REST Resource: projects.locations.securitySettings

Resource: SecuritySettings

Represents the settings related to security issues, such as data redaction and data retention. It may take hours for updates on the settings to propagate to all the related components and take effect.

JSON representation
{
  "name": string,
  "displayName": string,
  "redactionStrategy": enum (RedactionStrategy),
  "redactionScope": enum (RedactionScope),
  "inspectTemplate": string,
  "deidentifyTemplate": string,
  "purgeDataTypes": [
    enum (PurgeDataType)
  ],
  "audioExportSettings": {
    object (AudioExportSettings)
  },
  "insightsExportSettings": {
    object (InsightsExportSettings)
  },

  // Union field data_retention can be only one of the following:
  "retentionWindowDays": integer,
  "retentionStrategy": enum (RetentionStrategy)
  // End of list of possible types for union field data_retention.
}
Fields
name

string

Resource name of the settings. Required for the SecuritySettingsService.UpdateSecuritySettings method. SecuritySettingsService.CreateSecuritySettings populates the name automatically. Format: projects/<Project ID>/locations/<Location ID>/securitySettings/<Security Settings ID>.

displayName

string

Required. The human-readable name of the security settings, unique within the location.

redactionStrategy

enum (RedactionStrategy)

Strategy that defines how we do redaction.

redactionScope

enum (RedactionScope)

Defines the data for which Dialogflow applies redaction. Dialogflow does not redact data that it does not have access to – for example, Cloud logging.

inspectTemplate

string

DLP inspect template name. Use this template to define inspect base settings.

The DLP Inspect Templates Reader role is needed on the Dialogflow service identity service account (has the form service-PROJECT_NUMBER@gcp-sa-dialogflow.iam.gserviceaccount.com) for your agent's project.

If empty, we use the default DLP inspect config.

The template name will have one of the following formats: projects/<Project ID>/locations/<Location ID>/inspectTemplates/<Template ID> OR organizations/<Organization ID>/locations/<Location ID>/inspectTemplates/<Template ID>

Note: inspectTemplate must be located in the same region as the SecuritySettings.

deidentifyTemplate

string

DLP deidentify template name. Use this template to define de-identification configuration for the content.

The DLP De-identify Templates Reader role is needed on the Dialogflow service identity service account (has the form service-PROJECT_NUMBER@gcp-sa-dialogflow.iam.gserviceaccount.com) for your agent's project.

If empty, Dialogflow replaces sensitive info with [redacted] text.

The template name will have one of the following formats: projects/<Project ID>/locations/<Location ID>/deidentifyTemplates/<Template ID> OR organizations/<Organization ID>/locations/<Location ID>/deidentifyTemplates/<Template ID>

Note: deidentifyTemplate must be located in the same region as the SecuritySettings.

purgeDataTypes[]

enum (PurgeDataType)

List of types of data to remove when retention settings triggers purge.

audioExportSettings

object (AudioExportSettings)

Controls audio export settings for post-conversation analytics when ingesting audio to conversations via [Participants.AnalyzeContent][] or [Participants.StreamingAnalyzeContent][].

If retentionStrategy is set to REMOVE_AFTER_CONVERSATION or [audioExportSettings.gcs_bucket][] is empty, audio export is disabled.

If audio export is enabled, audio is recorded and saved to [audioExportSettings.gcs_bucket][], subject to retention policy of [audioExportSettings.gcs_bucket][].

This setting won't effect audio input for implicit sessions via Sessions.DetectIntent or Sessions.StreamingDetectIntent.

insightsExportSettings

object (InsightsExportSettings)

Controls conversation exporting settings to Insights after conversation is completed.

If retentionStrategy is set to REMOVE_AFTER_CONVERSATION, Insights export is disabled no matter what you configure here.

Union field data_retention. Specifies how data is retained. Note that even if the data is purged due to retention policy, we may still hold it in backup storage for a few days without allowing direct readings. data_retention can be only one of the following:
retentionWindowDays

integer

Retains the data for the specified number of days. User must set a value lower than Dialogflow's default 365d TTL (30 days for Agent Assist traffic), higher value will be ignored and use default. Setting a value higher than that has no effect. A missing value or setting to 0 also means we use default TTL. When data retention configuration is changed, it only applies to the data created after the change; the TTL of existing data created before the change stays intact.

retentionStrategy

enum (RetentionStrategy)

Specifies the retention behavior defined by SecuritySettings.RetentionStrategy.

RedactionStrategy

Defines how we redact data.

Enums
REDACTION_STRATEGY_UNSPECIFIED Do not redact.
REDACT_WITH_SERVICE Call redaction service to clean up the data to be persisted.

RedactionScope

Defines what types of data to redact.

Enums
REDACTION_SCOPE_UNSPECIFIED Don't redact any kind of data.
REDACT_DISK_STORAGE On data to be written to disk or similar devices that are capable of holding data even if power is disconnected. This includes data that are temporarily saved on disk.

RetentionStrategy

Defines how long we retain persisted data that contains sensitive info.

Enums
RETENTION_STRATEGY_UNSPECIFIED Retains the persisted data with Dialogflow's internal default 365d TTLs.
REMOVE_AFTER_CONVERSATION Removes data when the conversation ends. If there is no [Conversation][] explicitly established, a default conversation ends when the corresponding Dialogflow session ends.

PurgeDataType

Type of data we purge after retention settings triggers purge.

Enums
PURGE_DATA_TYPE_UNSPECIFIED Unspecified. Do not use.
DIALOGFLOW_HISTORY Dialogflow history. This does not include Cloud logging, which is owned by the user - not Dialogflow.

AudioExportSettings

Settings for exporting audio.

JSON representation
{
  "gcsBucket": string,
  "audioExportPattern": string,
  "enableAudioRedaction": boolean,
  "audioFormat": enum (AudioFormat)
}
Fields
gcsBucket

string

Cloud Storage bucket to export audio record to. Setting this field would grant the Storage Object Creator role to the Dialogflow Service Agent. API caller that tries to modify this field should have the permission of storage.buckets.setIamPolicy.

audioExportPattern

string

Filename pattern for exported audio.

enableAudioRedaction

boolean

Enable audio redaction if it is true. Note that this only redacts end-user audio data; Synthesised audio from the virtual agent is not redacted.

audioFormat

enum (AudioFormat)

File format for exported audio file. Currently only in telephony recordings.

AudioFormat

File format for exported audio file. Currently only in telephony recordings.

Enums
AUDIO_FORMAT_UNSPECIFIED Unspecified. Do not use.
MULAW G.711 mu-law PCM with 8kHz sample rate.
MP3 MP3 file format.
OGG OGG Vorbis.

InsightsExportSettings

Settings for exporting conversations to Insights.

JSON representation
{
  "enableInsightsExport": boolean
}
Fields
enableInsightsExport

boolean

If enabled, we will automatically exports conversations to Insights and Insights runs its analyzers.

Methods

create

Create security settings in the specified location.

delete

Deletes the specified SecuritySettings.

get

Retrieves the specified SecuritySettings.

list

Returns the list of all security settings in the specified location.

patch

Updates the specified SecuritySettings.