Microsoft Presidio Rasp: Real-Time, In-Process Sensitive Data Protection for Python

The terminal waits, cursor blinking, code ready to run. Microsoft Presidio Rasp is here to push data protection into the runtime itself, tracking sensitive information as it moves through your application and stopping leaks before they happen. It is open-source, built for Python, and designed for real-time, in-process detection.

Presidio has long been known as Microsoft’s powerful PII and sensitive data detection engine. With Rasp—short for Runtime Application Self Protection—it leaves the static realm and works inside your live application. The library instruments your code to identify patterns like credit card numbers, social security numbers, phone numbers, names, and custom entities you define. This happens as the application executes, not in a separate scanning pass. That means sensitive strings can be masked, blocked, or handled securely before they leave your system.

Microsoft Presidio Rasp uses the same recognizers and NLP capabilities as core Presidio, but hooks into your runtime variables and function calls. You can watch fields, track transformations, and apply masking policies in microseconds. It integrates directly with Python functions and variables without external services, lowering latency and avoiding the complexity of separate API calls.

Installation is fast: pip install presidio-rasp. Configure with decorators to wrap sensitive functions, or scan variables at key execution points. Policies can specify detection types, masking formats, and alert logging. Advanced setup allows chaining recognizers, adding domain-specific regex patterns, or routing incidents to SIEM tools.

For security teams, this closes a gap between static analysis and network-layer DLP. Presidio Rasp operates at the point of risk: the runtime memory handling your data. It gives direct, programmatic control over what leaves your process, even in transient states.

Test it against real traffic. See how it handles edge cases, multilingual inputs, and adversarial strings. The project’s GitHub repo includes examples, integration guides, and extensibility instructions for building your own recognizers.

To see how Microsoft Presidio Rasp can run in a live environment without complex setup, try it now at hoop.dev and watch it work in minutes.