Quickstart: Using the command-line tool

This page shows you how to perform basic tasks in the Cloud Data Loss Prevention API using a command-line interface. Specifically, this quickstart covers sending a short string to the DLP API for inspection.

Before you begin

  1. Sign in to your Google Account.

    If you don't already have one, sign up for a new account.

  2. In the Google Cloud Console, on the project selector page, select or create a Google Cloud project.

    Go to the project selector page

  3. Make sure that billing is enabled for your Cloud project. Learn how to confirm that billing is enabled for your project.

  4. Enable the DLP API.

    Enable the API

  5. Set up authentication:
    1. In the Cloud Console, go to the Create service account key page.

      Go to the Create Service Account Key page
    2. From the Service account list, select New service account.
    3. In the Service account name field, enter a name.
    4. From the Role list, select Project > Owner.

    5. Click Create. A JSON file that contains your key downloads to your computer.
  6. Set the environment variable GOOGLE_APPLICATION_CREDENTIALS to the path of the JSON file that contains your service account key. This variable only applies to your current shell session, so if you open a new session, set the variable again.

  7. Download and install Node.js and NPM.

Permissions

Inspecting content requires the serviceusage.services.use permission for the project that's specified in parent. The roles/editor, roles/owner, and roles.dlp.user roles contain the required permission or you can define your own custom role.

To give your user the dlp.user role at the project level:

Web UI

  1. Open the IAM page in the Google Cloud Console.

    Open the IAM page

  2. If a project hasn't already been selected, click Select a project in the project selector.

  3. Select your project and click Open.

  4. On the IAM page:

    • To add a new user, click Add.
    • To add the dlp.user role to an existing user, click Edit member for that user, and then click Add another role in the Edit permissions pane.

  5. In the Add members pane:

    • In the New members field, type the email address of the user you're adding—for example, test@example.com.
    • For Roles, click Select a role and choose Cloud DLP > DLP User.

  6. Click Add.

For more information, see Grant an IAM role.

Command-line

  1. To add a single binding to the project's IAM policy, type the following command. Replace PROJECT-ID with your project ID and SERVICE-ID with the service account to be used.

    gcloud projects add-iam-policy-binding PROJECT-ID --member serviceAccount:SERVICE-ID --role roles/dlp.user

  2. The following command writes the updated policy to the console window. Replace the email address with that of the user you're adding.

bindings:
- members:
  - group: test@example.com
    role: roles/dlp.user

Set up Cloud DLP CLI app

  1. Clone or download a ZIP file of the Node.js DLP client library, and then expand the downloaded file.

  2. Open a command-line tool and navigate to the samples directory within the expanded directory.

  3. Install the app dependencies by running npm install while in the samples directory.

  4. If you haven't done so already, create the GCLOUD_PROJECT environment variable and set it to the project ID of the Google Cloud project you set up to use with Cloud DLP:

Inspect a string for sensitive information

This section shows you how to ask the service to scan sample text using the inspectString example Node.js script. If you haven't already, open a command-line tool and navigate to the samples folder of the Node.js samples repository you downloaded and expanded in the previous section.

  • Run the following command, replacing PROJECT-ID with your project ID:

    node inspectString.js PROJECT-ID "My email address is joe@example.com."

You receive the following output:

  Findings:
    Quote: joe@example.com
    Info type: EMAIL_ADDRESS
    Likelihood: LIKELY
  

You've just sent your first request to the DLP API.

What's next?