Inspect sensitive text by using the DLP API
Learn how to scan a sample string for sensitive information by using the Cloud Data Loss Prevention API of Sensitive Data Protection and JSON.
To follow step-by-step guidance for this task directly in the Google Cloud console, click Guide me:
Before you begin
- Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
- Install the Google Cloud CLI.
-
To initialize the gcloud CLI, run the following command:
gcloud init
-
Create or select a Google Cloud project.
-
Create a Google Cloud project:
gcloud projects create PROJECT_ID
Replace
PROJECT_ID
with a name for the Google Cloud project you are creating. -
Select the Google Cloud project that you created:
gcloud config set project PROJECT_ID
Replace
PROJECT_ID
with your Google Cloud project name.
-
-
Make sure that billing is enabled for your Google Cloud project.
-
Enable the DLP API:
gcloud services enable dlp.googleapis.com
-
Grant roles to your user account. Run the following command once for each of the following IAM roles:
roles/dlp.user
gcloud projects add-iam-policy-binding PROJECT_ID --member="user:USER_IDENTIFIER" --role=ROLE
- Replace
PROJECT_ID
with your project ID. -
Replace
USER_IDENTIFIER
with the identifier for your user account. For example,user:myemail@example.com
. - Replace
ROLE
with each individual role.
- Replace
- Install the Google Cloud CLI.
-
To initialize the gcloud CLI, run the following command:
gcloud init
-
Create or select a Google Cloud project.
-
Create a Google Cloud project:
gcloud projects create PROJECT_ID
Replace
PROJECT_ID
with a name for the Google Cloud project you are creating. -
Select the Google Cloud project that you created:
gcloud config set project PROJECT_ID
Replace
PROJECT_ID
with your Google Cloud project name.
-
-
Make sure that billing is enabled for your Google Cloud project.
-
Enable the DLP API:
gcloud services enable dlp.googleapis.com
-
Grant roles to your user account. Run the following command once for each of the following IAM roles:
roles/dlp.user
gcloud projects add-iam-policy-binding PROJECT_ID --member="user:USER_IDENTIFIER" --role=ROLE
- Replace
PROJECT_ID
with your project ID. -
Replace
USER_IDENTIFIER
with the identifier for your user account. For example,user:myemail@example.com
. - Replace
ROLE
with each individual role.
- Replace
Inspect a string for sensitive information
This section shows you how to configure the DLP API to scan
sample text using the projects.content.inspect
REST method.
This section requires you to save the sample request in a JSON file. If you're using Cloud Shell, you can use the Cloud Shell Editor to create the file. To launch the editor, click
Open Editor on the toolbar of the Cloud Shell window.Before using any of the request data, make the following replacements:
-
PROJECT_ID
: Your Google Cloud project ID. Project IDs are alphanumeric strings, likemy-project
.
HTTP method and URL:
POST https://dlp.googleapis.com/v2/projects/PROJECT_ID/content:inspect
Request JSON body:
{ "item": { "value": "My phone number is (800) 555-0123." }, "inspectConfig": { "infoTypes": [ { "name": "PHONE_NUMBER" }, { "name": "US_TOLLFREE_PHONE_NUMBER" } ], "minLikelihood": "POSSIBLE", "limits": { "maxFindingsPerItem": 0 }, "includeQuote": true } }
To send your request, expand one of these options:
You should receive a JSON response similar to the following:
{ "result": { "findings": [ { "quote": "(800) 555-0123", "infoType": { "name": "US_TOLLFREE_PHONE_NUMBER" }, "likelihood": "LIKELY", "location": { "byteRange": { "start": "19", "end": "33" }, "codepointRange": { "start": "19", "end": "33" } }, "createTime": "2022-09-23T01:53:05.303Z", "findingId": "2022-09-23T01:53:05.306348Z5328915744504121862" } ] } }
Clean up
To avoid incurring charges to your Google Cloud account for the resources used on this page, delete the Google Cloud project with the resources.
Delete the project
If you created a new project for this quickstart, the easiest way to prevent additional charges is to delete the project.
Delete a Google Cloud project:
gcloud projects delete PROJECT_ID
Revoke your credentials
Optional: Revoke credentials from the gcloud CLI.
gcloud auth revoke
What's next
To get started with inspecting text and images for sensitive data, see How-to guides.
To better understand inspection, redaction, infoTypes, and likelihood, see Concepts.
Learn more about the DLP API.