このサンプルは、暗号ハッシュ変換によって表形式データを変換します。
もっと見る
このコードサンプルを含む詳細なドキュメントについては、以下をご覧ください。
コードサンプル
C#
機密データの保護用のクライアント ライブラリをインストールして使用する方法については、機密データの保護のクライアント ライブラリをご覧ください。
機密データの保護のために認証するには、アプリケーションのデフォルト認証情報を設定します。 詳細については、ローカル開発環境の認証の設定をご覧ください。
using System;
using System.Collections.Generic;
using Google.Api.Gax.ResourceNames;
using Google.Cloud.Dlp.V2;
public class DeidentifyTableWithCryptoHash
{
public static Table Deidentify(
string projectId,
Table tableToDeidentify = null,
IEnumerable<InfoType> infoTypes = null,
string transientKeyName = null)
{
// Instantiate the client.
var dlp = DlpServiceClient.Create();
// Construct the table if null.
if (tableToDeidentify == null)
{
var row1 = new Value[]
{
new Value { StringValue = "user1@example.org" },
new Value { StringValue = "my email is user1@example.org and phone is 858-555-0222" }
};
var row2 = new Value[]
{
new Value { StringValue = "user2@example.org" },
new Value { StringValue = "my email is user2@example.org and phone is 858-555-0223" }
};
var row3 = new Value[]
{
new Value { StringValue = "user3@example.org" },
new Value { StringValue = "my email is user3@example.org and phone is 858-555-0224" }
};
tableToDeidentify = new Table
{
Headers =
{
new FieldId { Name = "User ID" },
new FieldId { Name = "comments" }
},
Rows =
{
new Table.Types.Row { Values = { row1 } },
new Table.Types.Row { Values = { row2 } },
new Table.Types.Row { Values = { row3 } }
}
};
}
// Specify the table and construct the content item.
var contentItem = new ContentItem { Table = tableToDeidentify };
// Construct the infoTypes by specifying the type of info to be inspected if null.
var infotypes = infoTypes ?? new InfoType[]
{
new InfoType { Name = "EMAIL_ADDRESS" },
new InfoType { Name = "PHONE_NUMBER" }
};
// Construct the crypto hash config using transient crypto key name.
var cryptoHashConfig = new CryptoHashConfig
{
CryptoKey = new CryptoKey
{
Transient = new TransientCryptoKey
{
Name = transientKeyName ?? "[TRANSIENT-CRYPTO-KEY]"
}
}
};
// Construct the de-identify config using crypto hash config.
var deidentifyConfig = new DeidentifyConfig
{
InfoTypeTransformations = new InfoTypeTransformations
{
Transformations =
{
new InfoTypeTransformations.Types.InfoTypeTransformation
{
PrimitiveTransformation = new PrimitiveTransformation
{
CryptoHashConfig = cryptoHashConfig
},
InfoTypes = { infotypes }
}
}
}
};
// Construct the inspect config.
var inspectConfig = new InspectConfig
{
InfoTypes = { infotypes },
IncludeQuote = true
};
// Construct the request.
var request = new DeidentifyContentRequest
{
ParentAsLocationName = new LocationName(projectId, "global"),
DeidentifyConfig = deidentifyConfig,
Item = contentItem,
InspectConfig = inspectConfig
};
// Call the API.
DeidentifyContentResponse response = dlp.DeidentifyContent(request);
// Print the table.
Console.WriteLine(response.Item.Table);
return response.Item.Table;
}
}
Go
機密データの保護用のクライアント ライブラリをインストールして使用する方法については、機密データの保護のクライアント ライブラリをご覧ください。
機密データの保護のために認証するには、アプリケーションのデフォルト認証情報を設定します。 詳細については、ローカル開発環境の認証の設定をご覧ください。
import (
"context"
"fmt"
"io"
dlp "cloud.google.com/go/dlp/apiv2"
"cloud.google.com/go/dlp/apiv2/dlppb"
)
// deIdentifyTableWithCryptoHash transforms findings using a cryptographic hash transformation.
func deIdentifyTableWithCryptoHash(w io.Writer, projectID, transientKeyName string) error {
// projectId := "your-project-id"
// transientKeyName := "YOUR_TRANSIENT_CRYPTO_KEY_NAME"
row1 := &dlppb.Table_Row{
Values: []*dlppb.Value{
{Type: &dlppb.Value_StringValue{StringValue: "user1@example.org"}},
{Type: &dlppb.Value_StringValue{StringValue: "my email is user1@example.org and phone is 858-555-0222"}},
},
}
row2 := &dlppb.Table_Row{
Values: []*dlppb.Value{
{Type: &dlppb.Value_StringValue{StringValue: "user2@example.org"}},
{Type: &dlppb.Value_StringValue{StringValue: "my email is user2@example.org and phone is 858-555-0232"}},
},
}
row3 := &dlppb.Table_Row{
Values: []*dlppb.Value{
{Type: &dlppb.Value_StringValue{StringValue: "user3@example.org"}},
{Type: &dlppb.Value_StringValue{StringValue: "my email is user3@example.org and phone is 858-555-0224"}},
},
}
tableToDeidentify := &dlppb.Table{
Headers: []*dlppb.FieldId{
{Name: "userid"},
{Name: "comments"},
},
Rows: []*dlppb.Table_Row{
{Values: row1.Values},
{Values: row2.Values},
{Values: row3.Values},
},
}
ctx := context.Background()
// Initialize a client once and reuse it to send multiple requests. Clients
// are safe to use across goroutines. When the client is no longer needed,
// call the Close method to cleanup its resources.
client, err := dlp.NewClient(ctx)
if err != nil {
return err
}
// Closing the client safely cleans up background resources.
defer client.Close()
// Specify what content you want the service to de-identify.
contentItem := &dlppb.ContentItem{
DataItem: &dlppb.ContentItem_Table{
Table: tableToDeidentify,
},
}
// Specify the type of info the inspection will look for.
// See https://cloud.google.com/dlp/docs/infotypes-reference for complete list of info types
infoTypes := []*dlppb.InfoType{
{Name: "PHONE_NUMBER"},
{Name: "EMAIL_ADDRESS"},
}
inspectConfig := &dlppb.InspectConfig{
InfoTypes: infoTypes,
}
// Specify the transient key which will encrypt the data.
if transientKeyName == "" {
transientKeyName = "YOUR_TRANSIENT_CRYPTO_KEY_NAME"
}
// Specify the transient key which will encrypt the data.
cryptoKey := &dlppb.CryptoKey{
Source: &dlppb.CryptoKey_Transient{
Transient: &dlppb.TransientCryptoKey{
Name: transientKeyName,
},
},
}
// Specify how the info from the inspection should be encrypted.
cryptoHashConfig := &dlppb.CryptoHashConfig{
CryptoKey: cryptoKey,
}
// Define type of de-identification as cryptographic hash transformation.
primitiveTransformation := &dlppb.PrimitiveTransformation_CryptoHashConfig{
CryptoHashConfig: cryptoHashConfig,
}
infoTypeTransformation := &dlppb.InfoTypeTransformations_InfoTypeTransformation{
InfoTypes: infoTypes,
PrimitiveTransformation: &dlppb.PrimitiveTransformation{
Transformation: primitiveTransformation,
},
}
transformations := &dlppb.InfoTypeTransformations{
Transformations: []*dlppb.InfoTypeTransformations_InfoTypeTransformation{
infoTypeTransformation,
},
}
// Specify the config for the de-identify request.
deidentifyConfig := &dlppb.DeidentifyConfig{
Transformation: &dlppb.DeidentifyConfig_InfoTypeTransformations{
InfoTypeTransformations: transformations,
},
}
// Construct the de-identification request to be sent by the client.
req := &dlppb.DeidentifyContentRequest{
Parent: fmt.Sprintf("projects/%s/locations/global", projectID),
DeidentifyConfig: deidentifyConfig,
InspectConfig: inspectConfig,
Item: contentItem,
}
// Send the request.
resp, err := client.DeidentifyContent(ctx, req)
if err != nil {
return err
}
// Print the results.
fmt.Fprintf(w, "Table after de-identification : %v", resp.GetItem().GetTable())
return nil
}
Java
機密データの保護用のクライアント ライブラリをインストールして使用する方法については、機密データの保護のクライアント ライブラリをご覧ください。
機密データの保護のために認証するには、アプリケーションのデフォルト認証情報を設定します。 詳細については、ローカル開発環境の認証の設定をご覧ください。
import com.google.cloud.dlp.v2.DlpServiceClient;
import com.google.privacy.dlp.v2.ContentItem;
import com.google.privacy.dlp.v2.CryptoHashConfig;
import com.google.privacy.dlp.v2.CryptoKey;
import com.google.privacy.dlp.v2.DeidentifyConfig;
import com.google.privacy.dlp.v2.DeidentifyContentRequest;
import com.google.privacy.dlp.v2.DeidentifyContentResponse;
import com.google.privacy.dlp.v2.FieldId;
import com.google.privacy.dlp.v2.InfoType;
import com.google.privacy.dlp.v2.InfoTypeTransformations;
import com.google.privacy.dlp.v2.InspectConfig;
import com.google.privacy.dlp.v2.LocationName;
import com.google.privacy.dlp.v2.PrimitiveTransformation;
import com.google.privacy.dlp.v2.Table;
import com.google.privacy.dlp.v2.TransientCryptoKey;
import com.google.privacy.dlp.v2.Value;
import java.io.IOException;
import java.util.List;
import java.util.stream.Collectors;
import java.util.stream.Stream;
public class DeIdentifyTableWithCryptoHash {
public static void main(String[] args) throws Exception {
// TODO(developer): Replace these variables before running the sample.
// The Google Cloud project id to use as a parent resource.
String projectId = "your-project-id";
// The table to de-identify.
Table tableToDeIdentify =
Table.newBuilder()
.addHeaders(FieldId.newBuilder().setName("userid").build())
.addHeaders(FieldId.newBuilder().setName("comments").build())
.addRows(
Table.Row.newBuilder()
.addValues(Value.newBuilder().setStringValue("user1@example.org").build())
.addValues(
Value.newBuilder()
.setStringValue(
"my email is user1@example.org and phone is 858-555-0222")
.build())
.build())
.addRows(
Table.Row.newBuilder()
.addValues(Value.newBuilder().setStringValue("user2@example.org").build())
.addValues(
Value.newBuilder()
.setStringValue(
"my email is user2@example.org and phone is 858-555-0223")
.build())
.build())
.addRows(
Table.Row.newBuilder()
.addValues(Value.newBuilder().setStringValue("user3@example.org").build())
.addValues(
Value.newBuilder()
.setStringValue(
"my email is user3@example.org and phone is 858-555-0224")
.build())
.build())
.build();
// The randomly generated crypto key to encrypt the data.
String transientKeyName = "YOUR_TRANSIENT_CRYPTO_KEY";
deIdentifyWithCryptHashTransformation(projectId, tableToDeIdentify, transientKeyName);
}
// Transforms findings using a cryptographic hash transformation.
public static void deIdentifyWithCryptHashTransformation(
String projectId, Table tableToDeIdentify, String transientKeyName) throws IOException {
// Initialize client that will be used to send requests. This client only needs to be created
// once, and can be reused for multiple requests. After completing all of your requests, call
// the "close" method on the client to safely clean up any remaining background resources.
try (DlpServiceClient dlp = DlpServiceClient.create()) {
// Specify what content you want the service to DeIdentify
ContentItem contentItem = ContentItem.newBuilder().setTable(tableToDeIdentify).build();
// Specify the type of info the inspection will look for.
// See https://cloud.google.com/dlp/docs/infotypes-reference for complete list of info types
List<InfoType> infoTypes =
Stream.of("PHONE_NUMBER", "EMAIL_ADDRESS")
.map(it -> InfoType.newBuilder().setName(it).build())
.collect(Collectors.toList());
InspectConfig inspectConfig = InspectConfig.newBuilder()
.addAllInfoTypes(infoTypes)
.build();
// Specify the transient key which will encrypt the data.
TransientCryptoKey transientCryptoKey = TransientCryptoKey.newBuilder()
.setName(transientKeyName)
.build();
CryptoKey cryptoKey = CryptoKey.newBuilder()
.setTransient(transientCryptoKey)
.build();
// Specify how the info from the inspection should be encrypted.
CryptoHashConfig cryptoHashConfig = CryptoHashConfig.newBuilder()
.setCryptoKey(cryptoKey)
.build();
// Define type of de-identification as cryptographic hash transformation.
PrimitiveTransformation primitiveTransformation = PrimitiveTransformation.newBuilder()
.setCryptoHashConfig(cryptoHashConfig)
.build();
InfoTypeTransformations.InfoTypeTransformation infoTypeTransformation =
InfoTypeTransformations.InfoTypeTransformation.newBuilder()
.setPrimitiveTransformation(primitiveTransformation)
.addAllInfoTypes(infoTypes)
.build();
InfoTypeTransformations transformations = InfoTypeTransformations.newBuilder()
.addTransformations(infoTypeTransformation)
.build();
// Specify the config for the de-identify request
DeidentifyConfig deidentifyConfig = DeidentifyConfig.newBuilder()
.setInfoTypeTransformations(transformations)
.build();
// Combine configurations into a request for the service.
DeidentifyContentRequest request =
DeidentifyContentRequest.newBuilder()
.setParent(LocationName.of(projectId, "global").toString())
.setItem(contentItem)
.setInspectConfig(inspectConfig)
.setDeidentifyConfig(deidentifyConfig)
.build();
// Send the request and receive response from the service
DeidentifyContentResponse response = dlp.deidentifyContent(request);
// Print the results
System.out.println("Table after de-identification: " + response.getItem().getTable());
}
}
}
Node.js
機密データの保護用のクライアント ライブラリをインストールして使用する方法については、機密データの保護のクライアント ライブラリをご覧ください。
機密データの保護のために認証するには、アプリケーションのデフォルト認証情報を設定します。 詳細については、ローカル開発環境の認証の設定をご覧ください。
// Imports the Google Cloud Data Loss Prevention library
const DLP = require('@google-cloud/dlp');
// Instantiates a client
const dlp = new DLP.DlpServiceClient();
// The project ID to run the API call under
// const projectId = 'my-project';
// Crypto key
// const transientKeyName = 'YOUR_TRANSIENT_CRYPTO_KEY';
// The table to de-identify.
const tableToDeIdentify = {
headers: [{name: 'userid'}, {name: 'comments'}],
rows: [
{
values: [
{stringValue: 'user1@example.org'},
{
stringValue:
'my email is user1@example.org and phone is 858-555-0222',
},
],
},
{
values: [
{stringValue: 'user2@example.org'},
{
stringValue:
'my email is user2@example.org and phone is 858-555-0223',
},
],
},
{
values: [
{stringValue: 'user3@example.org'},
{
stringValue:
'my email is user3@example.org and phone is 858-555-0224',
},
],
},
],
};
async function deIdentifyTableWithCryptoHash() {
// Specify crypto hash configuration that uses transient key.
const cryptoHashConfig = {
cryptoKey: {
transient: {
name: transientKeyName,
},
},
};
// Construct de-identify request that uses crypto hash configuration.
const request = {
parent: `projects/${projectId}/locations/global`,
deidentifyConfig: {
infoTypeTransformations: {
transformations: [
{
primitiveTransformation: {
cryptoHashConfig: cryptoHashConfig,
},
infoTypes: [{name: 'PHONE_NUMBER'}, {name: 'EMAIL_ADDRESS'}],
},
],
},
},
item: {table: tableToDeIdentify},
};
// Send the request and receive response from the service.
const [response] = await dlp.deidentifyContent(request);
const deidentifiedTable = response.item.table;
// Print the results.
console.log(
`Table after de-identification:\n${JSON.stringify(
deidentifiedTable,
null,
2
)}`
);
}
deIdentifyTableWithCryptoHash();
PHP
機密データの保護用のクライアント ライブラリをインストールして使用する方法については、機密データの保護のクライアント ライブラリをご覧ください。
機密データの保護のために認証するには、アプリケーションのデフォルト認証情報を設定します。 詳細については、ローカル開発環境の認証の設定をご覧ください。
use Google\Cloud\Dlp\V2\Client\DlpServiceClient;
use Google\Cloud\Dlp\V2\ContentItem;
use Google\Cloud\Dlp\V2\CryptoHashConfig;
use Google\Cloud\Dlp\V2\CryptoKey;
use Google\Cloud\Dlp\V2\DeidentifyConfig;
use Google\Cloud\Dlp\V2\DeidentifyContentRequest;
use Google\Cloud\Dlp\V2\FieldId;
use Google\Cloud\Dlp\V2\InfoType;
use Google\Cloud\Dlp\V2\InfoTypeTransformations;
use Google\Cloud\Dlp\V2\InfoTypeTransformations\InfoTypeTransformation;
use Google\Cloud\Dlp\V2\InspectConfig;
use Google\Cloud\Dlp\V2\PrimitiveTransformation;
use Google\Cloud\Dlp\V2\Table;
use Google\Cloud\Dlp\V2\Table\Row;
use Google\Cloud\Dlp\V2\TransientCryptoKey;
use Google\Cloud\Dlp\V2\Value;
/**
* De-identify table data with crypto hash.
* Transform findings using a cryptographic hash transformation.
*
* @param string $callingProjectId The Google Cloud project id to use as a parent resource.
* @param string $inputCsvFile The input file(csv) path to deidentify.
* @param string $outputCsvFile The oupt file path to save deidentify content.
* @param string $transientCryptoKeyName Specify the random string.
*/
function deidentify_table_with_crypto_hash(
// TODO(developer): Replace sample parameters before running the code.
string $callingProjectId,
string $inputCsvFile = './test/data/table5.csv',
string $outputCsvFile = './test/data/deidentify_table_with_crypto_hash_output.csv',
string $transientCryptoKeyName = 'YOUR-TRANSIENT-CRYPTO-KEY'
): void {
// Instantiate a client.
$dlp = new DlpServiceClient();
$parent = "projects/$callingProjectId/locations/global";
// Read a CSV file.
$csvLines = file($inputCsvFile, FILE_IGNORE_NEW_LINES);
$csvHeaders = explode(',', $csvLines[0]);
$csvRows = array_slice($csvLines, 1);
// Convert CSV file into protobuf objects.
$tableHeaders = array_map(function ($csvHeader) {
return (new FieldId)
->setName($csvHeader);
}, $csvHeaders);
$tableRows = array_map(function ($csvRow) {
$rowValues = array_map(function ($csvValue) {
return (new Value())
->setStringValue($csvValue);
}, explode(',', $csvRow));
return (new Row())
->setValues($rowValues);
}, $csvRows);
// Construct the table object.
$tableToDeIdentify = (new Table())
->setHeaders($tableHeaders)
->setRows($tableRows);
// Specify what content you want the service to de-identify.
$content = (new ContentItem())
->setTable($tableToDeIdentify);
// Specify the type of info the inspection will look for.
// See https://cloud.google.com/dlp/docs/infotypes-reference for complete list of info types
$infoTypes = [
(new InfoType())->setName('EMAIL_ADDRESS'),
(new InfoType())->setName('PHONE_NUMBER')
];
$inspectConfig = (new InspectConfig())
->setInfoTypes($infoTypes);
// Specify the transient key which will encrypt the data.
$cryptoKey = (new CryptoKey())
->setTransient((new TransientCryptoKey())
->setName($transientCryptoKeyName));
// Specify how the info from the inspection should be encrypted.
$cryptoHashConfig = (new CryptoHashConfig())
->setCryptoKey($cryptoKey);
// Define type of de-identification as cryptographic hash transformation.
$primitiveTransformation = (new PrimitiveTransformation())
->setCryptoHashConfig($cryptoHashConfig);
$infoTypeTransformation = (new InfoTypeTransformation())
->setPrimitiveTransformation($primitiveTransformation)
->setInfoTypes($infoTypes);
$infoTypeTransformations = (new InfoTypeTransformations())
->setTransformations([$infoTypeTransformation]);
// Specify the config for the de-identify request
$deidentifyConfig = (new DeidentifyConfig())
->setInfoTypeTransformations($infoTypeTransformations);
// Send the request and receive response from the service.
$deidentifyContentRequest = (new DeidentifyContentRequest())
->setParent($parent)
->setInspectConfig($inspectConfig)
->setDeidentifyConfig($deidentifyConfig)
->setItem($content);
$response = $dlp->deidentifyContent($deidentifyContentRequest);
// Print the results.
$csvRef = fopen($outputCsvFile, 'w');
fputcsv($csvRef, $csvHeaders);
foreach ($response->getItem()->getTable()->getRows() as $tableRow) {
$values = array_map(function ($tableValue) {
return $tableValue->getStringValue();
}, iterator_to_array($tableRow->getValues()));
fputcsv($csvRef, $values);
};
printf('Table after deidentify (File Location): %s', $outputCsvFile);
}
Python
機密データの保護用のクライアント ライブラリをインストールして使用する方法については、機密データの保護のクライアント ライブラリをご覧ください。
機密データの保護のために認証するには、アプリケーションのデフォルト認証情報を設定します。 詳細については、ローカル開発環境の認証の設定をご覧ください。
from typing import Dict, List, Union
import google.cloud.dlp
def deidentify_table_with_crypto_hash(
project: str,
table_data: Dict[str, Union[List[str], List[List[str]]]],
info_types: List[str],
transient_key_name: str,
) -> None:
"""Uses the Data Loss Prevention API to de-identify sensitive data
in a table using a cryptographic hash transformation.
Args:
project: The Google Cloud project id to use as a parent resource.
table_data: Dictionary representing table data.
info_types: A list of strings representing info types to look for.
A full list of info type categories can be fetched from the API.
transient_key_name: Name of the transient crypto key used for encryption.
The scope of this key is a single API call. It is generated for
the transformation and then discarded.
"""
# Instantiate a client
dlp = google.cloud.dlp_v2.DlpServiceClient()
# Construct the `table`. For more details on the table schema, please see
# https://cloud.google.com/dlp/docs/reference/rest/v2/ContentItem#Table
headers = [{"name": val} for val in table_data["header"]]
rows = []
for row in table_data["rows"]:
rows.append({"values": [{"string_value": cell_val} for cell_val in row]})
table = {"headers": headers, "rows": rows}
# Construct the `item` that service will de-identify.
item = {"table": table}
# Prepare info_types by converting the list of strings into a list of
# dictionaries.
info_types = [{"name": info_type} for info_type in info_types]
# Construct cryptographic hash configuration using the transient key
# which will encrypt the data.
crypto_hash_config = {"crypto_key": {"transient": {"name": transient_key_name}}}
# Specify the type of info the inspection will look for.
inspect_config = {
"info_types": info_types,
}
# Construct deidentify configuration dictionary.
deidentify_config = {
"info_type_transformations": {
"transformations": [
{
"info_types": info_types,
"primitive_transformation": {
"crypto_hash_config": crypto_hash_config
},
}
]
}
}
# Convert the project id into a full resource id.
parent = f"projects/{project}/locations/global"
# Call the API.
response = dlp.deidentify_content(
request={
"parent": parent,
"deidentify_config": deidentify_config,
"inspect_config": inspect_config,
"item": item,
}
)
# Print the result.
print(f"Table after de-identification: {response.item.table}")
次のステップ
他の Google Cloud プロダクトに関連するコードサンプルの検索およびフィルタ検索を行うには、Google Cloud のサンプルをご覧ください。