Create a Cloud DLP inspection template

This quickstart shows you how to create and use a Cloud Data Loss Prevention inspection template in the Google Cloud console. Cloud DLP inspection templates let you create and persist configuration information in Cloud DLP.

To complete this quickstart, you need to have data that you can scan in Cloud Storage, BigQuery, or Datastore.


For step-by-step guidance on this task directly in Cloud console, click Guide me:

Guide me


The following sections take you through the same steps as clicking Guide me.

Before you begin

  1. Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
  2. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Go to project selector

  3. Make sure that billing is enabled for your Cloud project. Learn how to check if billing is enabled on a project.

  4. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Go to project selector

  5. Make sure that billing is enabled for your Cloud project. Learn how to check if billing is enabled on a project.

  6. Enable the Cloud DLP API.

    Enable the API

Create a template

In the following sections, you configure and create an inspection template.

Define template

  1. In the Cloud console, go to the Data Loss Prevention page.

    Go to Data Loss Prevention

  2. Click the Configuration tab.

  3. In the Configuration > Templates section, click Create template.

    The Create template button.

  4. On the Create template page, define the following options:

    • For Template type, use the default setting Inspect (find sensitive data).

    • For Template ID, enter quickstart-template.

    • For Display name, enter Quickstart template.

    • For Description, leave the field empty.

    • For Resource location, use the default setting Global (any region).

  5. Click Continue.

Configure detection

You now configure the template to detect for an infoType such as credit card numbers.

  1. In the Configure detection section of the Create template page, do the following:

    • In the InfoTypes section, click Manage infoTypes, select the infoTypes that you want to scan for, and then click Done.

    • In the Confidence threshold section, select Possible from the Likelihood list.

      The default value Possible is sufficient for most purposes. If you routinely get matches that are too broad when you use this template, move the slider up. If you get too few matches, move the slider down.

  2. To create the template, click Create.

    The template's summary information page appears. To return to the main Cloud DLP page, click Up to Template list.

Use the template

The following steps describe how to configure the template for use in a scan:

  1. In the Cloud console, go to the Create job or job trigger page.

    Go to Create job or job trigger

  2. Follow the prompts to create an inspection job or job trigger (a recurring job). When you are prompted to configure the detection, select the template that you created.

Clean up

To avoid incurring charges to your Google Cloud account for the resources used on this page, follow these steps.

Delete the project

The easiest way to eliminate billing is to delete the project that you created for the tutorial.

To delete the project:

  1. In the Cloud console, go to the Manage resources page.

    Go to Manage resources

  2. In the project list, select the project that you want to delete, and then click Delete.
  3. In the dialog, type the project ID, and then click Shut down to delete the project.

Delete the template

There are no costs associated with creating and storing templates. However, if you want to delete a template, follow these steps:

  1. If necessary, select the project in which you created a template from the Cloud console toolbar.

  2. Go to the Data Loss Prevention page.

    Go to Data Loss Prevention

  3. Click the Configuration tab, and then click the Templates tab. The Cloud console displays a list of all templates for the current project.

  4. In the Actions column for the template you want to delete, click the trigger actions menu , click Delete, and then click Confirm.

    The Delete option in the trigger actions menu.

What's next