Create an exception list for a regular custom dictionary detector.
Explore further
For detailed documentation that includes this code sample, see the following:
Code sample
C#
To learn how to install and use the client library for Sensitive Data Protection, see Sensitive Data Protection client libraries .
To authenticate to Sensitive Data Protection, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .
using
System
;
using
Google.Api.Gax.ResourceNames
;
using
Google.Cloud.Dlp.V2
;
public
class
DeidentifyWithExceptionList
{
public
static
DeidentifyContentResponse
Deidentify
(
string
projectId
,
string
text
)
{
// Instantiate a client.
var
dlp
=
DlpServiceClient
.
Create
();
var
contentItem
=
new
ContentItem
{
Value
=
text
};
var
wordList
=
new
CustomInfoType
.
Types
.
Dictionary
.
Types
.
WordList
{
Words
=
{
new
string
[]
{
"jack@example.org"
,
"jill@example.org"
}
}
};
var
exclusionRule
=
new
ExclusionRule
{
MatchingType
=
MatchingType
.
FullMatch
,
Dictionary
=
new
CustomInfoType
.
Types
.
Dictionary
{
WordList
=
wordList
}
};
var
infoType
=
new
InfoType
{
Name
=
"EMAIL_ADDRESS"
};
var
inspectionRuleSet
=
new
InspectionRuleSet
{
InfoTypes
=
{
infoType
},
Rules
=
{
new
InspectionRule
{
ExclusionRule
=
exclusionRule
}
}
};
var
inspectConfig
=
new
InspectConfig
{
InfoTypes
=
{
infoType
},
RuleSet
=
{
inspectionRuleSet
}
};
var
primitiveTransformation
=
new
PrimitiveTransformation
{
ReplaceWithInfoTypeConfig
=
new
ReplaceWithInfoTypeConfig
{
}
};
var
transformation
=
new
InfoTypeTransformations
.
Types
.
InfoTypeTransformation
{
InfoTypes
=
{
infoType
},
PrimitiveTransformation
=
primitiveTransformation
};
var
deidentifyConfig
=
new
DeidentifyConfig
{
InfoTypeTransformations
=
new
InfoTypeTransformations
{
Transformations
=
{
transformation
}
}
};
var
request
=
new
DeidentifyContentRequest
{
Parent
=
new
LocationName
(
projectId
,
"global"
).
ToString
(),
InspectConfig
=
inspectConfig
,
DeidentifyConfig
=
deidentifyConfig
,
Item
=
contentItem
};
// Call the API.
var
response
=
dlp
.
DeidentifyContent
(
request
);
// Inspect the results.
Console
.
WriteLine
(
$"Deidentified content: {response.Item. Value
}"
);
return
response
;
}
}
Go
To learn how to install and use the client library for Sensitive Data Protection, see Sensitive Data Protection client libraries .
To authenticate to Sensitive Data Protection, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .
import
(
"context"
"fmt"
"io"
dlp
"cloud.google.com/go/dlp/apiv2"
"cloud.google.com/go/dlp/apiv2/dlppb"
)
// deidentifyExceptionList creates an exception list for a regular custom dictionary detector.
func
deidentifyExceptionList
(
w
io
.
Writer
,
projectID
,
input
string
)
error
{
// projectID := "my-project-id"
// input := "jack@example.org accessed customer record of user5@example.com"
ctx
:=
context
.
Background
()
// Initialize a client once and reuse it to send multiple requests. Clients
// are safe to use across goroutines. When the client is no longer needed,
// call the Close method to cleanup its resources.
client
,
err
:=
dlp
.
NewClient
(
ctx
)
if
err
!=
nil
{
return
fmt
.
Errorf
(
"dlp.NewClient: %w"
,
err
)
}
// Closing the client safely cleans up background resousrces.
defer
client
.
Close
()
// Specify what content you want the service to DeIdentify.
item
:=
& dlppb
.
ContentItem
{
DataItem
:
& dlppb
.
ContentItem_Value
{
Value
:
input
,
},
}
// Specify the word list custom info type and build-in info type the inspection will look for.
infoTypes
:=
[]
*
dlppb
.
InfoType
{
{
Name
:
"EMAIL_ADDRESS"
},
}
dictionary
:=
& dlppb
.
CustomInfoType_Dictionary
{
Source
:
& dlppb
.
CustomInfoType_Dictionary_WordList_
{
WordList
:
& dlppb
.
CustomInfoType_Dictionary_WordList
{
Words
:
[]
string
{
"jack@example.org"
,
"jill@example.org"
},
},
},
}
exclusionRule
:=
& dlppb
.
ExclusionRule
{
MatchingType
:
dlppb
.
MatchingType_MATCHING_TYPE_FULL_MATCH
,
Type
:
& dlppb
.
ExclusionRule_Dictionary
{
Dictionary
:
dictionary
,
},
}
inspectRuleSet
:=
& dlppb
.
InspectionRuleSet
{
InfoTypes
:
infoTypes
,
Rules
:
[]
*
dlppb
.
InspectionRule
{
{
Type
:
& dlppb
.
InspectionRule_ExclusionRule
{
ExclusionRule
:
exclusionRule
,
},
},
},
}
// Construct the configuration for the de-id request and list all desired transformations.
primitiveTransformation
:=
& dlppb
.
PrimitiveTransformation
{
Transformation
:
& dlppb
.
PrimitiveTransformation_ReplaceWithInfoTypeConfig
{},
}
infoTypeTransformation
:=
& dlppb
.
InfoTypeTransformations
{
Transformations
:
[]
*
dlppb
.
InfoTypeTransformations_InfoTypeTransformation
{
{
PrimitiveTransformation
:
primitiveTransformation
,
},
},
}
deIdentifyConfig
:=
& dlppb
.
DeidentifyConfig
{
Transformation
:
& dlppb
.
DeidentifyConfig_InfoTypeTransformations
{
InfoTypeTransformations
:
infoTypeTransformation
,
},
}
// Create a configured request.
req
:=
& dlppb
.
DeidentifyContentRequest
{
Parent
:
fmt
.
Sprintf
(
"projects/%s/locations/global"
,
projectID
),
DeidentifyConfig
:
deIdentifyConfig
,
InspectConfig
:
& dlppb
.
InspectConfig
{
InfoTypes
:
infoTypes
,
CustomInfoTypes
:
[]
*
dlppb
.
CustomInfoType
{},
RuleSet
:
[]
*
dlppb
.
InspectionRuleSet
{
inspectRuleSet
},
},
// The item to analyze.
Item
:
item
,
}
// Send the request.
resp
,
err
:=
client
.
DeidentifyContent
(
ctx
,
req
)
if
err
!=
nil
{
return
err
}
// Print the result.
fmt
.
Fprintf
(
w
,
"output : %v"
,
resp
.
GetItem
().
GetValue
())
return
nil
}
Java
To learn how to install and use the client library for Sensitive Data Protection, see Sensitive Data Protection client libraries .
To authenticate to Sensitive Data Protection, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .
import
com.google.cloud.dlp.v2. DlpServiceClient
;
import
com.google.privacy.dlp.v2. ContentItem
;
import
com.google.privacy.dlp.v2. CustomInfoType
;
import
com.google.privacy.dlp.v2. CustomInfoType
. Dictionary
;
import
com.google.privacy.dlp.v2. CustomInfoType
. Dictionary
. WordList
;
import
com.google.privacy.dlp.v2. DeidentifyConfig
;
import
com.google.privacy.dlp.v2. DeidentifyContentRequest
;
import
com.google.privacy.dlp.v2. DeidentifyContentResponse
;
import
com.google.privacy.dlp.v2. ExclusionRule
;
import
com.google.privacy.dlp.v2. InfoType
;
import
com.google.privacy.dlp.v2. InfoTypeTransformations
;
import
com.google.privacy.dlp.v2. InfoTypeTransformations
. InfoTypeTransformation
;
import
com.google.privacy.dlp.v2. InspectConfig
;
import
com.google.privacy.dlp.v2. InspectionRule
;
import
com.google.privacy.dlp.v2. InspectionRuleSet
;
import
com.google.privacy.dlp.v2. LocationName
;
import
com.google.privacy.dlp.v2. MatchingType
;
import
com.google.privacy.dlp.v2. PrimitiveTransformation
;
import
com.google.privacy.dlp.v2. ReplaceWithInfoTypeConfig
;
import
java.io.IOException
;
public
class
DeIdentifyWithExceptionList
{
public
static
void
main
(
String
[]
args
)
throws
Exception
{
// TODO(developer): Replace these variables before running the sample.
String
projectId
=
"your-project-id"
;
String
textToDeIdentify
=
"jack@example.org accessed customer record of user5@example.com"
;
deIdentifyWithExceptionList
(
projectId
,
textToDeIdentify
);
}
public
static
void
deIdentifyWithExceptionList
(
String
projectId
,
String
textToDeIdentify
)
throws
IOException
{
// Initialize client that will be used to send requests. This client only needs to be created
// once, and can be reused for multiple requests. After completing all of your requests, call
// the "close" method on the client to safely clean up any remaining background resources.
try
(
DlpServiceClient
dlp
=
DlpServiceClient
.
create
())
{
// Specify what content you want the service to DeIdentify.
ContentItem
contentItem
=
ContentItem
.
newBuilder
().
setValue
(
textToDeIdentify
).
build
();
// Construct the custom word list to be detected.
Dictionary
wordList
=
Dictionary
.
newBuilder
()
.
setWordList
(
WordList
.
newBuilder
()
.
addWords
(
"jack@example.org"
)
.
addWords
(
"jill@example.org"
)
.
build
())
.
build
();
// Construct the custom dictionary detector associated with the word list.
InfoType
developerEmail
=
InfoType
.
newBuilder
().
setName
(
"DEVELOPER_EMAIL"
).
build
();
CustomInfoType
customInfoType
=
CustomInfoType
.
newBuilder
().
setInfoType
(
developerEmail
).
setDictionary
(
wordList
).
build
();
ExclusionRule
exclusionRule
=
ExclusionRule
.
newBuilder
()
.
setDictionary
(
wordList
)
.
setMatchingType
(
MatchingType
.
MATCHING_TYPE_FULL_MATCH
)
.
build
();
InspectionRule
inspectionRule
=
InspectionRule
.
newBuilder
()
.
setExclusionRule
(
exclusionRule
)
.
build
();
// Specify the word list custom info type and build-in info type the inspection will look for.
InfoType
emailAddress
=
InfoType
.
newBuilder
().
setName
(
"EMAIL_ADDRESS"
).
build
();
InspectionRuleSet
inspectionRuleSet
=
InspectionRuleSet
.
newBuilder
()
.
addInfoTypes
(
emailAddress
)
.
addRules
(
inspectionRule
)
.
build
();
InspectConfig
inspectConfig
=
InspectConfig
.
newBuilder
()
.
addInfoTypes
(
emailAddress
)
.
addCustomInfoTypes
(
customInfoType
)
.
addRuleSet
(
inspectionRuleSet
)
.
build
();
// Define type of deidentification as replacement.
PrimitiveTransformation
primitiveTransformation
=
PrimitiveTransformation
.
newBuilder
()
.
setReplaceWithInfoTypeConfig
(
ReplaceWithInfoTypeConfig
.
getDefaultInstance
())
.
build
();
// Associate de-identification type with info type.
InfoTypeTransformation
transformation
=
InfoTypeTransformation
.
newBuilder
()
.
addInfoTypes
(
emailAddress
)
.
setPrimitiveTransformation
(
primitiveTransformation
)
.
build
();
// Construct the configuration for the de-id request and list all desired transformations.
DeidentifyConfig
deidentifyConfig
=
DeidentifyConfig
.
newBuilder
()
.
setInfoTypeTransformations
(
InfoTypeTransformations
.
newBuilder
().
addTransformations
(
transformation
))
.
build
();
// Combine configurations into a request for the service.
DeidentifyContentRequest
request
=
DeidentifyContentRequest
.
newBuilder
()
.
setParent
(
LocationName
.
of
(
projectId
,
"global"
).
toString
())
.
setItem
(
contentItem
)
.
setInspectConfig
(
inspectConfig
)
.
setDeidentifyConfig
(
deidentifyConfig
)
.
build
();
// Send the request and receive response from the service
DeidentifyContentResponse
response
=
dlp
.
deidentifyContent
(
request
);
// Print the results
System
.
out
.
println
(
"Text after replace with infotype config: "
+
response
.
getItem
().
getValue
());
}
}
}
Node.js
To learn how to install and use the client library for Sensitive Data Protection, see Sensitive Data Protection client libraries .
To authenticate to Sensitive Data Protection, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .
// Imports the Google Cloud Data Loss Prevention library
const
DLP
=
require
(
' @google-cloud/dlp
'
);
// Initialize client that will be used to send requests. This client only needs to be created
// once, and can be reused for multiple requests. After completing all of your requests, call
// the "close" method on the client to safely clean up any remaining background resources.
const
dlp
=
new
DLP
.
DlpServiceClient
();
// TODO(developer): Replace these variables before running the sample.
// const projectId = "your-project-id";
// The string to deidentify
// const textToInspect = 'jack@example.org accessed customer record of user5@example.com';
// Words to exclude for during inspection
// const words = ['jack@example.org', 'jill@example.org'];
// The infoTypes of information to match
// See https://cloud.google.com/dlp/docs/concepts-infotypes for more information
// about supported infoTypes.
// const infoTypes = [{ name: 'EMAIL_ADDRESS' }];
async
function
deIdentifyWithExceptionList
()
{
// Construct item to inspect
const
item
=
{
value
:
textToInspect
};
// Construct the custom dictionary detector associated with the word list.
const
wordListDict
=
{
wordList
:
{
words
:
words
,
},
};
// Construct a rule set that will only match if the match text does not
// contains tokens from the exclusion list.
const
ruleSet
=
[
{
infoTypes
:
infoTypes
,
rules
:
[
{
exclusionRule
:
{
matchingType
:
DLP
.
protos
.
google
.
privacy
.
dlp
.
v2
.
MatchingType
.
MATCHING_TYPE_FULL_MATCH
,
dictionary
:
wordListDict
,
},
},
],
},
];
// Combine configurations to construct inspect config.
const
inspectConfig
=
{
infoTypes
:
infoTypes
,
ruleSet
:
ruleSet
,
};
// Define type of de-identification as replacement & associate de-identification type with info type.
const
transformation
=
{
infoTypes
:
[],
primitiveTransformation
:
{
replaceWithInfoTypeConfig
:
{},
},
};
// Construct the configuration for the de-identification request and list all desired transformations.
const
deidentifyConfig
=
{
infoTypeTransformations
:
{
transformations
:
[
transformation
],
},
};
// Combine configurations into a request for the service.
const
request
=
{
parent
:
`projects/
${
projectId
}
/locations/global`
,
item
:
item
,
inspectConfig
:
inspectConfig
,
deidentifyConfig
:
deidentifyConfig
,
};
// Send the request and receive response from the service.
const
[
response
]
=
await
dlp
.
deidentifyContent
(
request
);
// Print the results
console
.
log
(
`Text after replace with infotype config:
${
response
.
item
.
value
}
`
);
}
deIdentifyWithExceptionList
();
PHP
To learn how to install and use the client library for Sensitive Data Protection, see Sensitive Data Protection client libraries .
To authenticate to Sensitive Data Protection, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .
use Google\Cloud\Dlp\V2\Client\DlpServiceClient;
use Google\Cloud\Dlp\V2\ContentItem;
use Google\Cloud\Dlp\V2\CustomInfoType\Dictionary;
use Google\Cloud\Dlp\V2\CustomInfoType\Dictionary\WordList;
use Google\Cloud\Dlp\V2\DeidentifyConfig;
use Google\Cloud\Dlp\V2\DeidentifyContentRequest;
use Google\Cloud\Dlp\V2\ExclusionRule;
use Google\Cloud\Dlp\V2\InfoType;
use Google\Cloud\Dlp\V2\InfoTypeTransformations;
use Google\Cloud\Dlp\V2\InfoTypeTransformations\InfoTypeTransformation;
use Google\Cloud\Dlp\V2\InspectConfig;
use Google\Cloud\Dlp\V2\InspectionRule;
use Google\Cloud\Dlp\V2\InspectionRuleSet;
use Google\Cloud\Dlp\V2\MatchingType;
use Google\Cloud\Dlp\V2\PrimitiveTransformation;
use Google\Cloud\Dlp\V2\ReplaceWithInfoTypeConfig;
/**
* Create an exception list for de-identification
* Create an exception list for a regular custom dictionary detector.
*
* @param string $callingProjectId The project ID to run the API call under
* @param string $textToDeIdentify The String you want the service to DeIdentify
*/
function deidentify_exception_list(
// TODO(developer): Replace sample parameters before running the code.
string $callingProjectId,
string $textToDeIdentify = 'jack@example.org accessed customer record of user5@example.com'
): void {
// Instantiate a client.
$dlp = new DlpServiceClient();
// Specify what content you want the service to DeIdentify.
$contentItem = (new ContentItem())
->setValue($textToDeIdentify);
// Construct the custom word list to be detected.
$wordList = (new Dictionary())
->setWordList((new WordList())
->setWords(['jack@example.org', 'jill@example.org']));
// Specify the exclusion rule and build-in info type the inspection will look for.
$exclusionRule = (new ExclusionRule())
->setMatchingType(MatchingType::MATCHING_TYPE_FULL_MATCH)
->setDictionary($wordList);
$emailAddress = (new InfoType())
->setName('EMAIL_ADDRESS');
$inspectionRuleSet = (new InspectionRuleSet())
->setInfoTypes([$emailAddress])
->setRules([
(new InspectionRule())
->setExclusionRule($exclusionRule)
]);
$inspectConfig = (new InspectConfig())
->setInfoTypes([$emailAddress])
->setRuleSet([$inspectionRuleSet]);
// Define type of deidentification as replacement.
$primitiveTransformation = (new PrimitiveTransformation())
->setReplaceWithInfoTypeConfig(new ReplaceWithInfoTypeConfig());
// Associate de-identification type with info type.
$transformation = (new InfoTypeTransformation())
->setInfoTypes([$emailAddress])
->setPrimitiveTransformation($primitiveTransformation);
// Construct the configuration for the de-id request and list all desired transformations.
$deidentifyConfig = (new DeidentifyConfig())
->setInfoTypeTransformations(
(new InfoTypeTransformations())
->setTransformations([$transformation])
);
// Send the request and receive response from the service
$parent = "projects/$callingProjectId/locations/global";
$deidentifyContentRequest = (new DeidentifyContentRequest())
->setParent($parent)
->setDeidentifyConfig($deidentifyConfig)
->setInspectConfig($inspectConfig)
->setItem($contentItem);
$response = $dlp->deidentifyContent($deidentifyContentRequest);
// Print the results
printf('Text after replace with infotype config: %s', $response->getItem()->getValue());
}
Python
To learn how to install and use the client library for Sensitive Data Protection, see Sensitive Data Protection client libraries .
To authenticate to Sensitive Data Protection, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .
from
typing
import
List
import
google.cloud.dlp
def
deidentify_with_exception_list
(
project
:
str
,
content_string
:
str
,
info_types
:
List
[
str
],
exception_list
:
List
[
str
]
)
-
> None
:
"""Uses the Data Loss Prevention API to de-identify sensitive data in a
string but ignore matches against custom list.
Args:
project: The Google Cloud project id to use as a parent resource.
content_string: The string to deidentify (will be treated as text).
info_types: A list of strings representing info types to look for.
A full list of info type categories can be fetched from the API.
exception_list: The list of strings to ignore matches on.
Returns:
None; the response from the API is printed to the terminal.
"""
# Instantiate a client
dlp
=
google
.
cloud
.
dlp_v2
.
DlpServiceClient
()
# Construct a list of infoTypes for DLP to locate in `content_string`. See
# https://cloud.google.com/dlp/docs/concepts-infotypes for more information
# about supported infoTypes.
info_types
=
[{
"name"
:
info_type
}
for
info_type
in
info_types
]
# Construct a rule set that will only match on info_type
# if the matched text is not in the exception list.
rule_set
=
[
{
"info_types"
:
info_types
,
"rules"
:
[
{
"exclusion_rule"
:
{
"dictionary"
:
{
"word_list"
:
{
"words"
:
exception_list
}},
"matching_type"
:
google
.
cloud
.
dlp_v2
.
MatchingType
.
MATCHING_TYPE_FULL_MATCH
,
}
}
],
}
]
# Construct the configuration dictionary
inspect_config
=
{
"info_types"
:
info_types
,
"rule_set"
:
rule_set
,
}
# Construct deidentify configuration dictionary
deidentify_config
=
{
"info_type_transformations"
:
{
"transformations"
:
[
{
"primitive_transformation"
:
{
"replace_with_info_type_config"
:
{}}}
]
}
}
# Construct the `item`.
item
=
{
"value"
:
content_string
}
# Convert the project id into a full resource id.
parent
=
f
"projects/
{
project
}
/locations/global"
# Call the API
response
=
dlp
.
deidentify_content
(
request
=
{
"parent"
:
parent
,
"deidentify_config"
:
deidentify_config
,
"inspect_config"
:
inspect_config
,
"item"
:
item
,
}
)
# Print out the results.
print
(
response
.
item
.
value
)
What's next
To search and filter code samples for other Google Cloud products, see the Google Cloud sample browser .
