Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.golf.dev/llms.txt

Use this file to discover all available pages before exploring further.

Configure PII scrubbing to automatically redact sensitive information from MCP responses before they’re logged or returned to clients.

Prerequisites

Understanding the 3-layer policy hierarchy

PII scrubbing follows the same 3-layer hierarchy as other Golf Gateway policies:
LayerWhere ConfiguredScope
OrganizationControl Plane > Settings > PoliciesAll gateways & servers
GatewayControl Plane > Gateway > PoliciesAll servers on this gateway
ServerControl Plane > Server > PoliciesSingle MCP server
Policy Merge Rules:
  • Sensitive fields: Combined from ALL layers (union)
  • Whitelist fields: Combined from ALL layers (union)
  • Custom rules: Combined from ALL layers (union)
  • Custom entities: Combined from ALL layers (union)
  • Enabled flag: True if ANY layer enables scrubbing
Set organization-wide defaults for common PII types, then add server-specific rules for domain-specific data.

Enable PII scrubbing

Organization defaults:
  1. Go to Settings > Policies
  2. Find the PII Protection section
  3. Enable PII Scrubbing
  4. Configure default sensitive field names
  5. Click Save
Gateway overrides:
  1. Go to Gateways > select a gateway > Policies
  2. Find the PII Protection section
  3. Add gateway-specific sensitive fields
  4. Click Save
Server-level configuration:
  1. Go to MCP Servers > select a server
  2. Open the Policies tab > PII
  3. Enable PII Protection
  4. Add custom sensitive field names
  5. Click Save

Built-in PII detection

Golf Gateway detects many entity types by default. Common examples include:
Entity TypeExample
CREDIT_CARD4111-1111-1111-1111
EMAIL_ADDRESSuser@example.com
PHONE_NUMBER(415) 555-1234
US_SSN123-45-6789
IP_ADDRESS192.168.1.1
US_BANK_NUMBER1234567890
URLhttps://example.com
IBAN_CODEDE89370400440532013000
Additional supported types include PERSON, LOCATION, ORGANIZATION (via GLiNER), US_DRIVER_LICENSE, US_PASSPORT, JWT_TOKEN, and more.

Add custom scrubbing rules

For patterns not covered by built-in detection, add custom rules:
  1. Go to the appropriate level (Settings, Gateway, or Server > Policies)
  2. Find the PII Protection section
  3. Click Add Custom Rule
  4. Enter the regex pattern and select the masking method
  5. Click Save
Masking methods:
MethodBehaviorExample
maskReplace with [REDACTED]sk-abc123[REDACTED]
hashReplace with SHA256 hash (first 16 chars)sk-abc123a1b2c3d4e5f6g7h8
removeRemove the value entirelysk-abc123 → “
replaceReplace with custom textsk-abc123[API_KEY]

Configure per-server scrubbing

Different servers can have different scrubbing settings:
Configure each server individually through MCP Servers > server > Policies > PII.

Verify scrubbing is active

  1. In Admin Portal, go to Logs
  2. Select a session and find a request containing PII
  3. In the security pipeline, look for the PII Scrubbed step
  4. Verify sensitive data shows entity-specific placeholders like [EMAIL], [SSN], or [MASKED]

Fields never scrubbed

These fields are preserved for audit purposes and are never scrubbed regardless of configuration:
  • connection_id, session_id, correlation_id
  • timestamp, event_type, method
  • user.email, user.sub (for compliance)
You can also configure additional fields to be excluded from scrubbing using whitelist_fields at the gateway or server level. This is useful for protecting operational data like file paths, tool names, or cursor tokens from accidental scrubbing.

Troubleshooting

  • PII not being detected: Verify scrubbing is enabled at all policy levels (org, gateway, server)
  • Custom pattern not matching: Test your regex pattern - Golf Gateway uses Python regex syntax
  • Too much data being scrubbed: Check if multiple layers are adding overlapping rules