Questo esempio trasforma i dati tabulari tramite una trasformazione di hash crittografica.
Per saperne di più
Per la documentazione dettagliata che include questo esempio di codice, consulta quanto segue:
Esempio di codice
C#
Per scoprire come installare e utilizzare la libreria client per Sensitive Data Protection, consulta Librerie client di Sensitive Data Protection.
Per eseguire l'autenticazione in Sensitive Data Protection, configura Credenziali predefinite dell'applicazione. Per maggiori informazioni, consulta Configurare l'autenticazione per un ambiente di sviluppo locale.
using System;
using System.Collections.Generic;
using Google.Api.Gax.ResourceNames;
using Google.Cloud.Dlp.V2;
public class DeidentifyTableWithCryptoHash
{
public static Table Deidentify(
string projectId,
Table tableToDeidentify = null,
IEnumerable<InfoType> infoTypes = null,
string transientKeyName = null)
{
// Instantiate the client.
var dlp = DlpServiceClient.Create();
// Construct the table if null.
if (tableToDeidentify == null)
{
var row1 = new Value[]
{
new Value { StringValue = "user1@example.org" },
new Value { StringValue = "my email is user1@example.org and phone is 858-555-0222" }
};
var row2 = new Value[]
{
new Value { StringValue = "user2@example.org" },
new Value { StringValue = "my email is user2@example.org and phone is 858-555-0223" }
};
var row3 = new Value[]
{
new Value { StringValue = "user3@example.org" },
new Value { StringValue = "my email is user3@example.org and phone is 858-555-0224" }
};
tableToDeidentify = new Table
{
Headers =
{
new FieldId { Name = "User ID" },
new FieldId { Name = "comments" }
},
Rows =
{
new Table.Types.Row { Values = { row1 } },
new Table.Types.Row { Values = { row2 } },
new Table.Types.Row { Values = { row3 } }
}
};
}
// Specify the table and construct the content item.
var contentItem = new ContentItem { Table = tableToDeidentify };
// Construct the infoTypes by specifying the type of info to be inspected if null.
var infotypes = infoTypes ?? new InfoType[]
{
new InfoType { Name = "EMAIL_ADDRESS" },
new InfoType { Name = "PHONE_NUMBER" }
};
// Construct the crypto hash config using transient crypto key name.
var cryptoHashConfig = new CryptoHashConfig
{
CryptoKey = new CryptoKey
{
Transient = new TransientCryptoKey
{
Name = transientKeyName ?? "[TRANSIENT-CRYPTO-KEY]"
}
}
};
// Construct the de-identify config using crypto hash config.
var deidentifyConfig = new DeidentifyConfig
{
InfoTypeTransformations = new InfoTypeTransformations
{
Transformations =
{
new InfoTypeTransformations.Types.InfoTypeTransformation
{
PrimitiveTransformation = new PrimitiveTransformation
{
CryptoHashConfig = cryptoHashConfig
},
InfoTypes = { infotypes }
}
}
}
};
// Construct the inspect config.
var inspectConfig = new InspectConfig
{
InfoTypes = { infotypes },
IncludeQuote = true
};
// Construct the request.
var request = new DeidentifyContentRequest
{
ParentAsLocationName = new LocationName(projectId, "global"),
DeidentifyConfig = deidentifyConfig,
Item = contentItem,
InspectConfig = inspectConfig
};
// Call the API.
DeidentifyContentResponse response = dlp.DeidentifyContent(request);
// Print the table.
Console.WriteLine(response.Item.Table);
return response.Item.Table;
}
}
Go
Per scoprire come installare e utilizzare la libreria client per Sensitive Data Protection, consulta Librerie client di Sensitive Data Protection.
Per eseguire l'autenticazione in Sensitive Data Protection, configura Credenziali predefinite dell'applicazione. Per maggiori informazioni, consulta Configurare l'autenticazione per un ambiente di sviluppo locale.
import (
"context"
"fmt"
"io"
dlp "cloud.google.com/go/dlp/apiv2"
"cloud.google.com/go/dlp/apiv2/dlppb"
)
// deIdentifyTableWithCryptoHash transforms findings using a cryptographic hash transformation.
func deIdentifyTableWithCryptoHash(w io.Writer, projectID, transientKeyName string) error {
// projectId := "your-project-id"
// transientKeyName := "YOUR_TRANSIENT_CRYPTO_KEY_NAME"
row1 := &dlppb.Table_Row{
Values: []*dlppb.Value{
{Type: &dlppb.Value_StringValue{StringValue: "user1@example.org"}},
{Type: &dlppb.Value_StringValue{StringValue: "my email is user1@example.org and phone is 858-555-0222"}},
},
}
row2 := &dlppb.Table_Row{
Values: []*dlppb.Value{
{Type: &dlppb.Value_StringValue{StringValue: "user2@example.org"}},
{Type: &dlppb.Value_StringValue{StringValue: "my email is user2@example.org and phone is 858-555-0232"}},
},
}
row3 := &dlppb.Table_Row{
Values: []*dlppb.Value{
{Type: &dlppb.Value_StringValue{StringValue: "user3@example.org"}},
{Type: &dlppb.Value_StringValue{StringValue: "my email is user3@example.org and phone is 858-555-0224"}},
},
}
tableToDeidentify := &dlppb.Table{
Headers: []*dlppb.FieldId{
{Name: "userid"},
{Name: "comments"},
},
Rows: []*dlppb.Table_Row{
{Values: row1.Values},
{Values: row2.Values},
{Values: row3.Values},
},
}
ctx := context.Background()
// Initialize a client once and reuse it to send multiple requests. Clients
// are safe to use across goroutines. When the client is no longer needed,
// call the Close method to cleanup its resources.
client, err := dlp.NewClient(ctx)
if err != nil {
return err
}
// Closing the client safely cleans up background resources.
defer client.Close()
// Specify what content you want the service to de-identify.
contentItem := &dlppb.ContentItem{
DataItem: &dlppb.ContentItem_Table{
Table: tableToDeidentify,
},
}
// Specify the type of info the inspection will look for.
// See https://cloud.google.com/dlp/docs/infotypes-reference for complete list of info types
infoTypes := []*dlppb.InfoType{
{Name: "PHONE_NUMBER"},
{Name: "EMAIL_ADDRESS"},
}
inspectConfig := &dlppb.InspectConfig{
InfoTypes: infoTypes,
}
// Specify the transient key which will encrypt the data.
if transientKeyName == "" {
transientKeyName = "YOUR_TRANSIENT_CRYPTO_KEY_NAME"
}
// Specify the transient key which will encrypt the data.
cryptoKey := &dlppb.CryptoKey{
Source: &dlppb.CryptoKey_Transient{
Transient: &dlppb.TransientCryptoKey{
Name: transientKeyName,
},
},
}
// Specify how the info from the inspection should be encrypted.
cryptoHashConfig := &dlppb.CryptoHashConfig{
CryptoKey: cryptoKey,
}
// Define type of de-identification as cryptographic hash transformation.
primitiveTransformation := &dlppb.PrimitiveTransformation_CryptoHashConfig{
CryptoHashConfig: cryptoHashConfig,
}
infoTypeTransformation := &dlppb.InfoTypeTransformations_InfoTypeTransformation{
InfoTypes: infoTypes,
PrimitiveTransformation: &dlppb.PrimitiveTransformation{
Transformation: primitiveTransformation,
},
}
transformations := &dlppb.InfoTypeTransformations{
Transformations: []*dlppb.InfoTypeTransformations_InfoTypeTransformation{
infoTypeTransformation,
},
}
// Specify the config for the de-identify request.
deidentifyConfig := &dlppb.DeidentifyConfig{
Transformation: &dlppb.DeidentifyConfig_InfoTypeTransformations{
InfoTypeTransformations: transformations,
},
}
// Construct the de-identification request to be sent by the client.
req := &dlppb.DeidentifyContentRequest{
Parent: fmt.Sprintf("projects/%s/locations/global", projectID),
DeidentifyConfig: deidentifyConfig,
InspectConfig: inspectConfig,
Item: contentItem,
}
// Send the request.
resp, err := client.DeidentifyContent(ctx, req)
if err != nil {
return err
}
// Print the results.
fmt.Fprintf(w, "Table after de-identification : %v", resp.GetItem().GetTable())
return nil
}
Java
Per scoprire come installare e utilizzare la libreria client per Sensitive Data Protection, consulta Librerie client di Sensitive Data Protection.
Per eseguire l'autenticazione in Sensitive Data Protection, configura Credenziali predefinite dell'applicazione. Per maggiori informazioni, consulta Configurare l'autenticazione per un ambiente di sviluppo locale.
import com.google.cloud.dlp.v2.DlpServiceClient;
import com.google.privacy.dlp.v2.ContentItem;
import com.google.privacy.dlp.v2.CryptoHashConfig;
import com.google.privacy.dlp.v2.CryptoKey;
import com.google.privacy.dlp.v2.DeidentifyConfig;
import com.google.privacy.dlp.v2.DeidentifyContentRequest;
import com.google.privacy.dlp.v2.DeidentifyContentResponse;
import com.google.privacy.dlp.v2.FieldId;
import com.google.privacy.dlp.v2.InfoType;
import com.google.privacy.dlp.v2.InfoTypeTransformations;
import com.google.privacy.dlp.v2.InspectConfig;
import com.google.privacy.dlp.v2.LocationName;
import com.google.privacy.dlp.v2.PrimitiveTransformation;
import com.google.privacy.dlp.v2.Table;
import com.google.privacy.dlp.v2.TransientCryptoKey;
import com.google.privacy.dlp.v2.Value;
import java.io.IOException;
import java.util.List;
import java.util.stream.Collectors;
import java.util.stream.Stream;
public class DeIdentifyTableWithCryptoHash {
public static void main(String[] args) throws Exception {
// TODO(developer): Replace these variables before running the sample.
// The Google Cloud project id to use as a parent resource.
String projectId = "your-project-id";
// The table to de-identify.
Table tableToDeIdentify =
Table.newBuilder()
.addHeaders(FieldId.newBuilder().setName("userid").build())
.addHeaders(FieldId.newBuilder().setName("comments").build())
.addRows(
Table.Row.newBuilder()
.addValues(Value.newBuilder().setStringValue("user1@example.org").build())
.addValues(
Value.newBuilder()
.setStringValue(
"my email is user1@example.org and phone is 858-555-0222")
.build())
.build())
.addRows(
Table.Row.newBuilder()
.addValues(Value.newBuilder().setStringValue("user2@example.org").build())
.addValues(
Value.newBuilder()
.setStringValue(
"my email is user2@example.org and phone is 858-555-0223")
.build())
.build())
.addRows(
Table.Row.newBuilder()
.addValues(Value.newBuilder().setStringValue("user3@example.org").build())
.addValues(
Value.newBuilder()
.setStringValue(
"my email is user3@example.org and phone is 858-555-0224")
.build())
.build())
.build();
// The randomly generated crypto key to encrypt the data.
String transientKeyName = "YOUR_TRANSIENT_CRYPTO_KEY";
deIdentifyWithCryptHashTransformation(projectId, tableToDeIdentify, transientKeyName);
}
// Transforms findings using a cryptographic hash transformation.
public static void deIdentifyWithCryptHashTransformation(
String projectId, Table tableToDeIdentify, String transientKeyName) throws IOException {
// Initialize client that will be used to send requests. This client only needs to be created
// once, and can be reused for multiple requests. After completing all of your requests, call
// the "close" method on the client to safely clean up any remaining background resources.
try (DlpServiceClient dlp = DlpServiceClient.create()) {
// Specify what content you want the service to DeIdentify
ContentItem contentItem = ContentItem.newBuilder().setTable(tableToDeIdentify).build();
// Specify the type of info the inspection will look for.
// See https://cloud.google.com/dlp/docs/infotypes-reference for complete list of info types
List<InfoType> infoTypes =
Stream.of("PHONE_NUMBER", "EMAIL_ADDRESS")
.map(it -> InfoType.newBuilder().setName(it).build())
.collect(Collectors.toList());
InspectConfig inspectConfig = InspectConfig.newBuilder()
.addAllInfoTypes(infoTypes)
.build();
// Specify the transient key which will encrypt the data.
TransientCryptoKey transientCryptoKey = TransientCryptoKey.newBuilder()
.setName(transientKeyName)
.build();
CryptoKey cryptoKey = CryptoKey.newBuilder()
.setTransient(transientCryptoKey)
.build();
// Specify how the info from the inspection should be encrypted.
CryptoHashConfig cryptoHashConfig = CryptoHashConfig.newBuilder()
.setCryptoKey(cryptoKey)
.build();
// Define type of de-identification as cryptographic hash transformation.
PrimitiveTransformation primitiveTransformation = PrimitiveTransformation.newBuilder()
.setCryptoHashConfig(cryptoHashConfig)
.build();
InfoTypeTransformations.InfoTypeTransformation infoTypeTransformation =
InfoTypeTransformations.InfoTypeTransformation.newBuilder()
.setPrimitiveTransformation(primitiveTransformation)
.addAllInfoTypes(infoTypes)
.build();
InfoTypeTransformations transformations = InfoTypeTransformations.newBuilder()
.addTransformations(infoTypeTransformation)
.build();
// Specify the config for the de-identify request
DeidentifyConfig deidentifyConfig = DeidentifyConfig.newBuilder()
.setInfoTypeTransformations(transformations)
.build();
// Combine configurations into a request for the service.
DeidentifyContentRequest request =
DeidentifyContentRequest.newBuilder()
.setParent(LocationName.of(projectId, "global").toString())
.setItem(contentItem)
.setInspectConfig(inspectConfig)
.setDeidentifyConfig(deidentifyConfig)
.build();
// Send the request and receive response from the service
DeidentifyContentResponse response = dlp.deidentifyContent(request);
// Print the results
System.out.println("Table after de-identification: " + response.getItem().getTable());
}
}
}
Node.js
Per scoprire come installare e utilizzare la libreria client per Sensitive Data Protection, consulta Librerie client di Sensitive Data Protection.
Per eseguire l'autenticazione in Sensitive Data Protection, configura Credenziali predefinite dell'applicazione. Per maggiori informazioni, consulta Configurare l'autenticazione per un ambiente di sviluppo locale.
// Imports the Google Cloud Data Loss Prevention library
const DLP = require('@google-cloud/dlp');
// Instantiates a client
const dlp = new DLP.DlpServiceClient();
// The project ID to run the API call under
// const projectId = 'my-project';
// Crypto key
// const transientKeyName = 'YOUR_TRANSIENT_CRYPTO_KEY';
// The table to de-identify.
const tableToDeIdentify = {
headers: [{name: 'userid'}, {name: 'comments'}],
rows: [
{
values: [
{stringValue: 'user1@example.org'},
{
stringValue:
'my email is user1@example.org and phone is 858-555-0222',
},
],
},
{
values: [
{stringValue: 'user2@example.org'},
{
stringValue:
'my email is user2@example.org and phone is 858-555-0223',
},
],
},
{
values: [
{stringValue: 'user3@example.org'},
{
stringValue:
'my email is user3@example.org and phone is 858-555-0224',
},
],
},
],
};
async function deIdentifyTableWithCryptoHash() {
// Specify crypto hash configuration that uses transient key.
const cryptoHashConfig = {
cryptoKey: {
transient: {
name: transientKeyName,
},
},
};
// Construct de-identify request that uses crypto hash configuration.
const request = {
parent: `projects/${projectId}/locations/global`,
deidentifyConfig: {
infoTypeTransformations: {
transformations: [
{
primitiveTransformation: {
cryptoHashConfig: cryptoHashConfig,
},
infoTypes: [{name: 'PHONE_NUMBER'}, {name: 'EMAIL_ADDRESS'}],
},
],
},
},
item: {table: tableToDeIdentify},
};
// Send the request and receive response from the service.
const [response] = await dlp.deidentifyContent(request);
const deidentifiedTable = response.item.table;
// Print the results.
console.log(
`Table after de-identification:\n${JSON.stringify(
deidentifiedTable,
null,
2
)}`
);
}
deIdentifyTableWithCryptoHash();
PHP
Per scoprire come installare e utilizzare la libreria client per Sensitive Data Protection, consulta Librerie client di Sensitive Data Protection.
Per eseguire l'autenticazione in Sensitive Data Protection, configura Credenziali predefinite dell'applicazione. Per maggiori informazioni, consulta Configurare l'autenticazione per un ambiente di sviluppo locale.
use Google\Cloud\Dlp\V2\Client\DlpServiceClient;
use Google\Cloud\Dlp\V2\ContentItem;
use Google\Cloud\Dlp\V2\CryptoHashConfig;
use Google\Cloud\Dlp\V2\CryptoKey;
use Google\Cloud\Dlp\V2\DeidentifyConfig;
use Google\Cloud\Dlp\V2\DeidentifyContentRequest;
use Google\Cloud\Dlp\V2\FieldId;
use Google\Cloud\Dlp\V2\InfoType;
use Google\Cloud\Dlp\V2\InfoTypeTransformations;
use Google\Cloud\Dlp\V2\InfoTypeTransformations\InfoTypeTransformation;
use Google\Cloud\Dlp\V2\InspectConfig;
use Google\Cloud\Dlp\V2\PrimitiveTransformation;
use Google\Cloud\Dlp\V2\Table;
use Google\Cloud\Dlp\V2\Table\Row;
use Google\Cloud\Dlp\V2\TransientCryptoKey;
use Google\Cloud\Dlp\V2\Value;
/**
* De-identify table data with crypto hash.
* Transform findings using a cryptographic hash transformation.
*
* @param string $callingProjectId The Google Cloud project id to use as a parent resource.
* @param string $inputCsvFile The input file(csv) path to deidentify.
* @param string $outputCsvFile The oupt file path to save deidentify content.
* @param string $transientCryptoKeyName Specify the random string.
*/
function deidentify_table_with_crypto_hash(
// TODO(developer): Replace sample parameters before running the code.
string $callingProjectId,
string $inputCsvFile = './test/data/table5.csv',
string $outputCsvFile = './test/data/deidentify_table_with_crypto_hash_output.csv',
string $transientCryptoKeyName = 'YOUR-TRANSIENT-CRYPTO-KEY'
): void {
// Instantiate a client.
$dlp = new DlpServiceClient();
$parent = "projects/$callingProjectId/locations/global";
// Read a CSV file.
$csvLines = file($inputCsvFile, FILE_IGNORE_NEW_LINES);
$csvHeaders = explode(',', $csvLines[0]);
$csvRows = array_slice($csvLines, 1);
// Convert CSV file into protobuf objects.
$tableHeaders = array_map(function ($csvHeader) {
return (new FieldId)
->setName($csvHeader);
}, $csvHeaders);
$tableRows = array_map(function ($csvRow) {
$rowValues = array_map(function ($csvValue) {
return (new Value())
->setStringValue($csvValue);
}, explode(',', $csvRow));
return (new Row())
->setValues($rowValues);
}, $csvRows);
// Construct the table object.
$tableToDeIdentify = (new Table())
->setHeaders($tableHeaders)
->setRows($tableRows);
// Specify what content you want the service to de-identify.
$content = (new ContentItem())
->setTable($tableToDeIdentify);
// Specify the type of info the inspection will look for.
// See https://cloud.google.com/dlp/docs/infotypes-reference for complete list of info types
$infoTypes = [
(new InfoType())->setName('EMAIL_ADDRESS'),
(new InfoType())->setName('PHONE_NUMBER')
];
$inspectConfig = (new InspectConfig())
->setInfoTypes($infoTypes);
// Specify the transient key which will encrypt the data.
$cryptoKey = (new CryptoKey())
->setTransient((new TransientCryptoKey())
->setName($transientCryptoKeyName));
// Specify how the info from the inspection should be encrypted.
$cryptoHashConfig = (new CryptoHashConfig())
->setCryptoKey($cryptoKey);
// Define type of de-identification as cryptographic hash transformation.
$primitiveTransformation = (new PrimitiveTransformation())
->setCryptoHashConfig($cryptoHashConfig);
$infoTypeTransformation = (new InfoTypeTransformation())
->setPrimitiveTransformation($primitiveTransformation)
->setInfoTypes($infoTypes);
$infoTypeTransformations = (new InfoTypeTransformations())
->setTransformations([$infoTypeTransformation]);
// Specify the config for the de-identify request
$deidentifyConfig = (new DeidentifyConfig())
->setInfoTypeTransformations($infoTypeTransformations);
// Send the request and receive response from the service.
$deidentifyContentRequest = (new DeidentifyContentRequest())
->setParent($parent)
->setInspectConfig($inspectConfig)
->setDeidentifyConfig($deidentifyConfig)
->setItem($content);
$response = $dlp->deidentifyContent($deidentifyContentRequest);
// Print the results.
$csvRef = fopen($outputCsvFile, 'w');
fputcsv($csvRef, $csvHeaders);
foreach ($response->getItem()->getTable()->getRows() as $tableRow) {
$values = array_map(function ($tableValue) {
return $tableValue->getStringValue();
}, iterator_to_array($tableRow->getValues()));
fputcsv($csvRef, $values);
};
printf('Table after deidentify (File Location): %s', $outputCsvFile);
}
Python
Per scoprire come installare e utilizzare la libreria client per Sensitive Data Protection, consulta Librerie client di Sensitive Data Protection.
Per eseguire l'autenticazione in Sensitive Data Protection, configura Credenziali predefinite dell'applicazione. Per maggiori informazioni, consulta Configurare l'autenticazione per un ambiente di sviluppo locale.
from typing import Dict, List, Union
import google.cloud.dlp
def deidentify_table_with_crypto_hash(
project: str,
table_data: Dict[str, Union[List[str], List[List[str]]]],
info_types: List[str],
transient_key_name: str,
) -> None:
"""Uses the Data Loss Prevention API to de-identify sensitive data
in a table using a cryptographic hash transformation.
Args:
project: The Google Cloud project id to use as a parent resource.
table_data: Dictionary representing table data.
info_types: A list of strings representing info types to look for.
A full list of info type categories can be fetched from the API.
transient_key_name: Name of the transient crypto key used for encryption.
The scope of this key is a single API call. It is generated for
the transformation and then discarded.
"""
# Instantiate a client
dlp = google.cloud.dlp_v2.DlpServiceClient()
# Construct the `table`. For more details on the table schema, please see
# https://cloud.google.com/dlp/docs/reference/rest/v2/ContentItem#Table
headers = [{"name": val} for val in table_data["header"]]
rows = []
for row in table_data["rows"]:
rows.append({"values": [{"string_value": cell_val} for cell_val in row]})
table = {"headers": headers, "rows": rows}
# Construct the `item` that service will de-identify.
item = {"table": table}
# Prepare info_types by converting the list of strings into a list of
# dictionaries.
info_types = [{"name": info_type} for info_type in info_types]
# Construct cryptographic hash configuration using the transient key
# which will encrypt the data.
crypto_hash_config = {"crypto_key": {"transient": {"name": transient_key_name}}}
# Specify the type of info the inspection will look for.
inspect_config = {
"info_types": info_types,
}
# Construct deidentify configuration dictionary.
deidentify_config = {
"info_type_transformations": {
"transformations": [
{
"info_types": info_types,
"primitive_transformation": {
"crypto_hash_config": crypto_hash_config
},
}
]
}
}
# Convert the project id into a full resource id.
parent = f"projects/{project}/locations/global"
# Call the API.
response = dlp.deidentify_content(
request={
"parent": parent,
"deidentify_config": deidentify_config,
"inspect_config": inspect_config,
"item": item,
}
)
# Print the result.
print(f"Table after de-identification: {response.item.table}")
Passaggi successivi
Per cercare e filtrare esempi di codice per altri prodotti Google Cloud, consulta la pagina relativa al browser di esempio Google Cloud.