Cloud Data Loss Prevention (Cloud DLP) ahora forma parte de Protección de Datos Sensibles. El nombre de la API sigue siendo el mismo: API Cloud Data Loss Prevention (API DLP). Para obtener información sobre los servicios que componen Protección de Datos Sensibles, consulta el artículo Información general sobre Protección de Datos Sensibles.
Organízate con las colecciones
Guarda y clasifica el contenido según tus preferencias.
Inspeccionar texto sensible con la API DLP
Aprende a analizar una cadena de muestra para detectar información sensible con la API Cloud Data Loss Prevention de Protección de Datos Sensibles y JSON.
Para seguir las instrucciones paso a paso de esta tarea directamente en la Google Cloud consola, haga clic en Ayúdame:
Sign in to your Google Cloud account. If you're new to
Google Cloud,
create an account to evaluate how our products perform in
real-world scenarios. New customers also get $300 in free credits to
run, test, and deploy workloads.
Select a project: Selecting a project doesn't require a specific
IAM role—you can select any project that you've been
granted a role on.
Create a project: To create a project, you need the Project Creator
(roles/resourcemanager.projectCreator), which contains the
resourcemanager.projects.create permission. Learn how to grant
roles.
Create a Google Cloud project:
gcloud projects create PROJECT_ID
Replace PROJECT_ID with a name for the Google Cloud project you are creating.
Select the Google Cloud project that you created:
gcloud config set project PROJECT_ID
Replace PROJECT_ID with your Google Cloud project name.
To enable APIs, you need the Service Usage Admin IAM
role (roles/serviceusage.serviceUsageAdmin), which contains the
serviceusage.services.enable permission. Learn how to grant
roles.
gcloudservicesenabledlp.googleapis.com
Grant roles to your user account. Run the following command once for each of the following
IAM roles:
roles/dlp.user
Select a project: Selecting a project doesn't require a specific
IAM role—you can select any project that you've been
granted a role on.
Create a project: To create a project, you need the Project Creator
(roles/resourcemanager.projectCreator), which contains the
resourcemanager.projects.create permission. Learn how to grant
roles.
Create a Google Cloud project:
gcloud projects create PROJECT_ID
Replace PROJECT_ID with a name for the Google Cloud project you are creating.
Select the Google Cloud project that you created:
gcloud config set project PROJECT_ID
Replace PROJECT_ID with your Google Cloud project name.
To enable APIs, you need the Service Usage Admin IAM
role (roles/serviceusage.serviceUsageAdmin), which contains the
serviceusage.services.enable permission. Learn how to grant
roles.
gcloudservicesenabledlp.googleapis.com
Grant roles to your user account. Run the following command once for each of the following
IAM roles:
roles/dlp.user
USER_IDENTIFIER: the identifier for your user
account—for example, myemail@example.com.
ROLE: the IAM role that you grant to your user account.
Inspeccionar una cadena para buscar información sensible
En esta sección se explica cómo configurar la API DLP para analizar texto de ejemplo con el método REST projects.content.inspect.
En esta sección, debe guardar la solicitud de muestra en un archivo JSON. Si usas Cloud Shell, puedes usar el editor de Cloud Shell para crear el archivo. Para iniciar el editor, haz clic en
editAbrir editor
launch en la barra de herramientas de la ventana de Cloud Shell.
Antes de usar los datos de la solicitud, haz las siguientes sustituciones:
PROJECT_ID: tu ID de proyecto Google Cloud . Los IDs de proyecto son cadenas alfanuméricas, como my-project.
Método HTTP y URL:
POST https://dlp.googleapis.com/v2/projects/PROJECT_ID/content:inspect
Para evitar que se apliquen cargos en tu Google Cloud cuenta por los recursos utilizados en esta página, elimina el Google Cloud proyecto con los recursos.
Eliminar el proyecto
Si has creado un proyecto para esta guía de inicio rápido, la forma más sencilla de evitar que se te cobren cargos adicionales es eliminarlo.
Delete a Google Cloud project:
gcloud projects delete PROJECT_ID
Revocar tus credenciales
Optional: Revoke credentials from the gcloud CLI.
gcloudauthrevoke
Siguientes pasos
Para empezar a inspeccionar texto e imágenes en busca de datos sensibles, consulta las guías prácticas.
Para entender mejor la inspección, la ocultación, los infoTypes y la probabilidad, consulta la sección Conceptos.
[[["Es fácil de entender","easyToUnderstand","thumb-up"],["Me ofreció una solución al problema","solvedMyProblem","thumb-up"],["Otro","otherUp","thumb-up"]],[["Es difícil de entender","hardToUnderstand","thumb-down"],["La información o el código de muestra no son correctos","incorrectInformationOrSampleCode","thumb-down"],["Me faltan las muestras o la información que necesito","missingTheInformationSamplesINeed","thumb-down"],["Problema de traducción","translationIssue","thumb-down"],["Otro","otherDown","thumb-down"]],["Última actualización: 2025-09-11 (UTC)."],[],[],null,["# Inspect sensitive text by using the DLP API\n===========================================\n\nLearn how to scan a sample string for sensitive information by using the\nCloud Data Loss Prevention API of Sensitive Data Protection and JSON.\n\n*** ** * ** ***\n\nTo follow step-by-step guidance for this task directly in the\nGoogle Cloud console, click **Guide me**:\n\n[Guide me](https://console.cloud.google.com/freetrial?redirectPath=/?walkthrough_id=dlp--inspect-sensitive-text-api)\n\n*** ** * ** ***\n\nBefore you begin\n----------------\n\n- Sign in to your Google Cloud account. If you're new to Google Cloud, [create an account](https://console.cloud.google.com/freetrial) to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.\n-\n [Install](/sdk/docs/install) the Google Cloud CLI.\n\n- If you're using an external identity provider (IdP), you must first\n [sign in to the gcloud CLI with your federated identity](/iam/docs/workforce-log-in-gcloud).\n\n-\n To [initialize](/sdk/docs/initializing) the gcloud CLI, run the following command:\n\n ```bash\n gcloud init\n ```\n- [Create or select a Google Cloud project](https://cloud.google.com/resource-manager/docs/creating-managing-projects).\n\n | **Note**: If you don't plan to keep the resources that you create in this procedure, create a project instead of selecting an existing project. After you finish these steps, you can delete the project, removing all resources associated with the project.\n - Create a Google Cloud project:\n\n ```\n gcloud projects create PROJECT_ID\n ```\n\n Replace \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e with a name for the Google Cloud project you are creating.\n - Select the Google Cloud project that you created:\n\n ```\n gcloud config set project PROJECT_ID\n ```\n\n Replace \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e with your Google Cloud project name.\n-\n [Verify that billing is enabled for your Google Cloud project](/billing/docs/how-to/verify-billing-enabled#confirm_billing_is_enabled_on_a_project).\n\n-\n\n\n Enable the DLP API:\n\n\n ```bash\n gcloud services enable dlp.googleapis.com\n ```\n-\n Grant roles to your user account. Run the following command once for each of the following\n IAM roles:\n `roles/dlp.user`\n\n ```bash\n gcloud projects add-iam-policy-binding PROJECT_ID --member=\"user:\u003cvar translate=\"no\"\u003eUSER_IDENTIFIER\u003c/var\u003e\" --role=ROLE\n ```\n\n Replace the following:\n - \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e: your project ID.\n - \u003cvar translate=\"no\"\u003eUSER_IDENTIFIER\u003c/var\u003e: the identifier for your user account---for example, `myemail@example.com`.\n - \u003cvar translate=\"no\"\u003eROLE\u003c/var\u003e: the IAM role that you grant to your user account.\n\n-\n [Install](/sdk/docs/install) the Google Cloud CLI.\n\n- If you're using an external identity provider (IdP), you must first\n [sign in to the gcloud CLI with your federated identity](/iam/docs/workforce-log-in-gcloud).\n\n-\n To [initialize](/sdk/docs/initializing) the gcloud CLI, run the following command:\n\n ```bash\n gcloud init\n ```\n- [Create or select a Google Cloud project](https://cloud.google.com/resource-manager/docs/creating-managing-projects).\n\n | **Note**: If you don't plan to keep the resources that you create in this procedure, create a project instead of selecting an existing project. After you finish these steps, you can delete the project, removing all resources associated with the project.\n - Create a Google Cloud project:\n\n ```\n gcloud projects create PROJECT_ID\n ```\n\n Replace \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e with a name for the Google Cloud project you are creating.\n - Select the Google Cloud project that you created:\n\n ```\n gcloud config set project PROJECT_ID\n ```\n\n Replace \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e with your Google Cloud project name.\n-\n [Verify that billing is enabled for your Google Cloud project](/billing/docs/how-to/verify-billing-enabled#confirm_billing_is_enabled_on_a_project).\n\n-\n\n\n Enable the DLP API:\n\n\n ```bash\n gcloud services enable dlp.googleapis.com\n ```\n-\n Grant roles to your user account. Run the following command once for each of the following\n IAM roles:\n `roles/dlp.user`\n\n ```bash\n gcloud projects add-iam-policy-binding PROJECT_ID --member=\"user:\u003cvar translate=\"no\"\u003eUSER_IDENTIFIER\u003c/var\u003e\" --role=ROLE\n ```\n\n Replace the following:\n - \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e: your project ID.\n - \u003cvar translate=\"no\"\u003eUSER_IDENTIFIER\u003c/var\u003e: the identifier for your user account---for example, `myemail@example.com`.\n - \u003cvar translate=\"no\"\u003eROLE\u003c/var\u003e: the IAM role that you grant to your user account.\n\n\u003cbr /\u003e\n\nInspect a string for sensitive information\n------------------------------------------\n\nThis section shows you how to configure the DLP API to scan\nsample text using the [`projects.content.inspect`](/sensitive-data-protection/docs/reference/rest/v2/projects.content/inspect)\nREST method.\n\nThis section requires you to save the sample request in a JSON file. If you're\nusing Cloud Shell, you can use the Cloud Shell Editor to create the\nfile. To launch the editor, click edit **Open Editor** launch on the toolbar of the Cloud Shell window.\n\n\nBefore using any of the request data,\nmake the following replacements:\n\n- \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e: Your Google Cloud project ID. Project IDs are alphanumeric strings, like `my-project`.\n\n\nHTTP method and URL:\n\n```\nPOST https://dlp.googleapis.com/v2/projects/PROJECT_ID/content:inspect\n```\n\n\nRequest JSON body:\n\n```\n{\n \"item\": {\n \"value\": \"My phone number is (800) 555-0123.\"\n },\n \"inspectConfig\": {\n \"infoTypes\": [\n {\n \"name\": \"PHONE_NUMBER\"\n },\n {\n \"name\": \"US_TOLLFREE_PHONE_NUMBER\"\n }\n ],\n \"minLikelihood\": \"POSSIBLE\",\n \"limits\": {\n \"maxFindingsPerItem\": 0\n },\n \"includeQuote\": true\n }\n}\n```\n\nTo send your request, expand one of these options:\n\n#### curl (Linux, macOS, or Cloud Shell)\n\n| **Note:** The following command assumes that you have logged in to the `gcloud` CLI with your user account by running [`gcloud init`](/sdk/gcloud/reference/init) or [`gcloud auth login`](/sdk/gcloud/reference/auth/login) , or by using [Cloud Shell](/shell/docs), which automatically logs you into the `gcloud` CLI . You can check the currently active account by running [`gcloud auth list`](/sdk/gcloud/reference/auth/list).\n\n\nSave the request body in a file named `inspect-request.json`,\nand execute the following command:\n\n```\ncurl -X POST \\\n -H \"Authorization: Bearer $(gcloud auth print-access-token)\" \\\n -H \"x-goog-user-project: PROJECT_ID\" \\\n -H \"Content-Type: application/json; charset=utf-8\" \\\n -d @inspect-request.json \\\n \"https://dlp.googleapis.com/v2/projects/PROJECT_ID/content:inspect\"\n```\n\n#### PowerShell (Windows)\n\n| **Note:** The following command assumes that you have logged in to the `gcloud` CLI with your user account by running [`gcloud init`](/sdk/gcloud/reference/init) or [`gcloud auth login`](/sdk/gcloud/reference/auth/login) . You can check the currently active account by running [`gcloud auth list`](/sdk/gcloud/reference/auth/list).\n\n\nSave the request body in a file named `inspect-request.json`,\nand execute the following command:\n\n```\n$cred = gcloud auth print-access-token\n$headers = @{ \"Authorization\" = \"Bearer $cred\"; \"x-goog-user-project\" = \"PROJECT_ID\" }\n\nInvoke-WebRequest `\n -Method POST `\n -Headers $headers `\n -ContentType: \"application/json; charset=utf-8\" `\n -InFile inspect-request.json `\n -Uri \"https://dlp.googleapis.com/v2/projects/PROJECT_ID/content:inspect\" | Select-Object -Expand Content\n```\n\nYou should receive a JSON response similar to the following:\n\n```\n{\n \"result\": {\n \"findings\": [\n {\n \"quote\": \"(800) 555-0123\",\n \"infoType\": {\n \"name\": \"US_TOLLFREE_PHONE_NUMBER\"\n },\n \"likelihood\": \"LIKELY\",\n \"location\": {\n \"byteRange\": {\n \"start\": \"19\",\n \"end\": \"33\"\n },\n \"codepointRange\": {\n \"start\": \"19\",\n \"end\": \"33\"\n }\n },\n \"createTime\": \"2022-09-23T01:53:05.303Z\",\n \"findingId\": \"2022-09-23T01:53:05.306348Z5328915744504121862\"\n }\n ]\n }\n}\n```\n\nClean up\n--------\n\n\nTo avoid incurring charges to your Google Cloud account for\nthe resources used on this page, delete the Google Cloud project with the\nresources.\n\n### Delete the project\n\nIf you created a new project for this quickstart, the easiest way to prevent\nadditional charges is to delete the project.\n\n| **Caution** : Deleting a project has the following effects:\n|\n| - **Everything in the project is deleted.** If you used an existing project for the tasks in this document, when you delete it, you also delete any other work you've done in the project.\n| - **Custom project IDs are lost.** When you created this project, you might have created a custom project ID that you want to use in the future. To preserve the URLs that use the project ID, such as an `appspot.com` URL, delete selected resources inside the project instead of deleting the whole project.\n|\n|\n| If you plan to explore multiple architectures, tutorials, or quickstarts, reusing projects\n| can help you avoid exceeding project quota limits.\n1. Delete a Google Cloud project: \n\n```\ngcloud projects delete PROJECT_ID\n```\n\n\u003cbr /\u003e\n\n### Revoke your credentials\n\n-\n Optional: Revoke credentials from the gcloud CLI.\n\n ```bash\n gcloud auth revoke\n ```\n\nWhat's next\n-----------\n\n- To get started with inspecting text and images for sensitive data, see\n [How-to guides](/sensitive-data-protection/docs/how-to).\n\n- To better understand inspection, redaction, infoTypes, and likelihood, see\n [Concepts](/sensitive-data-protection/docs/concepts).\n\n- Learn more about the [DLP API](/sensitive-data-protection/docs/reference/rest/v2)."]]
