> ## Documentation Index
> Fetch the complete documentation index at: https://docs.onefirewall.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Security Features

> How the Secure AI Gateway protects your data.

The Secure AI Gateway acts as a protective layer between your users and public AI services. It automatically applies several security measures to every request and response.

## 🛡️ Secret Detection

The gateway scans all outgoing messages for sensitive credentials. If a secret is detected, the request is blocked before it ever reaches the AI provider.

**Detected Secrets include:**

* API Keys (OpenAI, AWS, GitHub, etc.)
* Private Keys (RSA, SSH, etc.)
* Database connection strings
* Bearer Tokens

## 🔒 PII Detection & Masking

Personal Identifiable Information (PII) is automatically detected. Depending on your configuration via the `pii` parameter, you can choose:

* **`disabled`**: No security scanning. Recommended for internal testing.
* **`obfuscate`**: Redacts sensitive data (e.g., `[REDACTED_EMAIL]`) but lets the conversation continue.
* **`block`**: Completely rejects the request if sensitive data is found.

**Supported PII types:**

* Email addresses
* Phone numbers
* Credit card numbers
* IP addresses
* Social Security Numbers (SSN)

## 🧱 AI Firewall Rules

The gateway enforces organizational policies through a set of firewall rules. These rules can:

* Prevent the model from discussing certain topics.
* Enforce specific personas or safety guidelines.
* Restrict usage based on time or volume.

## 🕵️ Audit Logs

All requests made through the API are logged for auditing purposes. Logs include:

* User ID / API Key ID
* Model used
* Timestamp
* Security check results (e.g., "Blocked by Secret Detection")