Data protection
PII masking for LLM database access
Redact, null, or hash sensitive columns before results leave the wire. The LLM gets masked data it can still join and group on; your application reads the real values. Nothing sensitive ever reaches the model.
An LLM that reads customer data puts that data in its context, in logs, and potentially in a provider's systems. PgBeam masks sensitive columns in the result before they leave the wire, so the model receives a protected value instead of the raw one, and you do not have to build masking into every query.
Mask by column, in flight
Name the columns to protect by schema.table.column and choose redact, null, or hash. PgBeam rewrites those values in the result as it streams back, so the agent never sees the raw data.
Hashing is deterministic, so a masked column can still be joined and grouped on. The agent can compute over the data without ever reading it.
Your app is untouched
Masking applies to the agent credential, not the database. Your application keeps reading the real values through its own connection.
Because it runs in the proxy, masking works with any Postgres and any driver, and every masked result is recorded in the audit trail.
Redact, null, or hash
Pick the masking mode per column to match how the agent needs to use the field.
Joinable masks
Deterministic hashing keeps masked columns usable in joins and group-bys.
Per-credential
Mask for the agent while your application keeps reading the real values.
Audited
Every masked statement is recorded, so you can prove what the agent could and could not see.
Questions
Give your agent safe Postgres access
Start with a 14-day free trial. No credit card required.
Technical preview. For internal testing only.
Get Started