使用 DLP API 检查敏感文本
了解如何使用敏感数据保护的 Cloud Data Loss Prevention API 和 JSON 扫描示例字符串,检查是否存在敏感信息。
如需在 Google Cloud 控制台中直接遵循有关此任务的分步指导,请点击操作演示:
准备工作
- Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
- Install the Google Cloud CLI.
-
To initialize the gcloud CLI, run the following command:
gcloud init -
Create or select a Google Cloud project.
-
Create a Google Cloud project:
gcloud projects create PROJECT_ID
Replace
PROJECT_IDwith a name for the Google Cloud project you are creating. -
Select the Google Cloud project that you created:
gcloud config set project PROJECT_ID
Replace
PROJECT_IDwith your Google Cloud project name.
-
-
Make sure that billing is enabled for your Google Cloud project.
-
Enable the DLP API:
gcloud services enable dlp.googleapis.com
-
Grant roles to your user account. Run the following command once for each of the following IAM roles:
roles/dlp.usergcloud projects add-iam-policy-binding PROJECT_ID --member="user:USER_IDENTIFIER" --role=ROLE
- Replace
PROJECT_IDwith your project ID. -
Replace
USER_IDENTIFIERwith the identifier for your user account. For example,user:myemail@example.com. - Replace
ROLEwith each individual role.
- Replace
- Install the Google Cloud CLI.
-
To initialize the gcloud CLI, run the following command:
gcloud init -
Create or select a Google Cloud project.
-
Create a Google Cloud project:
gcloud projects create PROJECT_ID
Replace
PROJECT_IDwith a name for the Google Cloud project you are creating. -
Select the Google Cloud project that you created:
gcloud config set project PROJECT_ID
Replace
PROJECT_IDwith your Google Cloud project name.
-
-
Make sure that billing is enabled for your Google Cloud project.
-
Enable the DLP API:
gcloud services enable dlp.googleapis.com
-
Grant roles to your user account. Run the following command once for each of the following IAM roles:
roles/dlp.usergcloud projects add-iam-policy-binding PROJECT_ID --member="user:USER_IDENTIFIER" --role=ROLE
- Replace
PROJECT_IDwith your project ID. -
Replace
USER_IDENTIFIERwith the identifier for your user account. For example,user:myemail@example.com. - Replace
ROLEwith each individual role.
- Replace
检查字符串是否存在敏感信息
本部分介绍如何配置 DLP API 以使用 projects.content.inspect REST 方法扫描示例文本。
本部分要求您将示例请求保存在 JSON 文件中。如果您使用的是 Cloud Shell,则可以使用 Cloud Shell Editor 创建该文件。如需启动编辑器,请点击 Cloud Shell 窗口工具栏上的 打开编辑器 。
在使用任何请求数据之前,请先进行以下替换:
-
PROJECT_ID:您的 Google Cloud 项目 ID。项目 ID 是字母数字字符串,例如my-project。
HTTP 方法和网址:
POST https://dlp.googleapis.com/v2/projects/PROJECT_ID/content:inspect
请求 JSON 正文:
{
"item": {
"value": "My phone number is (800) 555-0123."
},
"inspectConfig": {
"infoTypes": [
{
"name": "PHONE_NUMBER"
},
{
"name": "US_TOLLFREE_PHONE_NUMBER"
}
],
"minLikelihood": "POSSIBLE",
"limits": {
"maxFindingsPerItem": 0
},
"includeQuote": true
}
}
如需发送您的请求,请展开以下选项之一:
您应该收到类似以下内容的 JSON 响应:
{
"result": {
"findings": [
{
"quote": "(800) 555-0123",
"infoType": {
"name": "US_TOLLFREE_PHONE_NUMBER"
},
"likelihood": "LIKELY",
"location": {
"byteRange": {
"start": "19",
"end": "33"
},
"codepointRange": {
"start": "19",
"end": "33"
}
},
"createTime": "2022-09-23T01:53:05.303Z",
"findingId": "2022-09-23T01:53:05.306348Z5328915744504121862"
}
]
}
}清理
为避免因本页面中使用的资源导致您的 Google Cloud 账号产生费用,请删除包含这些资源的 Google Cloud 项目。
删除项目
如果您为本快速入门创建了新项目,则最简单的防止产生额外费用的方法是删除该项目。
Delete a Google Cloud project:
gcloud projects delete PROJECT_ID
撤消您的凭据
Optional: Revoke credentials from the gcloud CLI.
gcloud auth revoke