You can use templates to create and persist configuration information to use with Cloud Data Loss Prevention (DLP). Templates are useful for decoupling configuration information—like what you inspect for or de-identify—from the implementation of your requests. Templates provide a way to manage large-scale rollouts of Cloud DLP inspection jobs.
This quickstart guides you through the creation of a new inspection template using Cloud DLP in the Google Cloud Platform Console.
To learn about all available inspection template options, see Creating Cloud DLP inspection templates.
Before you begin
The Cloud DLP UI Beta is available now in the GCP Console. Be aware that any jobs, job triggers, or templates that you create using the Cloud DLP UI Beta are real and will incur usage charges when run, if applicable. For more information about pricing, see Cloud DLP pricing.
Open Cloud DLP
To access Cloud DLP in the GCP Console:
Alternatively, do the following:
- In the GCP Console, if the navigation menu isn't visible, click the navigation button in the upper-left corner of the page.
- Point to Security, and then click Data Loss Prevention.
The main Cloud DLP page opens.
Create a new template
To create a template in Cloud DLP:
In the GCP Console, open Cloud DLP.
From the Create menu, choose Template.
Alternatively, click the following button:
On the Create template page, first enter a name for the inspection template. This is how you'll refer to the template when you run a job, create a job trigger, and so on. You can use letters, numbers, and hyphens. If you want, you can also enter a description to better remember what the template does.
Next, choose a built-in infoType to use to scan your content.
InfoType detectors find sensitive data of a certain type. For example, the
US_SOCIAL_SECURITY_NUMBER infoType detector finds
US Social Security numbers.
In the InfoTypes field, choose
ALL_BASIC to scan for all default
More information about each detector is provided in InfoType detector reference.
If you want, you can change the confidence threshold, or match likelihood value, to tweak how Cloud DLP matches your content.
Every time Cloud DLP detects a potential match for sensitive data, it assigns it a likelihood value on a scale from "Very unlikely" to "Very likely." When you set a likelihood value here, you are instructing Cloud DLP to only match on data that corresponds to that likelihood value or higher.
The default value of "Possible" is sufficient for most purposes. If you routinely get matches that are too broad when you use this template, move the slider up. If you get too few matches, move the slider down.
Finish the template
When you're done, click Create to create the template. The template's summary information page appears.
To return to the main Cloud DLP page, click the Back arrow in the GCP Console.
Use the template
After you've created your template using this quickstart, you're ready to run a scan using the template. If you're not already familiar with how to run an inspection scan, follow the instructions provided in Quickstart scheduling Cloud DLP inspection scans with the following change:
- In the Configure detection > Templates section, click in the Template name field and select the template you just created.
To avoid incurring charges to your GCP account for the resources used in this quickstart:
Delete the project
The easiest way to eliminate billing is to delete the project that you created for the tutorial.
To delete the project:
- In the GCP Console, go to the Projects page.
- In the project list, select the project you want to delete and click Delete delete.
- In the dialog, type the project ID, and then click Shut down to delete the project.
Delete the template
If necessary, choose the name of the project in which you created a template from the menu at the top of the GCP Console. Then open Cloud DLP in the GCP Console.
Click the Configuration tab, and then the Templates tab. The console displays a list of all templates for the current project.
In the Actions column for the template you want to delete, click the three vertical dots, and then click Delete.
Alternatively, from the list of templates, click the name of the template you want to delete. On the template's detail page, click Delete.
- Learn more about creating templates, using either Cloud DLP in the GCP Console, the Cloud DLP API, or client libraries in several programming languages: Creating Cloud DLP inspection templates.