Quickstart: Creating a Cloud DLP inspection template

You can use templates to create and persist configuration information to use with Cloud Data Loss Prevention (DLP). Templates are useful for decoupling configuration information—like what you inspect for or de-identify—from the implementation of your requests. Templates provide a way to manage large-scale rollouts of Cloud DLP inspection jobs.

This quickstart guides you through the creation of a new inspection template using Cloud DLP in the Google Cloud Console.

To learn about all available inspection template options, see Creating Cloud DLP inspection templates.

Before you begin

  1. Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
  2. In the Google Cloud Console, on the project selector page, select or create a Google Cloud project.

    Go to project selector

  3. Make sure that billing is enabled for your Cloud project. Learn how to confirm that billing is enabled for your project.

  4. Enable the Cloud DLP API.

    Enable the API

Open Cloud DLP

To access Cloud DLP in the Cloud Console:

Go to Cloud DLP

Alternatively, do the following:

  1. In the Cloud Console, if the navigation menu isn't visible, click the navigation button in the upper-left corner of the page.
  2. Point to Security, and then click Data Loss Prevention.

The main Cloud DLP page opens.

Create a new template

To create a template in Cloud DLP:

  1. In the Cloud Console, open Cloud DLP.

    Go to Cloud DLP

  2. From the Create menu, choose Template.

    Alternatively, click the following button:

    Create new template

  3. On the Create template page, first enter a name for the inspection template. This is how you'll refer to the template when you run a job, create a job trigger, and so on. You can use letters, numbers, and hyphens. If you want, you can also enter a description to help you remember what the template does.


Next, choose a built-in infoType to use to scan your content.

InfoType detectors find sensitive data of a certain type. For example, the Cloud DLP US_SOCIAL_SECURITY_NUMBER infoType detector finds US Social Security numbers.

In the InfoTypes field, choose ALL_BASIC to scan for all default infoTypes.

More information about each detector is provided in InfoType detector reference.

Confidence threshold

If you want, you can change the confidence threshold, or match likelihood value, to tweak how Cloud DLP matches your content.

Every time Cloud DLP detects a potential match for sensitive data, it assigns it a likelihood value on a scale from "Very unlikely" to "Very likely." When you set a likelihood value here, you are instructing Cloud DLP to only match on data that corresponds to that likelihood value or higher.

The default value of "Possible" is sufficient for most purposes. If you routinely get matches that are too broad when you use this template, move the slider up. If you get too few matches, move the slider down.

Finish the template

When you're done, click Create to create the template. The template's summary information page appears.

To return to the main Cloud DLP page, click the Back arrow in the Cloud Console.

Use the template

After you've created your template using this quickstart, you're ready to run a scan using the template. If you're not already familiar with how to run an inspection scan, follow the instructions provided in Quickstart: Scheduling a Cloud DLP inspection scan with the following change:

  • In the Configure detection > Templates section, click in the Template name field and select the template you just created.

Clean up

To avoid incurring charges to your Google Cloud account for the resources used in this page, follow these steps.

Delete the project

The easiest way to eliminate billing is to delete the project that you created for the tutorial.

To delete the project:

  1. In the Cloud Console, go to the Manage resources page.

    Go to Manage resources

  2. In the project list, select the project that you want to delete, and then click Delete.
  3. In the dialog, type the project ID, and then click Shut down to delete the project.

Delete the template

  1. If necessary, choose the name of the project in which you created a template from the menu at the top of the Cloud Console. Then open Cloud DLP in the Cloud Console.

    Go to Cloud DLP

  2. Click the Configuration tab, and then the Templates tab. The console displays a list of all templates for the current project.

  3. In the Actions column for the template you want to delete, click the more actions menu (displayed as three dots arranged vertically) , and then click Delete.

Alternatively, from the list of templates, click the name of the template you want to delete. On the template's detail page, click Delete.

What's next

  • Learn more about creating templates, using either Cloud DLP in the Cloud Console, the Cloud DLP API, or client libraries in several programming languages: Creating Cloud DLP inspection templates.