How to Redact PII from Azure OpenAI API Calls
Stop sending names, emails, and secrets to Azure OpenAI. Learn how to redact PII from every Azure OpenAI API call using a proxy-level security layer — no code changes required.
The problem: PII leaking through Azure OpenAI API calls
Using Azure OpenAI doesn't mean your data stays private. Every chat.completions.create call sends your prompt to your Azure-hosted model endpoint. If that prompt contains user-submitted text — support tickets, employee records, financial data — it carries names, emails, phone numbers, and other PII to the Azure service.
const response = await client.chat.completions.create({
model: "gpt-4o",
messages: [
{
role: "user",
content: `Analyze this loan application:
Applicant: Maria Gonzalez
Email: maria.gonzalez@bankco.com
Phone: (305) 555-0234
SSN: 445-72-1198
Annual income: $87,000
Address: 2100 Brickell Ave, Miami, FL 33129
Account: 4916-3388-1122-7744
Notes: azure_storage_key=DefaultEndpointsProtocol=https;AccountKey=secret123`,
},
],
});
Even in Azure's enterprise environment, that request just sent a name, email, SSN, income data, address, credit card number, and a storage account key to the service. Compliance teams often assume "Azure = safe," but the data inside prompts is your responsibility.
Why Azure OpenAI doesn't solve the PII problem
Azure OpenAI runs on Microsoft's infrastructure and offers data residency, private endpoints, and no model training on your data. That's better than the public OpenAI API for many use cases. But:
- PII is still processed by the model — your deployment receives the full prompt including any sensitive data
- Logging and monitoring may capture PII in diagnostic traces
- Data residency doesn't equal data minimization — GDPR requires you to minimize the personal data you process, not just where you process it
- Azure audit logs and abuse monitoring can retain content unless you explicitly opt out
The principle of least privilege applies to AI too: send only what the model needs.
The solution: proxy-level redaction with Grepture
Grepture is an open-source security proxy that sits between your application and Azure OpenAI. Every request is scanned for PII, secrets, and sensitive patterns before it reaches your deployment. Sensitive data is masked with reversible tokens — and restored in the response so your application works normally.
Your code doesn't change. Your prompts stay useful. The model never sees real PII.
Setup in 3 minutes
1. Install the SDK
npm install @grepture/sdk
2. Get your API key
Sign up at grepture.com/en/pricing — the free plan includes 1,000 requests/month. Copy your API key from the dashboard.
3. Wrap your Azure OpenAI client
Azure OpenAI uses the same OpenAI SDK with a custom base URL and API key header:
import OpenAI from "openai";
import { Grepture } from "@grepture/sdk";
const grepture = new Grepture({
apiKey: process.env.GREPTURE_API_KEY!,
proxyUrl: "https://proxy.grepture.com",
});
const client = new OpenAI({
...grepture.clientOptions({
apiKey: process.env.AZURE_OPENAI_API_KEY!,
baseURL:
"https://your-resource.openai.azure.com/openai/deployments/gpt-4o",
}),
defaultQuery: { "api-version": "2024-10-21" },
defaultHeaders: { "api-key": process.env.AZURE_OPENAI_API_KEY! },
});
// Every request is now scanned and protected
const response = await client.chat.completions.create({
model: "gpt-4o",
messages: [{ role: "user", content: userInput }],
});
That's it. clientOptions() reroutes traffic through the Grepture proxy. Your Azure API key is forwarded securely via the X-Grepture-Auth-Forward header — Azure OpenAI authenticates your requests normally.
What gets detected
Grepture ships with 50+ detection patterns on the free tier and 80+ on Pro, covering:
| Category | Examples | Tier |
|---|---|---|
| Personal identifiers | Names, emails, phone numbers, SSNs, dates of birth | Free (regex), Pro (AI) |
| Financial data | Credit card numbers, IBANs, routing numbers | Free |
| Credentials | API keys, bearer tokens, passwords, connection strings | Free |
| Network identifiers | IP addresses, MAC addresses | Free |
| Freeform PII | Names, organizations, and addresses in unstructured text | Pro (local AI models) |
| Adversarial inputs | Prompt injection attempts | Business |
All detection runs on Grepture infrastructure — no data is forwarded to additional third parties.
Mask and restore: reversible redaction
Grepture doesn't just strip PII — it replaces sensitive values with tokens, sends the sanitized prompt to Azure OpenAI, and restores the original values in the response.
What Azure OpenAI sees:
Analyze this loan application:
Applicant: [PERSON_1]
Email: [EMAIL_1]
SSN: [SSN_1]
Annual income: [FINANCIAL_1]
Address: [ADDRESS_1]
...
What your app gets back:
The loan application from Maria Gonzalez
(maria.gonzalez@bankco.com) shows an annual income
of $87,000 with a Miami, FL address. The application
meets standard underwriting criteria.
The model processes clean data. Your application receives the full, personalized response. No PII ever reaches the Azure OpenAI deployment.
Streaming support
Grepture handles Azure OpenAI's Server-Sent Events natively. When you use stream: true, the proxy detokenizes chunks in real time — no buffering the entire response, no latency hit.
const stream = await client.chat.completions.create({
model: "gpt-4o",
messages: [{ role: "user", content: userInput }],
stream: true,
});
for await (const chunk of stream) {
// Tokens are restored in real time
process.stdout.write(chunk.choices[0]?.delta?.content || "");
}
Next steps
- View pricing — free for up to 1,000 requests/month
- Read the docs — SDK reference, configuration, and dashboard guide
- See how it works — architecture, detection rules, and zero-data mode