Inspect sensitive text by using Node.js

Learn how to scan a sample string for sensitive information by using the Cloud Data Loss Prevention API of Sensitive Data Protection, the Google Cloud CLI, and Node.js.


To follow step-by-step guidance for this task directly in the Google Cloud console, click Guide me:

Guide me


Before you begin

  1. Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
  2. Install the Google Cloud CLI.
  3. To initialize the gcloud CLI, run the following command:

    gcloud init
  4. Create or select a Google Cloud project.

    • Create a Google Cloud project:

      gcloud projects create PROJECT_ID

      Replace PROJECT_ID with a name for the Google Cloud project you are creating.

    • Select the Google Cloud project that you created:

      gcloud config set project PROJECT_ID

      Replace PROJECT_ID with your Google Cloud project name.

  5. Make sure that billing is enabled for your Google Cloud project.

  6. Enable the DLP API:

    gcloud services enable dlp.googleapis.com
  7. Create local authentication credentials for your user account:

    gcloud auth application-default login
  8. Grant roles to your user account. Run the following command once for each of the following IAM roles: roles/dlp.user

    gcloud projects add-iam-policy-binding PROJECT_ID --member="USER_IDENTIFIER" --role=ROLE
    • Replace PROJECT_ID with your project ID.
    • Replace USER_IDENTIFIER with the identifier for your user account. For example, user:myemail@example.com.

    • Replace ROLE with each individual role.
  9. Install the Google Cloud CLI.
  10. To initialize the gcloud CLI, run the following command:

    gcloud init
  11. Create or select a Google Cloud project.

    • Create a Google Cloud project:

      gcloud projects create PROJECT_ID

      Replace PROJECT_ID with a name for the Google Cloud project you are creating.

    • Select the Google Cloud project that you created:

      gcloud config set project PROJECT_ID

      Replace PROJECT_ID with your Google Cloud project name.

  12. Make sure that billing is enabled for your Google Cloud project.

  13. Enable the DLP API:

    gcloud services enable dlp.googleapis.com
  14. Create local authentication credentials for your user account:

    gcloud auth application-default login
  15. Grant roles to your user account. Run the following command once for each of the following IAM roles: roles/dlp.user

    gcloud projects add-iam-policy-binding PROJECT_ID --member="USER_IDENTIFIER" --role=ROLE
    • Replace PROJECT_ID with your project ID.
    • Replace USER_IDENTIFIER with the identifier for your user account. For example, user:myemail@example.com.

    • Replace ROLE with each individual role.
  16. Install Node.js and NPM.

Set up a Sensitive Data Protection CLI app

To set up a Sensitive Data Protection CLI app using Node.js, do the following:

  1. Clone the Node.js DLP client library:

     git clone https://github.com/GoogleCloudPlatform/nodejs-docs-samples
    
  2. Navigate to the dlp directory.

     cd nodejs-docs-samples/dlp
    
  3. Install the app dependencies:

     npm install
    

Inspect a string for sensitive information

To scan sample text by using the DLP API and the inspectString Node.js script, run the following command:

  node inspectString.js PROJECT_ID "My email address is joe@example.com."

The output is similar to the following:

  Findings:
      Info type: EMAIL_ADDRESS
      Likelihood: LIKELY

Clean up

To avoid incurring charges to your Google Cloud account for the resources used on this page, delete the Google Cloud project with the resources.

Delete the project

If you created a new project for this quickstart, the easiest way to prevent additional charges is to delete the project.

    Delete a Google Cloud project:

    gcloud projects delete PROJECT_ID

Revoke your credentials

  1. Optional: Revoke the authentication credentials that you created, and delete the local credential file.

    gcloud auth application-default revoke
  2. Optional: Revoke credentials from the gcloud CLI.

    gcloud auth revoke

What's next