创建 Sensitive Data Protection 去标识化模板

您可以使用模板创建和保留配置信息以用于 Sensitive Data Protection。模板可用于将配置(如检查的内容和对内容进行去标识化的方式)与请求的实现分离。模板提供了一种可靠的方法,让您能够重复使用配置并在用户和数据集之间实现一致性。

Sensitive Data Protection 支持两种类型的模板:

  • 去标识化模板:用于保存去标识化作业配置信息的模板,包括 infoType 和记录(结构化数据集)转换
  • 检查模板:用于保留检查扫描作业配置信息的模板,包括要使用的预定义或自定义检测器。如需详细了解检查模板,请参阅创建敏感数据保护检查模板

如需了解 Sensitive Data Protection 中模板的相关概念,请参阅模板

本主题的其余部分将向您介绍如何创建用于 Sensitive Data Protection 的去标识化模板。



在 Google Cloud 控制台中,前往创建模板页面。





  1. 模板类型部分,选择去标识化(移除敏感数据)
  2. 对于数据转换类型,选择要应用的转换类型:

    • InfoType 匹配的内容。Sensitive Data Protection 仅将每个转换应用于被识别为特定 infoType 的值。此转换类型适用于非结构化文本。

    • 记录。Sensitive Data Protection 在应用转换时会考虑数据的结构化格式。此转换类型适用于表格数据。

    • 图片。敏感数据保护功能可隐去图片中所有检测到的文本,或仅隐去与特定 infoType 匹配的文本。

  3. 对于模板 ID,请输入模板的唯一标识符。

  4. Display name 部分,输入模板的名称。

  5. 对于说明,请说明模板。

  6. 对于资源位置,选择 Global 或要去标识化的数据所在的位置。

  7. 点击继续




如果您选择了 InfoType 作为数据转换类型,请执行以下操作:

  1. 转换字段中,选择要应用于发现结果的转换方法。


  2. 要转换的 InfoType 部分,指定您是否要将转换应用于在检查配置中定义的所有检测到的 infoType。

    如果您选择指定 InfoType,请选择要将转换方法应用到的 InfoType。

  3. 如果您想为转换规则未涵盖的 infoType 添加转换规则,请点击添加转换规则。然后,根据需要填写相应字段。重复执行此步骤,直到为要转换的所有 infoType 配置转换规则。

  4. 点击创建



  1. 要转换的字段或列中,输入包含要转换的数据的表列的名称。然后按 ENTER。 对包含要转换的数据的每列重复此步骤。
  2. 指定转换类型:

    • 按 infoType 匹配。Sensitive Data Protection 会将每个单元格视为非结构化文本,并且仅将转换应用于它在单元格中找到的 infoType。Sensitive Data Protection 不会转换 infoType 周围的任何数据。


      1. 点击添加转换。在转换字段中,选择要应用于发现结果的转换方法
      2. 指定是否要将转换应用于检查配置中定义的所有检测到的 infoType。

        如果您选择指定 InfoType,请选择要将转换规则应用到的 InfoType。

      如果您想向特定 infoType 分配特定转换规则,可以根据需要添加更多转换。

    • 基元字段转换。Sensitive Data Protection 始终会根据您选择的转换方法转换整个单元格。如果您想转换整列数据(无论这些列中的单元格是否检测到 infoType),此选项非常有用。

      如果您选择此选项,请在 Transformation(转换)字段中选择要应用于您指定的列的转换方法。


  3. 点击创建



  1. 可选:如需更改用于遮盖隐去内容的方框的颜色,请点击隐去内容颜色字段中的黑色方框,然后选择其他颜色。

  2. 要转换的 infoType 部分,指定要隐去的内容:所有检测到的文本、检查配置中定义的所有 infoType,还是仅特定 infoType。

    如果您选择指定 infoType,请选择要将转换规则应用到的 infoType。

  3. 如果您想为转换规则未涵盖的 infoType 添加转换规则,请点击添加转换规则。然后,根据需要填写相应字段。重复执行此步骤,直到为要转换的所有 infoType 配置转换规则。

  4. 点击创建


值得注意的是,去标识化模板只是一种可重复使用的去标识化配置,外加一些元数据。在 API 术语中,DeidentifyTemplate 对象其实相当于包含更多元数据字段(如显示名和说明)的 DeidentifyConfig 对象。因此,要创建新的去标识化模板,基本步骤如下:

  1. DeidentifyConfig 对象开始。
  2. 调用或通过 POST 发布 projects.deidentifyTemplates 资源的 create 方法,在请求中包含一个带显示名、说明和该 DeidentifyConfig 对象的 DeidentifyTemplate 对象。

返回的 DeidentifyTemplate 立即可供使用。您可以通过其 name 在其他调用或作业中引用它。您可以通过调用 *.deidentifyTemplates.list 方法列出现有模板。如需查看特定模板,请调用 *.deidentifyTemplates.get 方法。请注意,可创建的模板数量上限为 1000。

如果您曾使用 Sensitive Data Protection 对文本、图片或结构化内容中的敏感数据进行去标识化,则表示您已创建 DeidentifyConfig 对象。再执行一步,即可将其转换为 DeidentifyTemplate 对象。


下面的 JSON 示例展示了您可以向 projects.deidentifyTemplates.create 方法发送哪些内容。此 JSON 会创建一个具有给定显示名和说明的新模板,并依据 infoType EMAIL_ADDRESSGENERIC_ID 扫描匹配项。如果找到与这些 infoType 匹配的内容,该 JSON 将使用星号 (*) 字符遮盖前三个字符。

HTTP 方法和网址

POST https://dlp.googleapis.com/v2/projects/PROJECT_ID/deidentifyTemplates



    "displayName":"Email and id masker",
    "description":"De-identifies emails and ids with a series of asterisks.",



      "displayName":"Email and id masker",
      "description":"De-identifies emails and ids with a series of asterisks.",


如需快速尝试此操作,您可以使用下面嵌入的 APIs Explorer。 如需了解有关如何使用 JSON 将请求发送到 DLP API 的常规信息,请参阅 JSON 快速入门


创建新模板后,您可以在任何可接受 deidentifyTemplateName 的位置使用其 name 标识符,例如:

  • projects.content.deidentify:使用模板作为其配置,对内容中的潜在敏感数据进行去标识化。请注意,此方法可以使用检查模板或去标识化模板。


如需列出已创建的所有去标识化模板,请使用任一 *.*.list 方法:



using Google.Api.Gax.ResourceNames;
using Google.Cloud.Dlp.V2;
using System;
using Google.Api.Gax;

public class InspectTemplateList
    public static PagedEnumerable<ListInspectTemplatesResponse, InspectTemplate> List(string projectId)
        var client = DlpServiceClient.Create();

        var response = client.ListInspectTemplates(
            new ListInspectTemplatesRequest
                Parent = new LocationName(projectId, "global").ToString(),

        // Uncomment to list templates

        return response;

    public static void PrintTemplates(PagedEnumerable<ListInspectTemplatesResponse, InspectTemplate> response)
        foreach (var template in response)
            Console.WriteLine($"Template {template.Name}:");
            Console.WriteLine($"\tDisplay Name: {template.DisplayName}");
            Console.WriteLine($"\tDescription: {template.Description}");
            Console.WriteLine($"\tCreated: {template.CreateTime}");
            Console.WriteLine($"\tUpdated: {template.UpdateTime}");
            Console.WriteLine($"\tMin Likelihood: {template.InspectConfig?.MinLikelihood}");
            Console.WriteLine($"\tInclude quotes: {template.InspectConfig?.IncludeQuote}");
            Console.WriteLine($"\tMax findings per request: {template.InspectConfig?.Limits.MaxFindingsPerRequest}");


import (

	dlp "cloud.google.com/go/dlp/apiv2"

// listInspectTemplates lists the inspect templates in the project.
func listInspectTemplates(w io.Writer, projectID string) error {
	// projectID := "my-project-id"

	ctx := context.Background()

	client, err := dlp.NewClient(ctx)
	if err != nil {
		return fmt.Errorf("dlp.NewClient: %w", err)
	defer client.Close()

	// Create a configured request.
	req := &dlppb.ListInspectTemplatesRequest{
		Parent: fmt.Sprintf("projects/%s/locations/global", projectID),

	// Send the request and iterate over the results.
	it := client.ListInspectTemplates(ctx, req)
	for {
		t, err := it.Next()
		if err == iterator.Done {
		if err != nil {
			return fmt.Errorf("Next: %w", err)
		fmt.Fprintf(w, "Inspect template %v\n", t.GetName())
		c, err := ptypes.Timestamp(t.GetCreateTime())
		if err != nil {
			return fmt.Errorf("CreateTime Timestamp: %w", err)
		fmt.Fprintf(w, "  Created: %v\n", c.Format(time.RFC1123))
		u, err := ptypes.Timestamp(t.GetUpdateTime())
		if err != nil {
			return fmt.Errorf("UpdateTime Timestamp: %w", err)
		fmt.Fprintf(w, "  Updated: %v\n", u.Format(time.RFC1123))
		fmt.Fprintf(w, "  Display Name: %q\n", t.GetDisplayName())
		fmt.Fprintf(w, "  Description: %q\n", t.GetDescription())

	return nil


import com.google.cloud.dlp.v2.DlpServiceClient;
import com.google.cloud.dlp.v2.DlpServiceClient.ListInspectTemplatesPagedResponse;
import com.google.privacy.dlp.v2.InfoType;
import com.google.privacy.dlp.v2.InspectConfig;
import com.google.privacy.dlp.v2.InspectTemplate;
import com.google.privacy.dlp.v2.ListInspectTemplatesRequest;
import com.google.privacy.dlp.v2.LocationName;
import java.io.IOException;

class TemplatesList {

  public static void main(String[] args) throws Exception {
    // TODO(developer): Replace these variables before running the sample.
    String projectId = "your-project-id";

  // Lists all templates associated with a given project
  public static void listInspectTemplates(String projectId) throws IOException {
    // Initialize client that will be used to send requests. This client only needs to be created
    // once, and can be reused for multiple requests. After completing all of your requests, call
    // the "close" method on the client to safely clean up any remaining background resources.
    try (DlpServiceClient dlpServiceClient = DlpServiceClient.create()) {

      // Create the request to be sent by the client
      ListInspectTemplatesRequest request =
              .setParent(LocationName.of(projectId, "global").toString())

      // Send the request
      ListInspectTemplatesPagedResponse response = dlpServiceClient.listInspectTemplates(request);

      // Parse through and process the response
      System.out.println("Templates found:");
      for (InspectTemplate template : response.getPage().getResponse().getInspectTemplatesList()) {
        System.out.printf("Template name: %s\n", template.getName());
        if (template.getDisplayName() != null) {
          System.out.printf("\tDisplay name: %s \n", template.getDisplayName());
          System.out.printf("\tCreate time: %s \n", template.getCreateTime());
          System.out.printf("\tUpdate time: %s \n", template.getUpdateTime());

          // print inspection config
          InspectConfig inspectConfig = template.getInspectConfig();
          for (InfoType infoType : inspectConfig.getInfoTypesList()) {
            System.out.printf("\tInfoType: %s\n", infoType.getName());
          System.out.printf("\tMin likelihood: %s\n", inspectConfig.getMinLikelihood());
          System.out.printf("\tLimits: %s\n", inspectConfig.getLimits().getMaxFindingsPerRequest());


// Imports the Google Cloud Data Loss Prevention library
const DLP = require('@google-cloud/dlp');

// Instantiates a client
const dlp = new DLP.DlpServiceClient();

// The project ID to run the API call under
// const projectId = 'my-project';

// Helper function to pretty-print dates
const formatDate = date => {
  const msSinceEpoch = parseInt(date.seconds, 10) * 1000;
  return new Date(msSinceEpoch).toLocaleString('en-US');

async function listInspectTemplates() {
  // Construct template-listing request
  const request = {
    parent: `projects/${projectId}/locations/global`,

  // Run template-deletion request
  const [templates] = await dlp.listInspectTemplates(request);

  templates.forEach(template => {
    console.log(`Template ${template.name}`);
    if (template.displayName) {
      console.log(`  Display name: ${template.displayName}`);

    console.log(`  Created: ${formatDate(template.createTime)}`);
    console.log(`  Updated: ${formatDate(template.updateTime)}`);

    const inspectConfig = template.inspectConfig;
    const infoTypes = inspectConfig.infoTypes.map(x => x.name);
    console.log('  InfoTypes:', infoTypes.join(' '));
    console.log('  Minimum likelihood:', inspectConfig.minLikelihood);
    console.log('  Include quotes:', inspectConfig.includeQuote);

    const limits = inspectConfig.limits;
    console.log('  Max findings per request:', limits.maxFindingsPerRequest);



use Google\Cloud\Dlp\V2\Client\DlpServiceClient;
use Google\Cloud\Dlp\V2\ListInspectTemplatesRequest;

 * List DLP inspection configuration templates.
 * @param string $callingProjectId  The project ID to run the API call under
function list_inspect_templates(string $callingProjectId): void
    // Instantiate a client.
    $dlp = new DlpServiceClient();

    $parent = "projects/$callingProjectId/locations/global";

    // Run request
    $listInspectTemplatesRequest = (new ListInspectTemplatesRequest())
    $response = $dlp->listInspectTemplates($listInspectTemplatesRequest);

    // Print results
    $templates = $response->iterateAllElements();

    foreach ($templates as $template) {
        printf('Template %s' . PHP_EOL, $template->getName());
        printf('  Created: %s' . PHP_EOL, $template->getCreateTime()->getSeconds());
        printf('  Updated: %s' . PHP_EOL, $template->getUpdateTime()->getSeconds());
        printf('  Display Name: %s' . PHP_EOL, $template->getDisplayName());
        printf('  Description: %s' . PHP_EOL, $template->getDescription());

        $inspectConfig = $template->getInspectConfig();
        if ($inspectConfig === null) {
            print('  No inspect config.' . PHP_EOL);
        } else {
            printf('  Minimum likelihood: %s' . PHP_EOL, $inspectConfig->getMinLikelihood());
            printf('  Include quotes: %s' . PHP_EOL, $inspectConfig->getIncludeQuote());
            $limits = $inspectConfig->getLimits();
            printf('  Max findings per request: %s' . PHP_EOL, $limits->getMaxFindingsPerRequest());


import google.cloud.dlp

def list_inspect_templates(project: str) -> None:
    """Lists all Data Loss Prevention API inspect templates.
        project: The Google Cloud project id to use as a parent resource.
        None; the response from the API is printed to the terminal.

    # Instantiate a client.
    dlp = google.cloud.dlp_v2.DlpServiceClient()

    # Convert the project id into a full resource id.
    parent = f"projects/{project}"

    # Call the API.
    response = dlp.list_inspect_templates(request={"parent": parent})

    for template in response:
        print(f"Template {template.name}:")
        if template.display_name:
            print(f"  Display Name: {template.display_name}")
        print(f"  Created: {template.create_time}")
        print(f"  Updated: {template.update_time}")

        config = template.inspect_config
            "  InfoTypes: {}".format(", ".join([it.name for it in config.info_types]))
        print(f"  Minimum likelihood: {config.min_likelihood}")
        print(f"  Include quotes: {config.include_quote}")
            "  Max findings per request: {}".format(


如需删除特定的去标识化模板,请使用任一 *.*.delete 方法:

无论使用哪种 *.*.delete 方法,均需添加要删除的模板的资源名称。


using Google.Cloud.Dlp.V2;
using System;

public class InspectTemplateDelete
    public static object Delete(string projectId, string templateName)
        var client = DlpServiceClient.Create();

        var request = new DeleteInspectTemplateRequest
            Name = templateName

        Console.WriteLine($"Successfully deleted template {templateName}.");

        return templateName;


import (

	dlp "cloud.google.com/go/dlp/apiv2"

// deleteInspectTemplate deletes the given template.
func deleteInspectTemplate(w io.Writer, templateID string) error {
	// projectID := "my-project-id"
	// templateID := "my-template"

	ctx := context.Background()

	client, err := dlp.NewClient(ctx)
	if err != nil {
		return fmt.Errorf("dlp.NewClient: %w", err)
	defer client.Close()

	req := &dlppb.DeleteInspectTemplateRequest{
		Name: templateID,

	if err := client.DeleteInspectTemplate(ctx, req); err != nil {
		return fmt.Errorf("DeleteInspectTemplate: %w", err)
	fmt.Fprintf(w, "Successfully deleted inspect template %v", templateID)
	return nil


import com.google.cloud.dlp.v2.DlpServiceClient;
import com.google.privacy.dlp.v2.DeleteInspectTemplateRequest;
import java.io.IOException;

class TemplatesDelete {

  public static void main(String[] args) throws Exception {
    // TODO(developer): Replace these variables before running the sample.
    String projectId = "your-project-id";
    String templateId = "your-template-id";
    deleteInspectTemplate(projectId, templateId);

  // Delete an existing template
  public static void deleteInspectTemplate(String projectId, String templateId) throws IOException {
    // Construct the template name to be deleted
    String templateName = String.format("projects/%s/inspectTemplates/%s", projectId, templateId);

    // Initialize client that will be used to send requests. This client only needs to be created
    // once, and can be reused for multiple requests. After completing all of your requests, call
    // the "close" method on the client to safely clean up any remaining background resources.
    try (DlpServiceClient dlpServiceClient = DlpServiceClient.create()) {

      // Create delete template request to be sent by the client
      DeleteInspectTemplateRequest request =

      // Send the request with the client
      System.out.printf("Deleted template: %s\n", templateName);


// Imports the Google Cloud Data Loss Prevention library
const DLP = require('@google-cloud/dlp');

// Instantiates a client
const dlp = new DLP.DlpServiceClient();

// The project ID to run the API call under
// const projectId = 'my-project';

// The name of the template to delete
// Parent project ID is automatically extracted from this parameter
// const templateName = 'projects/YOUR_PROJECT_ID/inspectTemplates/#####'
async function deleteInspectTemplate() {
  // Construct template-deletion request
  const request = {
    name: templateName,

  // Run template-deletion request
  await dlp.deleteInspectTemplate(request);
  console.log(`Successfully deleted template ${templateName}.`);



use Google\Cloud\Dlp\V2\Client\DlpServiceClient;
use Google\Cloud\Dlp\V2\DeleteInspectTemplateRequest;

 * Delete a DLP inspection configuration template.
 * @param string $callingProjectId  The project ID to run the API call under
 * @param string $templateId        The name of the template to delete
function delete_inspect_template(
    string $callingProjectId,
    string $templateId
): void {
    // Instantiate a client.
    $dlp = new DlpServiceClient();

    // Run template deletion request
    $templateName = "projects/$callingProjectId/locations/global/inspectTemplates/$templateId";
    $deleteInspectTemplateRequest = (new DeleteInspectTemplateRequest())

    // Print results
    printf('Successfully deleted template %s' . PHP_EOL, $templateName);


import google.cloud.dlp

def delete_inspect_template(project: str, template_id: str) -> None:
    """Deletes a Data Loss Prevention API template.
        project: The id of the Google Cloud project which owns the template.
        template_id: The id of the template to delete.
        None; the response from the API is printed to the terminal.

    # Instantiate a client.
    dlp = google.cloud.dlp_v2.DlpServiceClient()

    # Convert the project id into a full resource id.
    parent = f"projects/{project}"

    # Combine the template id with the parent id.
    template_resource = f"{parent}/inspectTemplates/{template_id}"

    # Call the API.
    dlp.delete_inspect_template(request={"name": template_resource})

    print(f"Template {template_resource} successfully deleted.")