You can use templates to create and persist configuration information to use with Cloud Data Loss Prevention (DLP). Templates are useful for decoupling configuration information—like what you inspect for or de-identify—from the implementation of your requests. Templates provide a way to manage large-scale rollouts of Cloud DLP inspection jobs.
This quickstart guides you through the creation of a new inspection template using Cloud DLP in the Google Cloud Platform Console.
Before you begin
The Cloud DLP UI Beta is available now in the GCP Console. Be aware that any jobs, job triggers, or templates that you create using the Cloud DLP UI Beta are real and will incur usage charges when run, if applicable. For more information about pricing, see Cloud DLP pricing.
Sign in to your Google Account.
If you don't already have one, sign up for a new account.
Select or create a Google Cloud Platform project.
Make sure that billing is enabled for your Google Cloud Platform project.
- Enable the Cloud DLP API.
Open Cloud DLP
To access Cloud DLP in the GCP Console:
Alternatively, do the following:
- In the GCP Console, if the navigation menu isn't visible, click the navigation button in the upper-left corner of the page.
- Point to Security, and then click Data Loss Prevention.
The main Cloud DLP page opens.
Create a new template
To create a template in Cloud DLP:
In the GCP Console, open Cloud DLP.
From the Create menu, choose Template.
Alternatively, click the following button:
On the Create template page, first enter a name for the inspection template. This is how you'll refer to the template when you run a job, create a job trigger, and so on. You can use letters, numbers, and hyphens. If you want, you can also enter a description to better remember what the template does.
Next, choose a built-in infoType to use to scan your content.
InfoType detectors find sensitive data of a certain type. For example, the
US_SOCIAL_SECURITY_NUMBER infoType detector finds
US Social Security numbers.
Under InfoTypes, choose the infoType detector that corresponds to a data type you want to scan for. You can also leave this field blank to scan for all default infoTypes.
More information about each detector is provided in InfoType detector reference.
If you want, you can change the confidence threshold, or match likelihood value, to tweak how Cloud DLP matches your content.
Every time Cloud DLP detects a potential match for sensitive data, it assigns it a likelihood value on a scale from "Very unlikely" to "Very likely." When you set a likelihood value here, you are instructing Cloud DLP to only match on data that corresponds to that likelihood value or higher.
The default value of "Possible" is sufficient for most purposes. If you routinely get matches that are too broad when you use this template, move the slider up. If you get too few matches, move the slider down.
Finish the template
When you're done, click Create to create the template. The template's summary information page appears.
To return to the main Cloud DLP page, click the Back arrow in the GCP Console.
To avoid incurring charges to your GCP account for the resources used in this quickstart:
If necessary, choose the name of the project in which you created a template from the menu at the top of the GCP Console. Then open Cloud DLP in the GCP Console.
Click the Templates tab. The console displays a list of all templates for the current project.
In the Actions column for the template you want to delete, click the three vertical dots, and then click Delete.
Alternatively, from the list of templates, click the name of the template you want to delete. On the template's detail page, click Delete.
- Learn more about creating templates, using either Cloud DLP in the GCP Console, the Cloud DLP API, or client libraries in several programming languages: Creating Cloud DLP inspection templates.