使用 DLP API 检查敏感文本

了解如何使用敏感数据保护的 Cloud Data Loss Prevention API 和 JSON 扫描示例字符串中的敏感信息。


如需在 Google Cloud 控制台中直接遵循有关此任务的分步指导,请点击操作演示

操作演示


准备工作

  1. 登录您的 Google Cloud 账号。如果您是 Google Cloud 新手,请创建一个账号来评估我们的产品在实际场景中的表现。新客户还可获享 $300 赠金,用于运行、测试和部署工作负载。
  2. Install the Google Cloud CLI.
  3. To initialize the gcloud CLI, run the following command:

    gcloud init
  4. Create or select a Google Cloud project.

    • Create a Google Cloud project:

      gcloud projects create PROJECT_ID

      Replace PROJECT_ID with a name for the Google Cloud project you are creating.

    • Select the Google Cloud project that you created:

      gcloud config set project PROJECT_ID

      Replace PROJECT_ID with your Google Cloud project name.

  5. 确保您的 Google Cloud 项目已启用结算功能

  6. Enable the DLP API:

    gcloud services enable dlp.googleapis.com
  7. Grant roles to your user account. Run the following command once for each of the following IAM roles: roles/dlp.user

    gcloud projects add-iam-policy-binding PROJECT_ID --member="USER_IDENTIFIER" --role=ROLE
    • Replace PROJECT_ID with your project ID.
    • Replace USER_IDENTIFIER with the identifier for your user account. For example, user:myemail@example.com.

    • Replace ROLE with each individual role.
  8. Install the Google Cloud CLI.
  9. To initialize the gcloud CLI, run the following command:

    gcloud init
  10. Create or select a Google Cloud project.

    • Create a Google Cloud project:

      gcloud projects create PROJECT_ID

      Replace PROJECT_ID with a name for the Google Cloud project you are creating.

    • Select the Google Cloud project that you created:

      gcloud config set project PROJECT_ID

      Replace PROJECT_ID with your Google Cloud project name.

  11. 确保您的 Google Cloud 项目已启用结算功能

  12. Enable the DLP API:

    gcloud services enable dlp.googleapis.com
  13. Grant roles to your user account. Run the following command once for each of the following IAM roles: roles/dlp.user

    gcloud projects add-iam-policy-binding PROJECT_ID --member="USER_IDENTIFIER" --role=ROLE
    • Replace PROJECT_ID with your project ID.
    • Replace USER_IDENTIFIER with the identifier for your user account. For example, user:myemail@example.com.

    • Replace ROLE with each individual role.

检查字符串是否存在敏感信息

本部分介绍如何将 DLP API 配置为使用 projects.content.inspect REST 方法扫描示例文本。

本部分要求您将示例请求保存在 JSON 文件中。如果您使用的是 Cloud Shell,则可以使用 Cloud Shell Editor 来创建文件。如需启动编辑器,请点击 Cloud Shell 窗口工具栏上的 打开编辑器

在使用任何请求数据之前,请先进行以下替换:

  • PROJECT_ID:您的 Google Cloud 项目 ID。项目 ID 是字母数字字符串,例如 my-project

HTTP 方法和网址:

POST https://dlp.googleapis.com/v2/projects/PROJECT_ID/content:inspect

请求 JSON 正文:

{
  "item": {
    "value": "My phone number is (800) 555-0123."
  },
  "inspectConfig": {
    "infoTypes": [
      {
        "name": "PHONE_NUMBER"
      },
      {
        "name": "US_TOLLFREE_PHONE_NUMBER"
      }
    ],
    "minLikelihood": "POSSIBLE",
    "limits": {
      "maxFindingsPerItem": 0
    },
    "includeQuote": true
  }
}

如需发送您的请求,请展开以下选项之一:

您应该收到类似以下内容的 JSON 响应:

{
  "result": {
    "findings": [
      {
        "quote": "(800) 555-0123",
        "infoType": {
          "name": "US_TOLLFREE_PHONE_NUMBER"
        },
        "likelihood": "LIKELY",
        "location": {
          "byteRange": {
            "start": "19",
            "end": "33"
          },
          "codepointRange": {
            "start": "19",
            "end": "33"
          }
        },
        "createTime": "2022-09-23T01:53:05.303Z",
        "findingId": "2022-09-23T01:53:05.306348Z5328915744504121862"
      }
    ]
  }
}

清理

为避免因本页面中使用的资源导致您的 Google Cloud 账号产生费用,请删除包含这些资源的 Google Cloud 项目。

删除项目

如果您为本快速入门创建了新项目,为避免产生额外费用,最简单的方法是删除该项目。

    Delete a Google Cloud project:

    gcloud projects delete PROJECT_ID

撤消您的凭据

Optional: Revoke credentials from the gcloud CLI.

gcloud auth revoke

后续步骤

  • 如需开始检查文本和图片中的敏感数据,请参阅方法指南

  • 如需更好地了解检查、隐去、 infoType 和可能性,请参阅概念

  • 详细了解 DLP API