PolicyLayer is the policy gateway inline on your MCP traffic. How we handle your credentials, your logs, and your access isn't a footnote; it's the whole job. Here is exactly how it works.
Every upstream credential, including OAuth access tokens, refresh tokens, client secrets, and static API-key headers, is sealed with AES-256-GCM authenticated encryption before it ever touches the database. Each record carries its own key-version prefix, so keys rotate with no downtime and no re-encryption window.
Clients authenticate with a scoped grant token. The proxy resolves it by hash, so the token is never stored in the clear, and only if policy allows the call does it inject the real upstream credential. Your keys never enter the agent, and the grant token is never forwarded upstream.
Proxy logs capture the tool, the policy version, and the exact rule that fired, but only the top-level argument keys, never their values, under a versioned redaction scheme. The audit answers what happened without becoming a copy of your data.
Before a request reaches an upstream MCP server, the proxy strips the inbound Authorization header (consumed as your grant token, never relayed) and the Cookie header, so control-plane browser state can never leak upstream.
Three roles on a strict ladder (viewer, policy_manager, admin) gate who can read logs, change policy, and reveal a credential. Every state-changing action is written to an admin-only audit log.
The policy engine is deterministic and fails closed: a tool your policy does not list is denied, and every decision is attributable to the rule that produced it. Rate-limit quota is reserved before the call and rolled back if the upstream fails, so your limits never drift.
If you believe you have found a security vulnerability in PolicyLayer, email security@policylayer.com. We review every report, act on valid issues quickly, and will keep you updated. Please give us a reasonable window to remediate before any public disclosure.
Route your MCP servers through PolicyLayer and every tool call is checked against your policy before it runs. Credentials encrypted at rest, agents scoped to a grant, every decision audited.
Free to start. No card required.