Stay organized with collections Save and categorize content based on your preferences.

Inspect sensitive text by using Node.js

Learn how to scan a sample string for sensitive information by using the Cloud Data Loss Prevention API (DLP API), the Google Cloud CLI, and Node.js.


For step-by-step guidance for this task directly in the Google Cloud console, click Guide me:

Guide me


The following sections take you through the same steps as clicking Guide me.

Before you begin

  1. Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
  2. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Go to project selector

  3. Make sure that billing is enabled for your Cloud project. Learn how to check if billing is enabled on a project.

  4. Enable the DLP API.

    Enable the API

  5. Create a service account:

    1. In the Google Cloud console, go to the Create service account page.

      Go to Create service account
    2. Select your project.
    3. In the Service account name field, enter a name. The Google Cloud console fills in the Service account ID field based on this name.

      In the Service account description field, enter a description. For example, Service account for quickstart.

    4. Click Create and continue.
    5. To provide access to your project, grant the following role(s) to your service account: Project > Owner.

      In the Select a role list, select a role.

      For additional roles, click Add another role and add each additional role.

    6. Click Continue.
    7. Click Done to finish creating the service account.

      Do not close your browser window. You will use it in the next step.

  6. Create a service account key:

    1. In the Google Cloud console, click the email address for the service account that you created.
    2. Click Keys.
    3. Click Add key, and then click Create new key.
    4. Click Create. A JSON key file is downloaded to your computer.
    5. Click Close.
  7. Set the environment variable GOOGLE_APPLICATION_CREDENTIALS to the path of the JSON file that contains your service account key. This variable only applies to your current shell session, so if you open a new session, set the variable again.

  8. Install and initialize the Google Cloud CLI.
  9. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Go to project selector

  10. Make sure that billing is enabled for your Cloud project. Learn how to check if billing is enabled on a project.

  11. Enable the DLP API.

    Enable the API

  12. Create a service account:

    1. In the Google Cloud console, go to the Create service account page.

      Go to Create service account
    2. Select your project.
    3. In the Service account name field, enter a name. The Google Cloud console fills in the Service account ID field based on this name.

      In the Service account description field, enter a description. For example, Service account for quickstart.

    4. Click Create and continue.
    5. To provide access to your project, grant the following role(s) to your service account: Project > Owner.

      In the Select a role list, select a role.

      For additional roles, click Add another role and add each additional role.

    6. Click Continue.
    7. Click Done to finish creating the service account.

      Do not close your browser window. You will use it in the next step.

  13. Create a service account key:

    1. In the Google Cloud console, click the email address for the service account that you created.
    2. Click Keys.
    3. Click Add key, and then click Create new key.
    4. Click Create. A JSON key file is downloaded to your computer.
    5. Click Close.
  14. Set the environment variable GOOGLE_APPLICATION_CREDENTIALS to the path of the JSON file that contains your service account key. This variable only applies to your current shell session, so if you open a new session, set the variable again.

  15. Install and initialize the Google Cloud CLI.
  16. Install Node.js and NPM.

Set permissions

To inspect content, you must have the serviceusage.services.use IAM permission for your project. To give this permission, grant the DLP User role at the project level:

   gcloud projects add-iam-policy-binding PROJECT_ID --member user:EMAIL_ADDRESS --role roles/dlp.user

Replace the following:

  • PROJECT_ID: the ID of your Google Cloud project

  • EMAIL_ADDRESS: the email address of your Google Cloud account

The output is similar to the following:

   bindings:
   - members:
   - user:test@example.com
   role: roles/dlp.user

Set up a Cloud DLP CLI app

To set up a Cloud DLP CLI app using Node.js, do the following:

  1. Clone the Node.js DLP client library:

     git clone https://github.com/googleapis/nodejs-dlp
    
  2. Navigate to the samples directory.

  3. Install the app dependencies:

     npm install
    

Inspect a string for sensitive information

To scan sample text by using the DLP API and the inspectString Node.js script, run the following command:

  node inspectString.js PROJECT_ID "My email address is joe@example.com."

The output is similar to the following:

  Findings:
      Info type: PERSON_NAME
      Likelihood: POSSIBLE
      Info type: EMAIL_ADDRESS
      Likelihood: LIKELY

Clean up

To avoid incurring charges to your Google Cloud account for the resources used on this page, follow these steps.

Delete the project

The easiest way to eliminate billing is to delete the project that you created for the tutorial.

To delete the project:

  1. In the Google Cloud console, go to the Manage resources page.

    Go to Manage resources

  2. In the project list, select the project that you want to delete, and then click Delete.
  3. In the dialog, type the project ID, and then click Shut down to delete the project.

What's next