Data Loss Prevention API を使用して、一致した入力値を指定した値に置き換えて、文字列内の機密データを匿名化します。
もっと見る
このコードサンプルを含む詳細なドキュメントについては、以下をご覧ください。
コードサンプル
C#
機密データの保護用のクライアント ライブラリをインストールして使用する方法については、機密データの保護のクライアント ライブラリをご覧ください。
機密データの保護のために認証するには、アプリケーションのデフォルト認証情報を設定します。 詳細については、ローカル開発環境の認証の設定をご覧ください。
using System;
using System.Collections.Generic;
using Google.Api.Gax.ResourceNames;
using Google.Cloud.Dlp.V2;
public class DeidentifyWithReplacement
{
public static DeidentifyContentResponse Deidentify(
string projectId,
string text,
string replaceText = null,
IEnumerable<InfoType> infoTypes = null)
{
// Instantiate the client.
var dlp = DlpServiceClient.Create();
// Set the info type if null.
var infotypes = infoTypes ?? new InfoType[] { new InfoType { Name = "EMAIL_ADDRESS" } };
// Construct the inspect config.
var inspectConfig = new InspectConfig
{
InfoTypes = { infotypes }
};
// Construct the replace value config.
var replaceConfig = new ReplaceValueConfig
{
NewValue = new Value { StringValue = replaceText ?? "[email-address]" }
};
// Construct the deidentify config using replace value config.
var deidentifyConfig = new DeidentifyConfig
{
InfoTypeTransformations = new InfoTypeTransformations
{
Transformations =
{
new InfoTypeTransformations.Types.InfoTypeTransformation
{
InfoTypes = { infotypes },
PrimitiveTransformation = new PrimitiveTransformation
{
ReplaceConfig = replaceConfig
}
}
},
}
};
// Construct the request.
var request = new DeidentifyContentRequest
{
ParentAsLocationName = new LocationName(projectId, "global"),
DeidentifyConfig = deidentifyConfig,
InspectConfig = inspectConfig,
Item = new ContentItem { Value = text }
};
// Call the API.
var response = dlp.DeidentifyContent(request);
// Check the deidentified content.
Console.WriteLine($"Deidentified content: {response.Item.Value}");
return response;
}
}
Go
機密データの保護用のクライアント ライブラリをインストールして使用する方法については、機密データの保護のクライアント ライブラリをご覧ください。
機密データの保護のために認証するには、アプリケーションのデフォルト認証情報を設定します。 詳細については、ローカル開発環境の認証の設定をご覧ください。
import (
"context"
"fmt"
"io"
dlp "cloud.google.com/go/dlp/apiv2"
"cloud.google.com/go/dlp/apiv2/dlppb"
)
// deidentifyWithReplacement de-identifies sensitive data by replacing matched input values
func deidentifyWithReplacement(w io.Writer, projectID, inputStr string, infoTypeNames []string, replaceVal string) error {
// projectId := "your-project-id"
// inputStr := "My name is Alicia Abernathy, and my email address is aabernathy@example.com."
// infoTypeNames := []string{"EMAIL_ADDRESS"}
// replaceVal := "[email-address]"
ctx := context.Background()
// Initialize a client once and reuse it to send multiple requests. Clients
// are safe to use across goroutines. When the client is no longer needed,
// call the Close method to cleanup its resources.
client, err := dlp.NewClient(ctx)
if err != nil {
return err
}
// Closing the client safely cleans up background resources.
defer client.Close()
// item to be analyzed
item := &dlppb.ContentItem{
DataItem: &dlppb.ContentItem_Value{Value: inputStr},
}
// Specify the type of info the inspection will look for.
// See https://cloud.google.com/dlp/docs/infotypes-reference for complete list of info types
var infoTypes []*dlppb.InfoType
for _, v := range infoTypeNames {
infoTypes = append(infoTypes, &dlppb.InfoType{Name: v})
}
inspectConfig := &dlppb.InspectConfig{
InfoTypes: infoTypes,
}
// Specify replacement string to be used for the finding.
replaceValueConfig := &dlppb.ReplaceValueConfig{
NewValue: &dlppb.Value{
Type: &dlppb.Value_StringValue{
StringValue: replaceVal,
},
},
}
// Define type of de-identification as replacement.
primitiveTransformation := &dlppb.PrimitiveTransformation_ReplaceConfig{
ReplaceConfig: replaceValueConfig,
}
// Associate de-identification type with info type.
infoTypeTransformation := &dlppb.InfoTypeTransformations_InfoTypeTransformation{
InfoTypes: infoTypes,
PrimitiveTransformation: &dlppb.PrimitiveTransformation{
Transformation: primitiveTransformation,
},
}
deIdentifyConfig := &dlppb.DeidentifyConfig{
Transformation: &dlppb.DeidentifyConfig_InfoTypeTransformations{
InfoTypeTransformations: &dlppb.InfoTypeTransformations{
Transformations: []*dlppb.InfoTypeTransformations_InfoTypeTransformation{
infoTypeTransformation,
},
},
},
}
// Construct the de-identification request to be sent by the client.
req := &dlppb.DeidentifyContentRequest{
Parent: fmt.Sprintf("projects/%s/locations/global", projectID),
DeidentifyConfig: deIdentifyConfig,
InspectConfig: inspectConfig,
Item: item,
}
// Send the request.
resp, err := client.DeidentifyContent(ctx, req)
if err != nil {
return err
}
// Print the results.
fmt.Fprintf(w, "output : %v", resp.GetItem().GetValue())
return nil
}
Java
機密データの保護用のクライアント ライブラリをインストールして使用する方法については、機密データの保護のクライアント ライブラリをご覧ください。
機密データの保護のために認証するには、アプリケーションのデフォルト認証情報を設定します。 詳細については、ローカル開発環境の認証の設定をご覧ください。
import com.google.cloud.dlp.v2.DlpServiceClient;
import com.google.privacy.dlp.v2.ContentItem;
import com.google.privacy.dlp.v2.DeidentifyConfig;
import com.google.privacy.dlp.v2.DeidentifyContentRequest;
import com.google.privacy.dlp.v2.DeidentifyContentResponse;
import com.google.privacy.dlp.v2.InfoType;
import com.google.privacy.dlp.v2.InfoTypeTransformations;
import com.google.privacy.dlp.v2.InfoTypeTransformations.InfoTypeTransformation;
import com.google.privacy.dlp.v2.InspectConfig;
import com.google.privacy.dlp.v2.LocationName;
import com.google.privacy.dlp.v2.PrimitiveTransformation;
import com.google.privacy.dlp.v2.ReplaceValueConfig;
import com.google.privacy.dlp.v2.Value;
public class DeIdentifyWithReplacement {
public static void main(String[] args) throws Exception {
// TODO(developer): Replace these variables before running the sample.
String projectId = "your-project-id";
String textToInspect =
"My name is Alicia Abernathy, and my email address is aabernathy@example.com.";
deIdentifyWithReplacement(projectId, textToInspect);
}
// Inspects the provided text.
public static void deIdentifyWithReplacement(String projectId, String textToRedact) {
// Initialize client that will be used to send requests. This client only needs to be created
// once, and can be reused for multiple requests. After completing all of your requests, call
// the "close" method on the client to safely clean up any remaining background resources.
try (DlpServiceClient dlp = DlpServiceClient.create()) {
// Specify the content to be inspected.
ContentItem item = ContentItem.newBuilder().setValue(textToRedact).build();
// Specify the type of info the inspection will look for.
// See https://cloud.google.com/dlp/docs/infotypes-reference for complete list of info types
InfoType infoType = InfoType.newBuilder().setName("EMAIL_ADDRESS").build();
InspectConfig inspectConfig = InspectConfig.newBuilder().addInfoTypes(infoType).build();
// Specify replacement string to be used for the finding.
ReplaceValueConfig replaceValueConfig =
ReplaceValueConfig.newBuilder()
.setNewValue(Value.newBuilder().setStringValue("[email-address]").build())
.build();
// Define type of deidentification as replacement.
PrimitiveTransformation primitiveTransformation =
PrimitiveTransformation.newBuilder().setReplaceConfig(replaceValueConfig).build();
// Associate deidentification type with info type.
InfoTypeTransformation transformation =
InfoTypeTransformation.newBuilder()
.addInfoTypes(infoType)
.setPrimitiveTransformation(primitiveTransformation)
.build();
// Construct the configuration for the Redact request and list all desired transformations.
DeidentifyConfig redactConfig =
DeidentifyConfig.newBuilder()
.setInfoTypeTransformations(
InfoTypeTransformations.newBuilder().addTransformations(transformation))
.build();
// Construct the Redact request to be sent by the client.
DeidentifyContentRequest request =
DeidentifyContentRequest.newBuilder()
.setParent(LocationName.of(projectId, "global").toString())
.setItem(item)
.setDeidentifyConfig(redactConfig)
.setInspectConfig(inspectConfig)
.build();
// Use the client to send the API request.
DeidentifyContentResponse response = dlp.deidentifyContent(request);
// Parse the response and process results
System.out.println("Text after redaction: " + response.getItem().getValue());
} catch (Exception e) {
System.out.println("Error during inspectString: \n" + e.toString());
}
}
}
Node.js
機密データの保護用のクライアント ライブラリをインストールして使用する方法については、機密データの保護のクライアント ライブラリをご覧ください。
機密データの保護のために認証するには、アプリケーションのデフォルト認証情報を設定します。 詳細については、ローカル開発環境の認証の設定をご覧ください。
// Imports the Google Cloud Data Loss Prevention library
const DLP = require('@google-cloud/dlp');
// Instantiates a client
const dlp = new DLP.DlpServiceClient();
// The project ID to run the API call under
// const projectId = 'my-project';
// The string to deidentify
// const string = 'My SSN is 372819127';
// The string to replace sensitive information with
// const replacement = "[REDACTED]"
async function deidentifyWithReplacement() {
// Construct deidentification request
const item = {value: string};
const request = {
parent: `projects/${projectId}/locations/global`,
deidentifyConfig: {
infoTypeTransformations: {
transformations: [
{
primitiveTransformation: {
replaceConfig: {
newValue: {
stringValue: replacement,
},
},
},
},
],
},
},
item: item,
};
// Run deidentification request
const [response] = await dlp.deidentifyContent(request);
const deidentifiedItem = response.item;
console.log(deidentifiedItem.value);
}
deidentifyWithReplacement();
PHP
機密データの保護用のクライアント ライブラリをインストールして使用する方法については、機密データの保護のクライアント ライブラリをご覧ください。
機密データの保護のために認証するには、アプリケーションのデフォルト認証情報を設定します。 詳細については、ローカル開発環境の認証の設定をご覧ください。
use Google\Cloud\Dlp\V2\Client\DlpServiceClient;
use Google\Cloud\Dlp\V2\ContentItem;
use Google\Cloud\Dlp\V2\DeidentifyConfig;
use Google\Cloud\Dlp\V2\DeidentifyContentRequest;
use Google\Cloud\Dlp\V2\InfoType;
use Google\Cloud\Dlp\V2\InfoTypeTransformations;
use Google\Cloud\Dlp\V2\InfoTypeTransformations\InfoTypeTransformation;
use Google\Cloud\Dlp\V2\InspectConfig;
use Google\Cloud\Dlp\V2\PrimitiveTransformation;
use Google\Cloud\Dlp\V2\ReplaceValueConfig;
use Google\Cloud\Dlp\V2\Value;
/**
* De-identify sensitive data: Replacing matched input values.
* Uses the Data Loss Prevention API to de-identify sensitive data in a string by replacing matched input values with a value that you specify.
*
* @param string $callingProjectId The Google Cloud project id to use as a parent resource.
* @param string $string The string to deidentify (will be treated as text).
*/
function deidentify_replace(
// TODO(developer): Replace sample parameters before running the code.
string $callingProjectId,
string $string = 'My name is Alicia Abernathy, and my email address is aabernathy@example.com.'
): void {
// Instantiate a client.
$dlp = new DlpServiceClient();
$parent = "projects/$callingProjectId/locations/global";
// Specify the content to be deidentify.
$content = (new ContentItem())
->setValue($string);
// Specify the type of info the inspection will look for.
$emailAddressInfoType = (new InfoType())
->setName('EMAIL_ADDRESS');
// Create the configuration object
$inspectConfig = (new InspectConfig())
->setInfoTypes([$emailAddressInfoType]);
// Specify replacement string to be used for the finding.
$replaceValueConfig = (new ReplaceValueConfig())
->setNewValue((new Value())
->setStringValue('[email-address]'));
// Define type of deidentification as replacement.
$primitiveTransformation = (new PrimitiveTransformation())
->setReplaceConfig($replaceValueConfig);
// Associate deidentification type with info type.
$infoTypeTransformation = (new InfoTypeTransformation())
->setPrimitiveTransformation($primitiveTransformation)
->setInfoTypes([$emailAddressInfoType]);
$infoTypeTransformations = (new InfoTypeTransformations())
->setTransformations([$infoTypeTransformation]);
// Construct the configuration for the Redact request and list all desired transformations.
$deidentifyConfig = (new DeidentifyConfig())
->setInfoTypeTransformations($infoTypeTransformations);
// Run request
$deidentifyContentRequest = (new DeidentifyContentRequest())
->setParent($parent)
->setDeidentifyConfig($deidentifyConfig)
->setItem($content)
->setInspectConfig($inspectConfig);
$response = $dlp->deidentifyContent($deidentifyContentRequest);
// Print the results
printf('Deidentified content: %s' . PHP_EOL, $response->getItem()->getValue());
}
Python
機密データの保護用のクライアント ライブラリをインストールして使用する方法については、機密データの保護のクライアント ライブラリをご覧ください。
機密データの保護のために認証するには、アプリケーションのデフォルト認証情報を設定します。 詳細については、ローカル開発環境の認証の設定をご覧ください。
from typing import List
import google.cloud.dlp
def deidentify_with_replace(
project: str,
input_str: str,
info_types: List[str],
replacement_str: str = "REPLACEMENT_STR",
) -> None:
"""Uses the Data Loss Prevention API to deidentify sensitive data in a
string by replacing matched input values with a value you specify.
Args:
project: The Google Cloud project id to use as a parent resource.
input_str: The string to deidentify (will be treated as text).
info_types: A list of strings representing info types to look for.
replacement_str: The string to replace all values that match given
info types.
Returns:
None; the response from the API is printed to the terminal.
"""
# Instantiate a client
dlp = google.cloud.dlp_v2.DlpServiceClient()
# Convert the project id into a full resource id.
parent = f"projects/{project}/locations/global"
# Construct inspect configuration dictionary
inspect_config = {"info_types": [{"name": info_type} for info_type in info_types]}
# Construct deidentify configuration dictionary
deidentify_config = {
"info_type_transformations": {
"transformations": [
{
"primitive_transformation": {
"replace_config": {
"new_value": {"string_value": replacement_str}
}
}
}
]
}
}
# Construct item
item = {"value": input_str}
# Call the API
response = dlp.deidentify_content(
request={
"parent": parent,
"deidentify_config": deidentify_config,
"inspect_config": inspect_config,
"item": item,
}
)
# Print out the results.
print(response.item.value)
次のステップ
他の Google Cloud プロダクトに関連するコードサンプルの検索およびフィルタ検索を行うには、Google Cloud のサンプルをご覧ください。