This page shows you how to perform basic tasks in the Cloud Data Loss Prevention API using a command-line interface.
Before you begin
-
Sign in to your Google Account.
If you don't already have one, sign up for a new account.
-
In the GCP Console, on the project selector page, select or create a GCP project.
-
Make sure that billing is enabled for your Google Cloud Platform project. Learn how to enable billing.
- Enable the DLP API.
-
Set up authentication:
-
In the GCP Console, go to the Create service account key page.
Go to the Create Service Account Key page - From the Service account list, select New service account.
- In the Service account name field, enter a name.
From the Role list, select Project > Owner.
Note: The Role field authorizes your service account to access resources. You can view and change this field later by using the GCP Console. If you are developing a production app, specify more granular permissions than Project > Owner. For more information, see granting roles to service accounts.- Click Create. A JSON file that contains your key downloads to your computer.
-
-
Set the environment variable GOOGLE_APPLICATION_CREDENTIALS to the file path of the JSON file that contains your service account key. This variable only applies to your current shell session, so if you open a new session, set the variable again.
- Download and install Node.js and NPM.
Permissions
Inspecting content requires the serviceusage.services.use permission for the
project that's specified in parent. The roles/editor, roles/owner,
and roles.dlp.user roles contain the required permission or you can define
your own custom role.
To give your user the dlp.admin role at the project level:
Web UI
Open the Cloud Identity and Access Management page in the Google Cloud Platform Console.
If a project hasn't already been selected, click Select a project.
Select your project and click Open.
On the Cloud Identity and Access Management page, click Add.
In the Add members dialog:
- For Members type the user email:
test@example.com. - For Roles, click Select a role and choose Cloud DLP > DLP User.
- For Members type the user email:
Click Add.
Command-line
To add a single binding to the project's Cloud IAM policy, type the following command. Replace
[PROJECT_ID]with your project ID.gcloud projects add-iam-policy-binding [PROJECT_ID] --member group:test@example.com --role roles/dlp.user
The command writes the updated policy to the console window:
bindings:
- members:
- group:test@example.com
role: roles/dlp.userSet up Cloud DLP CLI app
Clone or download a ZIP file of the Node.js DLP client library.
Open a command-line tool and navigate to the
samplesdirectory.Install the app dependencies by running
npm installwhile in thesamplesdirectory.If you haven't done so already, create the
GCLOUD_PROJECTenvironment variable and set it to the project ID of the Google Cloud Platform project you set up to use with Cloud DLP.
Inspect a string for sensitive information
This section shows you how to ask the service to scan sample text
using the inspect string command.
Open a command-line tool and navigate to the
samplesfolder of the Node.js samples repository.Run the following command:
node inspect.js string "My email address is joe@example.com."
You should receive the following output:
{
"results":[
{
"findings":[
{
"quote":"joe@example.com",
"infoType":"EMAIL_ADDRESS",
"likelihood":"VERY_LIKELY",
"location":{
"byteRange":{
"start":"20",
"end":"35"
},
"codepointRange":{
"start":"20",
"end":"35"
}
}
}
]
}
]
}
Congratulations! You've sent your first request to the Cloud Data Loss Prevention API!
What's next?
- Read How-to guides to get started with inspecting text and images, as well as redacting sensitive data from text.
- Read Concepts to better understand inspection, redaction, Infotypes and likelihood.
- Take a look at the Service API Reference and the Node.js client library API Reference.
