Cloud DLP Client Libraries

This page shows how to get started with the Cloud Client Libraries for the Cloud Data Loss Prevention API. Read more about the client libraries for Cloud APIs, including the older Google APIs Client Libraries, in Client Libraries Explained.

Cloud DLP client libraries mentioned on this page are supported on Compute Engine, App Engine - Flexible Environment, Google Kubernetes Engine, and Cloud Functions. Cloud DLP client library for Java is supported on Java 8 on App Engine standard environment.

If you are using Java 7 on App Engine standard environment, or App Engine - Standard environment with Go, PHP, or Python, use the REST Interface to access Cloud DLP.

Installing the client library


For more information, see Setting Up a C# Development Environment.

To build and run a sample, open the solution file (Dlp.sln) with Visual Studio 2015 or later and build it.

For more information, see the README.


For more information, see Setting Up a Go Development Environment.

go get -u


For more information, see Setting Up a Java Development Environment.

If you are using Maven, add this to your pom.xml file:


If you are using Gradle, add this to your dependencies:

compile group: '', name: 'google-cloud-dlp', version: ''


For more information, see Setting Up a Node.js Development Environment.

npm install --save @google-cloud/dlp


For more information, see Using PHP on Google Cloud.

composer require google/cloud-dlp


For more information, see Setting Up a Python Development Environment.

  1. Install pip and virtualenv if you do not already have them. You may want to refer to the Python Development Environment Setup Guide for Google Cloud for instructions.
  2. Clone or download the Google Cloud Python Docs Samples on GitHub.
  3. Create a virtualenv. Samples are compatible with Python 2.7.x and 3.4 and higher.
    $ python -m venv venv
    $ source env/bin/activate
  4. From the dlp directory within the cloned or unzipped Google Cloud Python Docs Samples directory, install the dependencies needed to run the samples.
    $ pip install -r requirements.txt


For more information, see Setting Up a Ruby Development Environment.

gem install google-api-client

Setting up authentication

To run the client library, you must first set up authentication by creating a service account and setting an environment variable. Complete the following steps to set up authentication. For other ways to authenticate, see the GCP authentication documentation.

Cloud Console

Create a service account:

  1. In the Cloud Console, go to the Create service account page.

    Go to Create service account
  2. Select a project.
  3. In the Service account name field, enter a name. The Cloud Console fills in the Service account ID field based on this name.

    In the Service account description field, enter a description. For example, Service account for quickstart.

  4. Click Create.
  5. Click the Select a role field.

    Under Quick access, click Basic, then click Owner.

  6. Click Continue.
  7. Click Done to finish creating the service account.

    Do not close your browser window. You will use it in the next step.

Create a service account key:

  1. In the Cloud Console, click the email address for the service account that you created.
  2. Click Keys.
  3. Click Add key, then click Create new key.
  4. Click Create. A JSON key file is downloaded to your computer.
  5. Click Close.

Command line

You can run the following commands using the Cloud SDK on your local machine, or in Cloud Shell.

  1. Create the service account. Replace NAME with a name for the service account.

    gcloud iam service-accounts create NAME
  2. Grant permissions to the service account. Replace PROJECT_ID with your project ID.

    gcloud projects add-iam-policy-binding PROJECT_ID --member="" --role="roles/owner"
  3. Generate the key file. Replace FILE_NAME with a name for the key file.

    gcloud iam service-accounts keys create FILE_NAME.json

Provide authentication credentials to your application code by setting the environment variable GOOGLE_APPLICATION_CREDENTIALS. Replace [PATH] with the file path of the JSON file that contains your service account key. This variable only applies to your current shell session, so if you open a new session, set the variable again.

Linux or macOS


For example:

export GOOGLE_APPLICATION_CREDENTIALS="/home/user/Downloads/my-key.json"


With PowerShell:


For example:


With command prompt:


Using the client library

The following example shows how to use the client library.


To learn how to install and use the client library for Cloud DLP, see the Cloud DLP Client Libraries.

// The quickstart program is an example of using the Data Loss Prevention API.
package main

import (

	dlp ""
	dlppb ""

func main() {
	ctx := context.Background()

	projectID := "PROJECT_ID"

	// Creates a DLP client.
	client, err := dlp.NewClient(ctx)
	if err != nil {
		log.Fatalf("error creating DLP client: %v", err)

	// The string to inspect.
	input := "Robert Frost"

	// The minimum likelihood required before returning a match.
	minLikelihood := dlppb.Likelihood_POSSIBLE

	// The maximum number of findings to report (0 = server maximum).
	maxFindings := int32(0)

	// Whether to include the matching string.
	includeQuote := true

	// The infoTypes of information to match.
	infoTypes := []*dlppb.InfoType{
			Name: "PERSON_NAME",
			Name: "US_STATE",

	// Construct item to inspect.
	item := &dlppb.ContentItem{
		DataItem: &dlppb.ContentItem_Value{
			Value: input,

	// Construct request.
	req := &dlppb.InspectContentRequest{
		Parent: fmt.Sprintf("projects/%s/locations/global", projectID),
		InspectConfig: &dlppb.InspectConfig{
			InfoTypes:     infoTypes,
			MinLikelihood: minLikelihood,
			Limits: &dlppb.InspectConfig_FindingLimits{
				MaxFindingsPerRequest: maxFindings,
			IncludeQuote: includeQuote,
		Item: item,

	// Run request.
	resp, err := client.InspectContent(ctx, req)
	if err != nil {
	findings := resp.GetResult().GetFindings()
	if len(findings) == 0 {
		fmt.Println("No findings.")
	for _, f := range findings {
		if includeQuote {
			fmt.Println("\tQuote: ", f.GetQuote())
		fmt.Println("\tInfo type: ", f.GetInfoType().GetName())
		fmt.Println("\tLikelihood: ", f.GetLikelihood())


To learn how to install and use the client library for Cloud DLP, see the Cloud DLP Client Libraries.

import java.util.List;

public class QuickStart {

  public static void main(String[] args) throws IOException {
    // TODO(developer): Replace these variables before running the sample.
    String projectId = "your-project-id";

  public static void quickstart(String projectId) throws IOException {
    // Initialize client that will be used to send requests. This client only needs to be created
    // once, and can be reused for multiple requests. After completing all of your requests, call
    // the "close" method on the client to safely clean up any remaining background resources.
    try (DlpServiceClient dlpServiceClient = DlpServiceClient.create()) {
      // Configure that content that will be inspected
      String text = "His name was Robert Frost";
      ByteContentItem byteContentItem =
      ContentItem contentItem = ContentItem.newBuilder().setByteItem(byteContentItem).build();

      // The types of information to match:
      // See:
      List<InfoType> infoTypes =
          Stream.of("PERSON_NAME", "US_STATE")
              .map(it -> InfoType.newBuilder().setName(it).build())

      // The minimum likelihood required before returning a match:
      // See:
      Likelihood minLikelihood = Likelihood.POSSIBLE;

      // The maximum number of findings to report (0 = server maximum)
      InspectConfig.FindingLimits findingLimits =

      // Specify the inspection configuration
      InspectConfig inspectConfig =

      // Create the request from previous configs
      InspectContentRequest request =
              .setParent(LocationName.of(projectId, "global").toString())

      // Send the request to the service and receive the results
      InspectContentResponse response = dlpServiceClient.inspectContent(request);

      // Process the results
      System.out.println("Inspect of text complete: ");
      InspectResult result = response.getResult();
      if (result.getFindingsCount() < 0) {
        System.out.println("No findings.");
      System.out.println("Findings: ");
      for (Finding finding : result.getFindingsList()) {
        System.out.println("\tQuote: " + finding.getQuote());
        System.out.println("\tInfo type: " + finding.getInfoType().getName());
        System.out.println("\tLikelihood: " + finding.getLikelihood());


To learn how to install and use the client library for Cloud DLP, see the Cloud DLP Client Libraries.

// Instantiates a client
const dlp = new DLP.DlpServiceClient();

// The string to inspect
const string = 'Robert Frost';

// The project ID to run the API call under
// const projectId = 'my-project';

async function quickStart() {
  // The minimum likelihood required before returning a match
  const minLikelihood = 'LIKELIHOOD_UNSPECIFIED';

  // The maximum number of findings to report (0 = server maximum)
  const maxFindings = 0;

  // The infoTypes of information to match
  const infoTypes = [{name: 'PERSON_NAME'}, {name: 'US_STATE'}];

  // Whether to include the matching string
  const includeQuote = true;

  // Construct item to inspect
  const item = {value: string};

  // Construct request
  const request = {
    parent: `projects/${projectId}/locations/global`,
    inspectConfig: {
      infoTypes: infoTypes,
      minLikelihood: minLikelihood,
      limits: {
        maxFindingsPerRequest: maxFindings,
      includeQuote: includeQuote,
    item: item,

  // Run request
  const [response] = await dlp.inspectContent(request);
  const findings = response.result.findings;
  if (findings.length > 0) {
    findings.forEach(finding => {
      if (includeQuote) {
        console.log(`\tQuote: ${finding.quote}`);
      console.log(`\tInfo type: ${}`);
      console.log(`\tLikelihood: ${finding.likelihood}`);
  } else {
    console.log('No findings.');


To learn how to install and use the client library for Cloud DLP, see the Cloud DLP Client Libraries.

use Google\Cloud\Dlp\V2\DlpServiceClient;
use Google\Cloud\Dlp\V2\ContentItem;
use Google\Cloud\Dlp\V2\InfoType;
use Google\Cloud\Dlp\V2\InspectConfig;
use Google\Cloud\Dlp\V2\Likelihood;
use Google\Cloud\Dlp\V2\InspectConfig\FindingLimits;

// Instantiate a client.
$dlp = new DlpServiceClient();

// The infoTypes of information to match
$usNameInfoType = (new InfoType())
$phoneNumberInfoType = (new InfoType())
$infoTypes = [$usNameInfoType, $phoneNumberInfoType];

// Set the string to inspect
$stringToInspect = 'Robert Frost';

// Only return results above a likelihood threshold, 0 for all
$minLikelihood = likelihood::LIKELIHOOD_UNSPECIFIED;

// Limit the number of findings, 0 for no limit
$maxFindings = 0;

// Whether to include the matching string in the response
$includeQuote = true;

// Specify finding limits
$limits = (new FindingLimits())

// Create the configuration object
$inspectConfig = (new InspectConfig())

$content = (new ContentItem())

$projectId = getenv('GCLOUD_PROJECT');
$parent = $dlp->projectName($projectId);

// Run request
$response = $dlp->inspectContent([
    'parent' => $parent,
    'inspectConfig' => $inspectConfig,
    'item' => $content

// Print the results
$findings = $response->getResult()->getFindings();
if (count($findings) == 0) {
    print('No findings.' . PHP_EOL);
} else {
    print('Findings:' . PHP_EOL);
    foreach ($findings as $finding) {
        if ($includeQuote) {
            print('  Quote: ' . $finding->getQuote() . PHP_EOL);
        print('  Info type: ' . $finding->getInfoType()->getName() . PHP_EOL);
        $likelihoodString = Likelihood::name($finding->getLikelihood());
        print('  Likelihood: ' . $likelihoodString . PHP_EOL);


To learn how to install and use the client library for Cloud DLP, see the Cloud DLP Client Libraries.

# Import the client library

# Instantiate a client.
dlp_client =

# The string to inspect
content = "Robert Frost"

# Construct the item to inspect.
item = {"value": content}

# The info types to search for in the content. Required.
info_types = [{"name": "FIRST_NAME"}, {"name": "LAST_NAME"}]

# The minimum likelihood to constitute a match. Optional.
min_likelihood =

# The maximum number of findings to report (0 = server maximum). Optional.
max_findings = 0

# Whether to include the matching string in the results. Optional.
include_quote = True

# Construct the configuration dictionary. Keys which are None may
# optionally be omitted entirely.
inspect_config = {
    "info_types": info_types,
    "min_likelihood": min_likelihood,
    "include_quote": include_quote,
    "limits": {"max_findings_per_request": max_findings},

# Convert the project id into a full resource id.
parent = f"projects/{project_id}"

# Call the API.
response = dlp_client.inspect_content(
    request={"parent": parent, "inspect_config": inspect_config, "item": item}

# Print out the results.
if response.result.findings:
    for finding in response.result.findings:
            print("Quote: {}".format(finding.quote))
        except AttributeError:
        print("Info type: {}".format(
        # Convert likelihood value to string respresentation.
        likelihood =
        print("Likelihood: {}".format(likelihood))
    print("No findings.")

Additional resources