Cloud Data Loss Prevention (Cloud DLP) is now a part of Sensitive Data Protection. The API name remains the same: Cloud Data Loss Prevention API (DLP API). For information about the services that make up Sensitive Data Protection, see
Sensitive Data Protection overview.
Format-preserving encryption (FPE)
Stay organized with collections
Save and categorize content based on your preferences.
Demonstrates encrypting sensitive characters while maintaining format.
Explore further
For detailed documentation that includes this code sample, see the following:
Code sample
Go
To learn how to install and use the client library for Sensitive Data Protection, see
Sensitive Data Protection client libraries.
To authenticate to Sensitive Data Protection, set up Application Default Credentials.
For more information, see
Set up authentication for a local development environment.
import (
"context"
"encoding/base64"
"fmt"
"io"
dlp "cloud.google.com/go/dlp/apiv2"
"cloud.google.com/go/dlp/apiv2/dlppb"
)
// deidentifyFPE deidentifies the input with FPE (Format Preserving Encryption).
// keyFileName is the file name with the KMS wrapped key and cryptoKeyName is the
// full KMS key resource name used to wrap the key. surrogateInfoType is an
// optional identifier needed for reidentification. surrogateInfoType can be any
// value not found in your input.
// Info types can be found with the infoTypes.list method or on https://cloud.google.com/dlp/docs/infotypes-reference
func deidentifyFPE(w io.Writer, projectID, input string, infoTypeNames []string, kmsKeyName, wrappedAESKey, surrogateInfoType string) error {
// projectID := "my-project-id"
// input := "My SSN is 123456789"
// infoTypeNames := []string{"US_SOCIAL_SECURITY_NUMBER"}
// kmsKeyName := "projects/YOUR_GCLOUD_PROJECT/locations/YOUR_LOCATION/keyRings/YOUR_KEYRING_NAME/cryptoKeys/YOUR_KEY_NAME"
// wrappedAESKey := "YOUR_ENCRYPTED_AES_256_KEY"
// surrogateInfoType := "AGE"
ctx := context.Background()
client, err := dlp.NewClient(ctx)
if err != nil {
return fmt.Errorf("dlp.NewClient: %w", err)
}
defer client.Close()
// Convert the info type strings to a list of InfoTypes.
var infoTypes []*dlppb.InfoType
for _, it := range infoTypeNames {
infoTypes = append(infoTypes, &dlppb.InfoType{Name: it})
}
// Specify an encrypted AES-256 key and the name of the Cloud KMS key that encrypted it.
kmsWrappedCryptoKey, err := base64.StdEncoding.DecodeString(wrappedAESKey)
if err != nil {
return err
}
// Create a configured request.
req := &dlppb.DeidentifyContentRequest{
Parent: fmt.Sprintf("projects/%s/locations/global", projectID),
InspectConfig: &dlppb.InspectConfig{
InfoTypes: infoTypes,
},
DeidentifyConfig: &dlppb.DeidentifyConfig{
Transformation: &dlppb.DeidentifyConfig_InfoTypeTransformations{
InfoTypeTransformations: &dlppb.InfoTypeTransformations{
Transformations: []*dlppb.InfoTypeTransformations_InfoTypeTransformation{
{
InfoTypes: []*dlppb.InfoType{}, // Match all info types.
PrimitiveTransformation: &dlppb.PrimitiveTransformation{
Transformation: &dlppb.PrimitiveTransformation_CryptoReplaceFfxFpeConfig{
CryptoReplaceFfxFpeConfig: &dlppb.CryptoReplaceFfxFpeConfig{
CryptoKey: &dlppb.CryptoKey{
Source: &dlppb.CryptoKey_KmsWrapped{
KmsWrapped: &dlppb.KmsWrappedCryptoKey{
WrappedKey: kmsWrappedCryptoKey,
CryptoKeyName: kmsKeyName,
},
},
},
// Set the alphabet used for the output.
Alphabet: &dlppb.CryptoReplaceFfxFpeConfig_CommonAlphabet{
CommonAlphabet: dlppb.CryptoReplaceFfxFpeConfig_ALPHA_NUMERIC,
},
// Set the surrogate info type, used for reidentification.
SurrogateInfoType: &dlppb.InfoType{
Name: surrogateInfoType,
},
},
},
},
},
},
},
},
},
// The item to analyze.
Item: &dlppb.ContentItem{
DataItem: &dlppb.ContentItem_Value{
Value: input,
},
},
}
// Send the request.
r, err := client.DeidentifyContent(ctx, req)
if err != nil {
return fmt.Errorf("DeidentifyContent: %w", err)
}
// Print the result.
fmt.Fprint(w, r.GetItem().GetValue())
return nil
}
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
[{
"type": "thumb-down",
"id": "hardToUnderstand",
"label":"Hard to understand"
},{
"type": "thumb-down",
"id": "incorrectInformationOrSampleCode",
"label":"Incorrect information or sample code"
},{
"type": "thumb-down",
"id": "missingTheInformationSamplesINeed",
"label":"Missing the information/samples I need"
},{
"type": "thumb-down",
"id": "otherDown",
"label":"Other"
}]
[{
"type": "thumb-up",
"id": "easyToUnderstand",
"label":"Easy to understand"
},{
"type": "thumb-up",
"id": "solvedMyProblem",
"label":"Solved my problem"
},{
"type": "thumb-up",
"id": "otherUp",
"label":"Other"
}]