Cloud Data Loss Prevention (Cloud DLP) is now a part of Sensitive Data Protection. The API name remains the same: Cloud Data Loss Prevention API (DLP API). For information about the services that make up Sensitive Data Protection, see
Sensitive Data Protection overview.
Transform findings using a cryptographic hash transformation
Stay organized with collections
Save and categorize content based on your preferences.
This sample transforms tabular data through a cryptographic hash transformation.
Explore further
For detailed documentation that includes this code sample, see the following:
Code sample
Go
To learn how to install and use the client library for Sensitive Data Protection, see
Sensitive Data Protection client libraries.
To authenticate to Sensitive Data Protection, set up Application Default Credentials.
For more information, see
Set up authentication for a local development environment.
import (
"context"
"fmt"
"io"
dlp "cloud.google.com/go/dlp/apiv2"
"cloud.google.com/go/dlp/apiv2/dlppb"
)
// deIdentifyTableWithCryptoHash transforms findings using a cryptographic hash transformation.
func deIdentifyTableWithCryptoHash(w io.Writer, projectID, transientKeyName string) error {
// projectId := "your-project-id"
// transientKeyName := "YOUR_TRANSIENT_CRYPTO_KEY_NAME"
row1 := &dlppb.Table_Row{
Values: []*dlppb.Value{
{Type: &dlppb.Value_StringValue{StringValue: "user1@example.org"}},
{Type: &dlppb.Value_StringValue{StringValue: "my email is user1@example.org and phone is 858-555-0222"}},
},
}
row2 := &dlppb.Table_Row{
Values: []*dlppb.Value{
{Type: &dlppb.Value_StringValue{StringValue: "user2@example.org"}},
{Type: &dlppb.Value_StringValue{StringValue: "my email is user2@example.org and phone is 858-555-0232"}},
},
}
row3 := &dlppb.Table_Row{
Values: []*dlppb.Value{
{Type: &dlppb.Value_StringValue{StringValue: "user3@example.org"}},
{Type: &dlppb.Value_StringValue{StringValue: "my email is user3@example.org and phone is 858-555-0224"}},
},
}
tableToDeidentify := &dlppb.Table{
Headers: []*dlppb.FieldId{
{Name: "userid"},
{Name: "comments"},
},
Rows: []*dlppb.Table_Row{
{Values: row1.Values},
{Values: row2.Values},
{Values: row3.Values},
},
}
ctx := context.Background()
// Initialize a client once and reuse it to send multiple requests. Clients
// are safe to use across goroutines. When the client is no longer needed,
// call the Close method to cleanup its resources.
client, err := dlp.NewClient(ctx)
if err != nil {
return err
}
// Closing the client safely cleans up background resources.
defer client.Close()
// Specify what content you want the service to de-identify.
contentItem := &dlppb.ContentItem{
DataItem: &dlppb.ContentItem_Table{
Table: tableToDeidentify,
},
}
// Specify the type of info the inspection will look for.
// See https://cloud.google.com/dlp/docs/infotypes-reference for complete list of info types
infoTypes := []*dlppb.InfoType{
{Name: "PHONE_NUMBER"},
{Name: "EMAIL_ADDRESS"},
}
inspectConfig := &dlppb.InspectConfig{
InfoTypes: infoTypes,
}
// Specify the transient key which will encrypt the data.
if transientKeyName == "" {
transientKeyName = "YOUR_TRANSIENT_CRYPTO_KEY_NAME"
}
// Specify the transient key which will encrypt the data.
cryptoKey := &dlppb.CryptoKey{
Source: &dlppb.CryptoKey_Transient{
Transient: &dlppb.TransientCryptoKey{
Name: transientKeyName,
},
},
}
// Specify how the info from the inspection should be encrypted.
cryptoHashConfig := &dlppb.CryptoHashConfig{
CryptoKey: cryptoKey,
}
// Define type of de-identification as cryptographic hash transformation.
primitiveTransformation := &dlppb.PrimitiveTransformation_CryptoHashConfig{
CryptoHashConfig: cryptoHashConfig,
}
infoTypeTransformation := &dlppb.InfoTypeTransformations_InfoTypeTransformation{
InfoTypes: infoTypes,
PrimitiveTransformation: &dlppb.PrimitiveTransformation{
Transformation: primitiveTransformation,
},
}
transformations := &dlppb.InfoTypeTransformations{
Transformations: []*dlppb.InfoTypeTransformations_InfoTypeTransformation{
infoTypeTransformation,
},
}
// Specify the config for the de-identify request.
deidentifyConfig := &dlppb.DeidentifyConfig{
Transformation: &dlppb.DeidentifyConfig_InfoTypeTransformations{
InfoTypeTransformations: transformations,
},
}
// Construct the de-identification request to be sent by the client.
req := &dlppb.DeidentifyContentRequest{
Parent: fmt.Sprintf("projects/%s/locations/global", projectID),
DeidentifyConfig: deidentifyConfig,
InspectConfig: inspectConfig,
Item: contentItem,
}
// Send the request.
resp, err := client.DeidentifyContent(ctx, req)
if err != nil {
return err
}
// Print the results.
fmt.Fprintf(w, "Table after de-identification : %v", resp.GetItem().GetTable())
return nil
}
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
[{
"type": "thumb-down",
"id": "hardToUnderstand",
"label":"Hard to understand"
},{
"type": "thumb-down",
"id": "incorrectInformationOrSampleCode",
"label":"Incorrect information or sample code"
},{
"type": "thumb-down",
"id": "missingTheInformationSamplesINeed",
"label":"Missing the information/samples I need"
},{
"type": "thumb-down",
"id": "otherDown",
"label":"Other"
}]
[{
"type": "thumb-up",
"id": "easyToUnderstand",
"label":"Easy to understand"
},{
"type": "thumb-up",
"id": "solvedMyProblem",
"label":"Solved my problem"
},{
"type": "thumb-up",
"id": "otherUp",
"label":"Other"
}]