer. Where masking preserves partial information (which could potentially be reconstructed), redaction ensures zero data leakage. The log records that the argument was present and that its value was redacted, but the value itself is gone.
The trade-off is reduced debuggability. When something goes wrong with a redacted tool call, investigators cannot see what value was passed. This makes redaction appropriate for highly sensitive fields where the privacy risk outweighs the operational convenience of visible values. For moderately sensitive data, masking is usually the better choice.
HOW POLICYLAYER USES THIS
Intercept supports full argument redaction in YAML policies. Arguments tagged with redact: true have their values replaced with [REDACTED] in all audit log entries. The original value is forwarded to the MCP server for the tool call to function, but it is never written to disc or transmitted to any logging backend. Redaction is applied before any log serialisation occurs.