Cloud Data Loss Prevention (Cloud DLP) is now a part of Sensitive Data Protection. The API name remains the same: Cloud Data Loss Prevention API (DLP API). For information about the services that make up Sensitive Data Protection, see Sensitive Data Protection overview.

Inspect sensitive text by using Node.js

Learn how to scan a sample string for sensitive information by using the Cloud Data Loss Prevention API of Sensitive Data Protection, the Google Cloud CLI, and Node.js.

To follow step-by-step guidance for this task directly in the Google Cloud console, click Guide me:

Guide me

Before you begin

Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.

Install the Google Cloud CLI.

To initialize the gcloud CLI, run the following command:

gcloud init

Create or select a Google Cloud project.

Create a Google Cloud project:
```
gcloud projects create PROJECT_ID
```
Replace PROJECT_ID with a name for the Google Cloud project you are creating.
Select the Google Cloud project that you created:
```
gcloud config set project PROJECT_ID
```
Replace PROJECT_ID with your Google Cloud project name.

Make sure that billing is enabled for your Google Cloud project.

Enable the DLP API:

gcloud services enable dlp.googleapis.com

Create local authentication credentials for your user account:

gcloud auth application-default login

Grant roles to your user account. Run the following command once for each of the following IAM roles: roles/dlp.user

gcloud projects add-iam-policy-binding PROJECT_ID --member="USER_IDENTIFIER" --role=ROLE

Replace PROJECT_ID with your project ID.
Replace USER_IDENTIFIER with the identifier for your user account. For example, user:myemail@example.com.
Replace ROLE with each individual role.

Install the Google Cloud CLI.

To initialize the gcloud CLI, run the following command:

gcloud init

Create or select a Google Cloud project.

Create a Google Cloud project:
```
gcloud projects create PROJECT_ID
```
Replace PROJECT_ID with a name for the Google Cloud project you are creating.
Select the Google Cloud project that you created:
```
gcloud config set project PROJECT_ID
```
Replace PROJECT_ID with your Google Cloud project name.

Make sure that billing is enabled for your Google Cloud project.

Enable the DLP API:

gcloud services enable dlp.googleapis.com

Create local authentication credentials for your user account:

gcloud auth application-default login

Grant roles to your user account. Run the following command once for each of the following IAM roles: roles/dlp.user

gcloud projects add-iam-policy-binding PROJECT_ID --member="USER_IDENTIFIER" --role=ROLE

Replace PROJECT_ID with your project ID.
Replace USER_IDENTIFIER with the identifier for your user account. For example, user:myemail@example.com.
Replace ROLE with each individual role.

Install Node.js and NPM.

Set up a Sensitive Data Protection CLI app

To set up a Sensitive Data Protection CLI app using Node.js, do the following:

Clone the Node.js DLP client library:

 git clone https://github.com/GoogleCloudPlatform/nodejs-docs-samples

Navigate to the dlp directory.
```
 cd nodejs-docs-samples/dlp
```
Install the app dependencies:
```
 npm install
```

Inspect a string for sensitive information

To scan sample text by using the DLP API and the inspectString Node.js script, run the following command:

  node inspectString.js PROJECT_ID "My email address is joe@example.com."

The output is similar to the following:

  Findings:
      Info type: EMAIL_ADDRESS
      Likelihood: LIKELY

Clean up

To avoid incurring charges to your Google Cloud account for the resources used on this page, delete the Google Cloud project with the resources.

Delete the project

If you created a new project for this quickstart, the easiest way to prevent additional charges is to delete the project.

Delete a Google Cloud project:

gcloud projects delete PROJECT_ID

Revoke your credentials

Optional: Revoke the authentication credentials that you created, and delete the local credential file.
```
gcloud auth application-default revoke
```
Optional: Revoke credentials from the gcloud CLI.
```
gcloud auth revoke
```

What's next

To get started with inspecting text and images for sensitive data, see How-to guides.
To better understand inspection, redaction, infoTypes, and likelihood, see Concepts.
Learn more about the DLP API.
Learn more about the Cloud DLP Node.js Client.