이 샘플은 암호화 해시 변환을 통해 테이블 형식 데이터를 변환합니다.
더 살펴보기
이 코드 샘플이 포함된 자세한 문서는 다음을 참조하세요.
코드 샘플
C#
민감한 정보 보호의 클라이언트 라이브러리를 설치하고 사용하는 방법은 민감한 정보 보호 클라이언트 라이브러리를 참조하세요.
Sensitive Data Protection에 인증하려면 애플리케이션 기본 사용자 인증 정보를 설정합니다. 자세한 내용은 로컬 개발 환경의 인증 설정을 참조하세요.
using System;
using System.Collections.Generic;
using Google.Api.Gax.ResourceNames;
using Google.Cloud.Dlp.V2;
public class DeidentifyTableWithCryptoHash
{
public static Table Deidentify(
string projectId,
Table tableToDeidentify = null,
IEnumerable<InfoType> infoTypes = null,
string transientKeyName = null)
{
// Instantiate the client.
var dlp = DlpServiceClient.Create();
// Construct the table if null.
if (tableToDeidentify == null)
{
var row1 = new Value[]
{
new Value { StringValue = "user1@example.org" },
new Value { StringValue = "my email is user1@example.org and phone is 858-555-0222" }
};
var row2 = new Value[]
{
new Value { StringValue = "user2@example.org" },
new Value { StringValue = "my email is user2@example.org and phone is 858-555-0223" }
};
var row3 = new Value[]
{
new Value { StringValue = "user3@example.org" },
new Value { StringValue = "my email is user3@example.org and phone is 858-555-0224" }
};
tableToDeidentify = new Table
{
Headers =
{
new FieldId { Name = "User ID" },
new FieldId { Name = "comments" }
},
Rows =
{
new Table.Types.Row { Values = { row1 } },
new Table.Types.Row { Values = { row2 } },
new Table.Types.Row { Values = { row3 } }
}
};
}
// Specify the table and construct the content item.
var contentItem = new ContentItem { Table = tableToDeidentify };
// Construct the infoTypes by specifying the type of info to be inspected if null.
var infotypes = infoTypes ?? new InfoType[]
{
new InfoType { Name = "EMAIL_ADDRESS" },
new InfoType { Name = "PHONE_NUMBER" }
};
// Construct the crypto hash config using transient crypto key name.
var cryptoHashConfig = new CryptoHashConfig
{
CryptoKey = new CryptoKey
{
Transient = new TransientCryptoKey
{
Name = transientKeyName ?? "[TRANSIENT-CRYPTO-KEY]"
}
}
};
// Construct the de-identify config using crypto hash config.
var deidentifyConfig = new DeidentifyConfig
{
InfoTypeTransformations = new InfoTypeTransformations
{
Transformations =
{
new InfoTypeTransformations.Types.InfoTypeTransformation
{
PrimitiveTransformation = new PrimitiveTransformation
{
CryptoHashConfig = cryptoHashConfig
},
InfoTypes = { infotypes }
}
}
}
};
// Construct the inspect config.
var inspectConfig = new InspectConfig
{
InfoTypes = { infotypes },
IncludeQuote = true
};
// Construct the request.
var request = new DeidentifyContentRequest
{
ParentAsLocationName = new LocationName(projectId, "global"),
DeidentifyConfig = deidentifyConfig,
Item = contentItem,
InspectConfig = inspectConfig
};
// Call the API.
DeidentifyContentResponse response = dlp.DeidentifyContent(request);
// Print the table.
Console.WriteLine(response.Item.Table);
return response.Item.Table;
}
}
Go
Sensitive Data Protection의 클라이언트 라이브러리를 설치하고 사용하는 방법은 Sensitive Data Protection 클라이언트 라이브러리를 참조하세요.
Sensitive Data Protection에 인증하려면 애플리케이션 기본 사용자 인증 정보를 설정합니다. 자세한 내용은 로컬 개발 환경의 인증 설정을 참조하세요.
import (
"context"
"fmt"
"io"
dlp "cloud.google.com/go/dlp/apiv2"
"cloud.google.com/go/dlp/apiv2/dlppb"
)
// deIdentifyTableWithCryptoHash transforms findings using a cryptographic hash transformation.
func deIdentifyTableWithCryptoHash(w io.Writer, projectID, transientKeyName string) error {
// projectId := "your-project-id"
// transientKeyName := "YOUR_TRANSIENT_CRYPTO_KEY_NAME"
row1 := &dlppb.Table_Row{
Values: []*dlppb.Value{
{Type: &dlppb.Value_StringValue{StringValue: "user1@example.org"}},
{Type: &dlppb.Value_StringValue{StringValue: "my email is user1@example.org and phone is 858-555-0222"}},
},
}
row2 := &dlppb.Table_Row{
Values: []*dlppb.Value{
{Type: &dlppb.Value_StringValue{StringValue: "user2@example.org"}},
{Type: &dlppb.Value_StringValue{StringValue: "my email is user2@example.org and phone is 858-555-0232"}},
},
}
row3 := &dlppb.Table_Row{
Values: []*dlppb.Value{
{Type: &dlppb.Value_StringValue{StringValue: "user3@example.org"}},
{Type: &dlppb.Value_StringValue{StringValue: "my email is user3@example.org and phone is 858-555-0224"}},
},
}
tableToDeidentify := &dlppb.Table{
Headers: []*dlppb.FieldId{
{Name: "userid"},
{Name: "comments"},
},
Rows: []*dlppb.Table_Row{
{Values: row1.Values},
{Values: row2.Values},
{Values: row3.Values},
},
}
ctx := context.Background()
// Initialize a client once and reuse it to send multiple requests. Clients
// are safe to use across goroutines. When the client is no longer needed,
// call the Close method to cleanup its resources.
client, err := dlp.NewClient(ctx)
if err != nil {
return err
}
// Closing the client safely cleans up background resources.
defer client.Close()
// Specify what content you want the service to de-identify.
contentItem := &dlppb.ContentItem{
DataItem: &dlppb.ContentItem_Table{
Table: tableToDeidentify,
},
}
// Specify the type of info the inspection will look for.
// See https://cloud.google.com/dlp/docs/infotypes-reference for complete list of info types
infoTypes := []*dlppb.InfoType{
{Name: "PHONE_NUMBER"},
{Name: "EMAIL_ADDRESS"},
}
inspectConfig := &dlppb.InspectConfig{
InfoTypes: infoTypes,
}
// Specify the transient key which will encrypt the data.
if transientKeyName == "" {
transientKeyName = "YOUR_TRANSIENT_CRYPTO_KEY_NAME"
}
// Specify the transient key which will encrypt the data.
cryptoKey := &dlppb.CryptoKey{
Source: &dlppb.CryptoKey_Transient{
Transient: &dlppb.TransientCryptoKey{
Name: transientKeyName,
},
},
}
// Specify how the info from the inspection should be encrypted.
cryptoHashConfig := &dlppb.CryptoHashConfig{
CryptoKey: cryptoKey,
}
// Define type of de-identification as cryptographic hash transformation.
primitiveTransformation := &dlppb.PrimitiveTransformation_CryptoHashConfig{
CryptoHashConfig: cryptoHashConfig,
}
infoTypeTransformation := &dlppb.InfoTypeTransformations_InfoTypeTransformation{
InfoTypes: infoTypes,
PrimitiveTransformation: &dlppb.PrimitiveTransformation{
Transformation: primitiveTransformation,
},
}
transformations := &dlppb.InfoTypeTransformations{
Transformations: []*dlppb.InfoTypeTransformations_InfoTypeTransformation{
infoTypeTransformation,
},
}
// Specify the config for the de-identify request.
deidentifyConfig := &dlppb.DeidentifyConfig{
Transformation: &dlppb.DeidentifyConfig_InfoTypeTransformations{
InfoTypeTransformations: transformations,
},
}
// Construct the de-identification request to be sent by the client.
req := &dlppb.DeidentifyContentRequest{
Parent: fmt.Sprintf("projects/%s/locations/global", projectID),
DeidentifyConfig: deidentifyConfig,
InspectConfig: inspectConfig,
Item: contentItem,
}
// Send the request.
resp, err := client.DeidentifyContent(ctx, req)
if err != nil {
return err
}
// Print the results.
fmt.Fprintf(w, "Table after de-identification : %v", resp.GetItem().GetTable())
return nil
}
Java
Sensitive Data Protection의 클라이언트 라이브러리를 설치하고 사용하는 방법은 Sensitive Data Protection 클라이언트 라이브러리를 참조하세요.
Sensitive Data Protection에 인증하려면 애플리케이션 기본 사용자 인증 정보를 설정합니다. 자세한 내용은 로컬 개발 환경의 인증 설정을 참조하세요.
import com.google.cloud.dlp.v2.DlpServiceClient;
import com.google.privacy.dlp.v2.ContentItem;
import com.google.privacy.dlp.v2.CryptoHashConfig;
import com.google.privacy.dlp.v2.CryptoKey;
import com.google.privacy.dlp.v2.DeidentifyConfig;
import com.google.privacy.dlp.v2.DeidentifyContentRequest;
import com.google.privacy.dlp.v2.DeidentifyContentResponse;
import com.google.privacy.dlp.v2.FieldId;
import com.google.privacy.dlp.v2.InfoType;
import com.google.privacy.dlp.v2.InfoTypeTransformations;
import com.google.privacy.dlp.v2.InspectConfig;
import com.google.privacy.dlp.v2.LocationName;
import com.google.privacy.dlp.v2.PrimitiveTransformation;
import com.google.privacy.dlp.v2.Table;
import com.google.privacy.dlp.v2.TransientCryptoKey;
import com.google.privacy.dlp.v2.Value;
import java.io.IOException;
import java.util.List;
import java.util.stream.Collectors;
import java.util.stream.Stream;
public class DeIdentifyTableWithCryptoHash {
public static void main(String[] args) throws Exception {
// TODO(developer): Replace these variables before running the sample.
// The Google Cloud project id to use as a parent resource.
String projectId = "your-project-id";
// The table to de-identify.
Table tableToDeIdentify =
Table.newBuilder()
.addHeaders(FieldId.newBuilder().setName("userid").build())
.addHeaders(FieldId.newBuilder().setName("comments").build())
.addRows(
Table.Row.newBuilder()
.addValues(Value.newBuilder().setStringValue("user1@example.org").build())
.addValues(
Value.newBuilder()
.setStringValue(
"my email is user1@example.org and phone is 858-555-0222")
.build())
.build())
.addRows(
Table.Row.newBuilder()
.addValues(Value.newBuilder().setStringValue("user2@example.org").build())
.addValues(
Value.newBuilder()
.setStringValue(
"my email is user2@example.org and phone is 858-555-0223")
.build())
.build())
.addRows(
Table.Row.newBuilder()
.addValues(Value.newBuilder().setStringValue("user3@example.org").build())
.addValues(
Value.newBuilder()
.setStringValue(
"my email is user3@example.org and phone is 858-555-0224")
.build())
.build())
.build();
// The randomly generated crypto key to encrypt the data.
String transientKeyName = "YOUR_TRANSIENT_CRYPTO_KEY";
deIdentifyWithCryptHashTransformation(projectId, tableToDeIdentify, transientKeyName);
}
// Transforms findings using a cryptographic hash transformation.
public static void deIdentifyWithCryptHashTransformation(
String projectId, Table tableToDeIdentify, String transientKeyName) throws IOException {
// Initialize client that will be used to send requests. This client only needs to be created
// once, and can be reused for multiple requests. After completing all of your requests, call
// the "close" method on the client to safely clean up any remaining background resources.
try (DlpServiceClient dlp = DlpServiceClient.create()) {
// Specify what content you want the service to DeIdentify
ContentItem contentItem = ContentItem.newBuilder().setTable(tableToDeIdentify).build();
// Specify the type of info the inspection will look for.
// See https://cloud.google.com/dlp/docs/infotypes-reference for complete list of info types
List<InfoType> infoTypes =
Stream.of("PHONE_NUMBER", "EMAIL_ADDRESS")
.map(it -> InfoType.newBuilder().setName(it).build())
.collect(Collectors.toList());
InspectConfig inspectConfig = InspectConfig.newBuilder()
.addAllInfoTypes(infoTypes)
.build();
// Specify the transient key which will encrypt the data.
TransientCryptoKey transientCryptoKey = TransientCryptoKey.newBuilder()
.setName(transientKeyName)
.build();
CryptoKey cryptoKey = CryptoKey.newBuilder()
.setTransient(transientCryptoKey)
.build();
// Specify how the info from the inspection should be encrypted.
CryptoHashConfig cryptoHashConfig = CryptoHashConfig.newBuilder()
.setCryptoKey(cryptoKey)
.build();
// Define type of de-identification as cryptographic hash transformation.
PrimitiveTransformation primitiveTransformation = PrimitiveTransformation.newBuilder()
.setCryptoHashConfig(cryptoHashConfig)
.build();
InfoTypeTransformations.InfoTypeTransformation infoTypeTransformation =
InfoTypeTransformations.InfoTypeTransformation.newBuilder()
.setPrimitiveTransformation(primitiveTransformation)
.addAllInfoTypes(infoTypes)
.build();
InfoTypeTransformations transformations = InfoTypeTransformations.newBuilder()
.addTransformations(infoTypeTransformation)
.build();
// Specify the config for the de-identify request
DeidentifyConfig deidentifyConfig = DeidentifyConfig.newBuilder()
.setInfoTypeTransformations(transformations)
.build();
// Combine configurations into a request for the service.
DeidentifyContentRequest request =
DeidentifyContentRequest.newBuilder()
.setParent(LocationName.of(projectId, "global").toString())
.setItem(contentItem)
.setInspectConfig(inspectConfig)
.setDeidentifyConfig(deidentifyConfig)
.build();
// Send the request and receive response from the service
DeidentifyContentResponse response = dlp.deidentifyContent(request);
// Print the results
System.out.println("Table after de-identification: " + response.getItem().getTable());
}
}
}
Node.js
Sensitive Data Protection의 클라이언트 라이브러리를 설치하고 사용하는 방법은 Sensitive Data Protection 클라이언트 라이브러리를 참조하세요.
Sensitive Data Protection에 인증하려면 애플리케이션 기본 사용자 인증 정보를 설정합니다. 자세한 내용은 로컬 개발 환경의 인증 설정을 참조하세요.
// Imports the Google Cloud Data Loss Prevention library
const DLP = require('@google-cloud/dlp');
// Instantiates a client
const dlp = new DLP.DlpServiceClient();
// The project ID to run the API call under
// const projectId = 'my-project';
// Crypto key
// const transientKeyName = 'YOUR_TRANSIENT_CRYPTO_KEY';
// The table to de-identify.
const tableToDeIdentify = {
headers: [{name: 'userid'}, {name: 'comments'}],
rows: [
{
values: [
{stringValue: 'user1@example.org'},
{
stringValue:
'my email is user1@example.org and phone is 858-555-0222',
},
],
},
{
values: [
{stringValue: 'user2@example.org'},
{
stringValue:
'my email is user2@example.org and phone is 858-555-0223',
},
],
},
{
values: [
{stringValue: 'user3@example.org'},
{
stringValue:
'my email is user3@example.org and phone is 858-555-0224',
},
],
},
],
};
async function deIdentifyTableWithCryptoHash() {
// Specify crypto hash configuration that uses transient key.
const cryptoHashConfig = {
cryptoKey: {
transient: {
name: transientKeyName,
},
},
};
// Construct de-identify request that uses crypto hash configuration.
const request = {
parent: `projects/${projectId}/locations/global`,
deidentifyConfig: {
infoTypeTransformations: {
transformations: [
{
primitiveTransformation: {
cryptoHashConfig: cryptoHashConfig,
},
infoTypes: [{name: 'PHONE_NUMBER'}, {name: 'EMAIL_ADDRESS'}],
},
],
},
},
item: {table: tableToDeIdentify},
};
// Send the request and receive response from the service.
const [response] = await dlp.deidentifyContent(request);
const deidentifiedTable = response.item.table;
// Print the results.
console.log(
`Table after de-identification:\n${JSON.stringify(
deidentifiedTable,
null,
2
)}`
);
}
deIdentifyTableWithCryptoHash();
PHP
Sensitive Data Protection의 클라이언트 라이브러리를 설치하고 사용하는 방법은 Sensitive Data Protection 클라이언트 라이브러리를 참조하세요.
Sensitive Data Protection에 인증하려면 애플리케이션 기본 사용자 인증 정보를 설정합니다. 자세한 내용은 로컬 개발 환경의 인증 설정을 참조하세요.
use Google\Cloud\Dlp\V2\Client\DlpServiceClient;
use Google\Cloud\Dlp\V2\ContentItem;
use Google\Cloud\Dlp\V2\CryptoHashConfig;
use Google\Cloud\Dlp\V2\CryptoKey;
use Google\Cloud\Dlp\V2\DeidentifyConfig;
use Google\Cloud\Dlp\V2\DeidentifyContentRequest;
use Google\Cloud\Dlp\V2\FieldId;
use Google\Cloud\Dlp\V2\InfoType;
use Google\Cloud\Dlp\V2\InfoTypeTransformations;
use Google\Cloud\Dlp\V2\InfoTypeTransformations\InfoTypeTransformation;
use Google\Cloud\Dlp\V2\InspectConfig;
use Google\Cloud\Dlp\V2\PrimitiveTransformation;
use Google\Cloud\Dlp\V2\Table;
use Google\Cloud\Dlp\V2\Table\Row;
use Google\Cloud\Dlp\V2\TransientCryptoKey;
use Google\Cloud\Dlp\V2\Value;
/**
* De-identify table data with crypto hash.
* Transform findings using a cryptographic hash transformation.
*
* @param string $callingProjectId The Google Cloud project id to use as a parent resource.
* @param string $inputCsvFile The input file(csv) path to deidentify.
* @param string $outputCsvFile The oupt file path to save deidentify content.
* @param string $transientCryptoKeyName Specify the random string.
*/
function deidentify_table_with_crypto_hash(
// TODO(developer): Replace sample parameters before running the code.
string $callingProjectId,
string $inputCsvFile = './test/data/table5.csv',
string $outputCsvFile = './test/data/deidentify_table_with_crypto_hash_output.csv',
string $transientCryptoKeyName = 'YOUR-TRANSIENT-CRYPTO-KEY'
): void {
// Instantiate a client.
$dlp = new DlpServiceClient();
$parent = "projects/$callingProjectId/locations/global";
// Read a CSV file.
$csvLines = file($inputCsvFile, FILE_IGNORE_NEW_LINES);
$csvHeaders = explode(',', $csvLines[0]);
$csvRows = array_slice($csvLines, 1);
// Convert CSV file into protobuf objects.
$tableHeaders = array_map(function ($csvHeader) {
return (new FieldId)
->setName($csvHeader);
}, $csvHeaders);
$tableRows = array_map(function ($csvRow) {
$rowValues = array_map(function ($csvValue) {
return (new Value())
->setStringValue($csvValue);
}, explode(',', $csvRow));
return (new Row())
->setValues($rowValues);
}, $csvRows);
// Construct the table object.
$tableToDeIdentify = (new Table())
->setHeaders($tableHeaders)
->setRows($tableRows);
// Specify what content you want the service to de-identify.
$content = (new ContentItem())
->setTable($tableToDeIdentify);
// Specify the type of info the inspection will look for.
// See https://cloud.google.com/dlp/docs/infotypes-reference for complete list of info types
$infoTypes = [
(new InfoType())->setName('EMAIL_ADDRESS'),
(new InfoType())->setName('PHONE_NUMBER')
];
$inspectConfig = (new InspectConfig())
->setInfoTypes($infoTypes);
// Specify the transient key which will encrypt the data.
$cryptoKey = (new CryptoKey())
->setTransient((new TransientCryptoKey())
->setName($transientCryptoKeyName));
// Specify how the info from the inspection should be encrypted.
$cryptoHashConfig = (new CryptoHashConfig())
->setCryptoKey($cryptoKey);
// Define type of de-identification as cryptographic hash transformation.
$primitiveTransformation = (new PrimitiveTransformation())
->setCryptoHashConfig($cryptoHashConfig);
$infoTypeTransformation = (new InfoTypeTransformation())
->setPrimitiveTransformation($primitiveTransformation)
->setInfoTypes($infoTypes);
$infoTypeTransformations = (new InfoTypeTransformations())
->setTransformations([$infoTypeTransformation]);
// Specify the config for the de-identify request
$deidentifyConfig = (new DeidentifyConfig())
->setInfoTypeTransformations($infoTypeTransformations);
// Send the request and receive response from the service.
$deidentifyContentRequest = (new DeidentifyContentRequest())
->setParent($parent)
->setInspectConfig($inspectConfig)
->setDeidentifyConfig($deidentifyConfig)
->setItem($content);
$response = $dlp->deidentifyContent($deidentifyContentRequest);
// Print the results.
$csvRef = fopen($outputCsvFile, 'w');
fputcsv($csvRef, $csvHeaders);
foreach ($response->getItem()->getTable()->getRows() as $tableRow) {
$values = array_map(function ($tableValue) {
return $tableValue->getStringValue();
}, iterator_to_array($tableRow->getValues()));
fputcsv($csvRef, $values);
};
printf('Table after deidentify (File Location): %s', $outputCsvFile);
}
Python
Sensitive Data Protection의 클라이언트 라이브러리를 설치하고 사용하는 방법은 Sensitive Data Protection 클라이언트 라이브러리를 참조하세요.
Sensitive Data Protection에 인증하려면 애플리케이션 기본 사용자 인증 정보를 설정합니다. 자세한 내용은 로컬 개발 환경의 인증 설정을 참조하세요.
from typing import Dict, List, Union
import google.cloud.dlp
def deidentify_table_with_crypto_hash(
project: str,
table_data: Dict[str, Union[List[str], List[List[str]]]],
info_types: List[str],
transient_key_name: str,
) -> None:
"""Uses the Data Loss Prevention API to de-identify sensitive data
in a table using a cryptographic hash transformation.
Args:
project: The Google Cloud project id to use as a parent resource.
table_data: Dictionary representing table data.
info_types: A list of strings representing info types to look for.
A full list of info type categories can be fetched from the API.
transient_key_name: Name of the transient crypto key used for encryption.
The scope of this key is a single API call. It is generated for
the transformation and then discarded.
"""
# Instantiate a client
dlp = google.cloud.dlp_v2.DlpServiceClient()
# Construct the `table`. For more details on the table schema, please see
# https://cloud.google.com/dlp/docs/reference/rest/v2/ContentItem#Table
headers = [{"name": val} for val in table_data["header"]]
rows = []
for row in table_data["rows"]:
rows.append({"values": [{"string_value": cell_val} for cell_val in row]})
table = {"headers": headers, "rows": rows}
# Construct the `item` that service will de-identify.
item = {"table": table}
# Prepare info_types by converting the list of strings into a list of
# dictionaries.
info_types = [{"name": info_type} for info_type in info_types]
# Construct cryptographic hash configuration using the transient key
# which will encrypt the data.
crypto_hash_config = {"crypto_key": {"transient": {"name": transient_key_name}}}
# Specify the type of info the inspection will look for.
inspect_config = {
"info_types": info_types,
}
# Construct deidentify configuration dictionary.
deidentify_config = {
"info_type_transformations": {
"transformations": [
{
"info_types": info_types,
"primitive_transformation": {
"crypto_hash_config": crypto_hash_config
},
}
]
}
}
# Convert the project id into a full resource id.
parent = f"projects/{project}/locations/global"
# Call the API.
response = dlp.deidentify_content(
request={
"parent": parent,
"deidentify_config": deidentify_config,
"inspect_config": inspect_config,
"item": item,
}
)
# Print the result.
print(f"Table after de-identification: {response.item.table}")
다음 단계
다른 Google Cloud 제품의 코드 샘플을 검색하고 필터링하려면 Google Cloud 샘플 브라우저를 참조하세요.