Redact PII from traces

wandb guide intermediate ide
no
Summary: Automatically redact Personally Identifiable Information from traces

Original Documentation

Documentation Index#

Fetch the complete documentation index at: https://docs.wandb.ai/llms.txt Use this file to discover all available pages before exploring further.

Automatically redact Personally Identifiable Information from traces

This feature is only accessible via the Python SDK.

Some organizations process Personally Identifiable Information (PII) such as names, phone numbers, and email addresses in their Large Language Model (LLM) workflows. Storing this data in Weights & Biases (W&B) Weave poses compliance and security risks.

The Sensitive Data Protection feature allows you to automatically redact Personally Identifiable Information (PII) from a trace before it is sent to Weave servers. This feature integrates Microsoft Presidio into the Weave Python SDK, which means that you can control redaction settings at the SDK level.

The Sensitive Data Protection feature introduces the following functionality to the Python SDK:

  • A redact_pii setting, which can be toggled on or off in the weave.init call to enable PII redaction.
  • Automatic redaction of common entities when redact_pii = True.
  • Customizable redaction fields using the configurable redact_pii_fields setting.

Enable PII redaction#

To get started with the Sensitive Data Protection feature in Weave, complete the following steps:

  1. Install the required dependencies:

    pip install presidio-analyzer presidio-anonymizer

  2. Modify your weave.init call to enable redaction. When redact_pii=True, common entities are redacted by default:

    import weave

weave.init("my-project", settings={"redact_pii": True})

  3. (Optional) Customize redaction fields using the redact_pii_fields parameter:

    weave.init("my-project", settings={"redact_pii": True, "redact_pii_fields":["CREDIT_CARD", "US_SSN"]})

    For a full list of the entities that can be detected and redacted, see PII entities supported by Presidio.

Entities redacted by default#

The following entities are automatically redacted when PII redaction is enabled:

  • CREDIT_CARD
  • CRYPTO
  • EMAIL_ADDRESS
  • ES_NIF
  • FI_PERSONAL_IDENTITY_CODE
  • IBAN_CODE
  • IN_AADHAAR
  • IN_PAN
  • IP_ADDRESS
  • LOCATION
  • PERSON
  • PHONE_NUMBER
  • UK_NHS
  • UK_NINO
  • US_BANK_NUMBER
  • US_DRIVER_LICENSE
  • US_PASSPORT
  • US_SSN

Redacting sensitive keys with REDACT_KEYS#

In addition to PII redaction, the Weave SDK also supports redaction of custom keys using REDACT_KEYS. This is useful when you want to protect additional sensitive data that might not fall under the PII category but needs to be kept private. Examples include:

  • API keys
  • Authentication headers
  • Tokens
  • Internal IDs
  • Config values

Pre-defined REDACT_KEYS#

Weave automatically redacts the following sensitive keys by default:

[
  "api_key",
  "auth_headers",
  "authorization"
]

Adding your own keys#

You can extend this list with your own custom keys that you want to redact from traces:

import weave
from weave.utils import sanitize

client = weave.init("my-project", settings={"redact_pii": True})

# Add custom keys to redact
sanitize.add_redact_key("client_id")
sanitize.add_redact_key("token")

client_id = "123"
token = "789"

@weave.op
def test(client_id, token):
    return client_id + token

test(client_id, token)

When viewed in the Weave UI, the values of client_id and token appear as "REDACTED":

client_id = "REDACTED"
token = "REDACTED"

Usage information#

  • This feature is only available in the Python SDK.
  • Enabling redaction increases processing time due to the Presidio dependency.
Link last verified June 7, 2026. View original ↗
Source: Weights & Biases Docs
Link last verified: 2026-03-04