Giant Robots Smashing Into Other Giant RobotsWritten by thoughtbot, your expert partner for design and development.
https://robots.thoughtbot.com/2026-04-17T00:00:00+00:00thoughtbotPII filtering for RubyLLM with Top SecretSteve Politohttps://thoughtbot.com/blog/ruby-llm-top-secret2026-04-17T00:00:00+00:002026-04-16T18:23:15Z<p>If you’re building LLM-powered features in a regulated industry, sending
unfiltered PII to a third-party provider isn’t just risky, it may violate
compliance requirements like HIPAA or GDPR.</p>
<p>That’s why we originally built <a href="https://thoughtbot.com/blog/top-secret">Top Secret</a>. However, when we first
released it, <a href="https://rubyllm.com">RubyLLM</a> was still in its early days, and I found I was
working with provider APIs directly, such as <a href="https://github.com/alexrudall/ruby-openai">Ruby OpenAI</a> or
<a href="https://github.com/openai/openai-ruby">OpenAI Ruby</a>. This meant I needed to manually orchestrate the
filtering and restoration process, which looked something like this:</p>
<div class="highlight"><pre class="highlight ruby"><code><span class="nb">require</span> <span class="s2">"openai"</span>
<span class="nb">require</span> <span class="s2">"top_secret"</span>
<span class="n">openai</span> <span class="o">=</span> <span class="no">OpenAI</span><span class="o">::</span><span class="no">Client</span><span class="p">.</span><span class="nf">new</span>
<span class="n">original_messages</span> <span class="o">=</span> <span class="p">[</span>
<span class="s2">"Ralph lives in Boston."</span><span class="p">,</span>
<span class="s2">"You can reach them at ralph@thoughtbot.com or 877-976-2687"</span>
<span class="p">]</span>
<span class="c1"># Filter all messages</span>
<span class="n">result</span> <span class="o">=</span> <span class="no">TopSecret</span><span class="o">::</span><span class="no">Text</span><span class="p">.</span><span class="nf">filter_all</span><span class="p">(</span><span class="n">original_messages</span><span class="p">)</span>
<span class="n">user_messages</span> <span class="o">=</span> <span class="n">result</span><span class="p">.</span><span class="nf">items</span><span class="p">.</span><span class="nf">map</span> <span class="p">{</span> <span class="p">{</span><span class="ss">role: </span><span class="s2">"user"</span><span class="p">,</span> <span class="ss">content: </span><span class="n">it</span><span class="p">.</span><span class="nf">output</span><span class="p">}</span> <span class="p">}</span>
<span class="n">messages</span> <span class="o">=</span> <span class="p">[</span><span class="o">*</span><span class="n">user_messages</span><span class="p">]</span>
<span class="n">chat_completion</span> <span class="o">=</span> <span class="n">openai</span><span class="p">.</span><span class="nf">chat</span><span class="p">.</span><span class="nf">completions</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span><span class="n">messages</span><span class="p">:,</span> <span class="ss">model: :"gpt-5"</span><span class="p">)</span>
<span class="n">response</span> <span class="o">=</span> <span class="n">chat_completion</span><span class="p">.</span><span class="nf">choices</span><span class="p">.</span><span class="nf">last</span><span class="p">.</span><span class="nf">message</span><span class="p">.</span><span class="nf">content</span>
<span class="c1"># Restore the response from the mapping</span>
<span class="n">mapping</span> <span class="o">=</span> <span class="n">result</span><span class="p">.</span><span class="nf">mapping</span>
<span class="n">restored_response</span> <span class="o">=</span> <span class="no">TopSecret</span><span class="o">::</span><span class="no">FilteredText</span><span class="p">.</span><span class="nf">restore</span><span class="p">(</span><span class="n">response</span><span class="p">,</span> <span class="n">mapping</span><span class="p">:).</span><span class="nf">output</span>
</code></pre></div>
<p>Even with RubyLLM, there was no way to filter and restore conversation
history, since <code>Chat#ask</code> handles the message life cycle internally.</p>
<h2 id="enter-rubyllmtopsecret">
Enter RubyLLM::TopSecret
</h2>
<p>The introduction of <a href="https://github.com/thoughtbot/ruby_llm-top_secret">RubyLLM::TopSecret</a> aims to make
filtering sensitive information from RubyLLM chats as simple as possible. All
you need to do is wrap your existing in-memory chats with
<code>RubyLLM::TopSecret.with_filtering</code>:</p>
<div class="highlight"><pre class="highlight ruby"><code><span class="no">RubyLLM</span><span class="o">::</span><span class="no">TopSecret</span><span class="p">.</span><span class="nf">with_filtering</span> <span class="k">do</span>
<span class="n">chat</span> <span class="o">=</span> <span class="no">RubyLLM</span><span class="p">.</span><span class="nf">chat</span>
<span class="n">response</span> <span class="o">=</span> <span class="n">chat</span><span class="p">.</span><span class="nf">ask</span><span class="p">(</span><span class="s2">"My name is Ralph and my email is ralph@thoughtbot.com"</span><span class="p">)</span>
<span class="c1"># The provider receives: "My name is [PERSON_1] and my email is [EMAIL_1]"</span>
<span class="c1"># The response comes back with placeholders restored:</span>
<span class="nb">puts</span> <span class="n">response</span><span class="p">.</span><span class="nf">content</span>
<span class="c1"># => "Nice to meet you, Ralph!"</span>
<span class="k">end</span>
</code></pre></div>
<p>Working with <a href="https://rubyllm.com/rails/">ActiveRecord-backed chats</a> is even easier. All
you need to do is add the <code>acts_as_filtered_chat</code> class macro, and the gem will
take care of the rest.</p>
<div class="highlight"><pre class="highlight ruby"><code><span class="k">class</span> <span class="nc">Chat</span> <span class="o"><</span> <span class="no">ApplicationRecord</span>
<span class="n">acts_as_chat</span>
<span class="n">acts_as_filtered_chat</span>
<span class="k">end</span>
</code></pre></div>
<p>If you want more granular control, you can simply pass an <code>if:</code>
condition. For example, you might only need to filter customer-facing
chats that process health data, but not internal admin conversations. A
simple way to model this would be to add a <code>filtered</code> boolean column to
the <code>chats</code> table:</p>
<div class="highlight"><pre class="highlight ruby"><code><span class="k">class</span> <span class="nc">Chat</span> <span class="o"><</span> <span class="no">ApplicationRecord</span>
<span class="n">acts_as_chat</span>
<span class="n">acts_as_filtered_chat</span> <span class="ss">if: :filtered?</span>
<span class="k">end</span>
</code></pre></div>
<p>In either case, the goal is to create an opt-in approach that just works. If you want to see it in action, check out this <a href="https://youtu.be/gYz78UYYoLU">live demo</a>.</p>
<p>If you’re interested in exploring the gem yourself, follow the
<a href="https://github.com/thoughtbot/ruby_llm-top_secret?tab=readme-ov-file#installation">installation</a> guide and refer to the <a href="https://github.com/thoughtbot/ruby_llm-top_secret?tab=readme-ov-file#usage">usage</a> section for
a more detailed overview.</p>
<aside class="related-articles"><h2>If you enjoyed this post, you might also like:</h2>
<ul>
<li><a href="https://thoughtbot.com/blog/anonymizing-user-company-and-location-data-using">Anonymizing User, Company, and Location Data Using Faker</a></li>
<li><a href="https://thoughtbot.com/blog/switching-from-env-files-to-rails-credentials">Switching from ENV files to Rails Credentials</a></li>
<li><a href="https://thoughtbot.com/blog/how-to-use-chatgpt-to-find-custom-software-consultants">How to Use ChatGPT to Find Custom Software Consultants</a></li>
</ul></aside>
Automatically filter sensitive information from your RubyLLM conversations before it reaches third-party providers.true