Re-identify table data with format-preserving encryption.
Explore further
For detailed documentation that includes this code sample, see the following:
Code sample
C#
To learn how to install and use the client library for Sensitive Data Protection, see Sensitive Data Protection client libraries .
To authenticate to Sensitive Data Protection, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .
using
System
;
using
Google.Api.Gax.ResourceNames
;
using
Google.Cloud.Dlp.V2
;
using
Google.Protobuf
;
using
static
Google
.
Cloud
.
Dlp
.
V2
.
CryptoReplaceFfxFpeConfig
.
Types
;
public
class
ReidentifyTableDataWithFpe
{
public
static
Table
ReidentifyTableData
(
string
projectId
,
string
keyName
,
string
wrappedKey
,
FfxCommonNativeAlphabet
alphabet
=
FfxCommonNativeAlphabet
.
Numeric
,
Table
tableToInspect
=
null
)
{
// Instantiate a client.
var
dlp
=
DlpServiceClient
.
Create
();
// Construct the table if null.
var
table
=
tableToInspect
;
if
(
table
==
null
)
{
var
row1
=
new
Value
[]
{
new
Value
{
StringValue
=
"28777"
},
new
Value
{
StringValue
=
"Justin"
}
};
var
row2
=
new
Value
[]
{
new
Value
{
StringValue
=
"28778"
},
new
Value
{
StringValue
=
"Gary"
}
};
table
=
new
Table
{
Headers
=
{
new
FieldId
{
Name
=
"Employee ID"
},
new
FieldId
{
Name
=
"Employee Name"
}
},
Rows
=
{
new
Table
.
Types
.
Row
{
Values
=
{
row1
}
},
new
Table
.
Types
.
Row
{
Values
=
{
row2
}
}
}
};
}
// Construct the content item by providing the table.
var
contentItem
=
new
ContentItem
{
Table
=
table
};
// Specify how to decrypt the previously de-identified information.
var
cryptoReplaceFfxFpeConfig
=
new
CryptoReplaceFfxFpeConfig
{
CryptoKey
=
new
CryptoKey
{
KmsWrapped
=
new
KmsWrappedCryptoKey
{
CryptoKeyName
=
keyName
,
WrappedKey
=
ByteString
.
FromBase64
(
wrappedKey
)
}
},
CommonAlphabet
=
alphabet
};
// Specify the field to be decrypted.
var
fields
=
new
FieldId
[]
{
new
FieldId
{
Name
=
"Employee ID"
}
};
// Construct the re-identify config and specify the transformation.
var
reidentifyConfig
=
new
DeidentifyConfig
{
RecordTransformations
=
new
RecordTransformations
{
FieldTransformations
=
{
new
FieldTransformation
{
PrimitiveTransformation
=
new
PrimitiveTransformation
{
CryptoReplaceFfxFpeConfig
=
cryptoReplaceFfxFpeConfig
,
},
Fields
=
{
fields
}
}
}
}
};
// Construct the request.
var
request
=
new
ReidentifyContentRequest
{
Parent
=
new
LocationName
(
projectId
,
"global"
).
ToString
(),
Item
=
contentItem
,
ReidentifyConfig
=
reidentifyConfig
};
// Call the API.
ReidentifyContentResponse
response
=
dlp
.
ReidentifyContent
(
request
);
// Inspect the response.
Console
.
WriteLine
(
$"Table after re-identification: {response. Item
. Table
}"
);
return
response
.
Item
.
Table
;
}
}
Go
To learn how to install and use the client library for Sensitive Data Protection, see Sensitive Data Protection client libraries .
To authenticate to Sensitive Data Protection, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .
import
(
"context"
"encoding/base64"
"fmt"
"io"
dlp
"cloud.google.com/go/dlp/apiv2"
"cloud.google.com/go/dlp/apiv2/dlppb"
)
// reidTableDataWithFPE re-identifies table data with FPE
func
reidTableDataWithFPE
(
w
io
.
Writer
,
projectID
,
kmsKeyName
,
wrappedAesKey
string
)
error
{
// projectId := "my-project-id"
/* kmsKeyName := "projects/YOUR_PROJECT/"
+ "locations/YOUR_KEYRING_REGION/"
+ "keyRings/YOUR_KEYRING_NAME/"
+ "cryptoKeys/YOUR_KEY_NAME"
*/
// wrappedAesKey := "YOUR_ENCRYPTED_AES_256_KEY"
ctx
:=
context
.
Background
()
// Initialize a client once and reuse it to send multiple requests. Clients
// are safe to use across goroutines. When the client is no longer needed,
// call the Close method to cleanup its resources.
client
,
err
:=
dlp
.
NewClient
(
ctx
)
if
err
!=
nil
{
return
err
}
// Closing the client safely cleans up background resources.
defer
client
.
Close
()
// Specify the table data that needs to be re-identified.
tableToReIdentify
:=
& dlppb
.
Table
{
Headers
:
[]
*
dlppb
.
FieldId
{
{
Name
:
"Employee ID"
},
},
Rows
:
[]
*
dlppb
.
Table_Row
{
{
Values
:
[]
*
dlppb
.
Value
{
{
Type
:
& dlppb
.
Value_StringValue
{
StringValue
:
"90511"
,
},
},
},
},
},
}
// Specify the content you want to re-identify.
contentItem
:=
& dlppb
.
ContentItem
{
DataItem
:
& dlppb
.
ContentItem_Table
{
Table
:
tableToReIdentify
,
},
}
// Specify an encrypted AES-256 key and the name of the Cloud KMS key that encrypted it.
kmsWrappedCryptoKey
,
err
:=
base64
.
StdEncoding
.
DecodeString
(
wrappedAesKey
)
if
err
!=
nil
{
return
err
}
cryptoKey
:=
& dlppb
.
CryptoKey
{
Source
:
& dlppb
.
CryptoKey_KmsWrapped
{
KmsWrapped
:
& dlppb
.
KmsWrappedCryptoKey
{
WrappedKey
:
kmsWrappedCryptoKey
,
CryptoKeyName
:
kmsKeyName
,
},
},
}
// Specify how to un-encrypt the previously de-identified information.
cryptoReplaceFfxFpeConfig
:=
& dlppb
.
CryptoReplaceFfxFpeConfig
{
CryptoKey
:
cryptoKey
,
Alphabet
:
& dlppb
.
CryptoReplaceFfxFpeConfig_CommonAlphabet
{
CommonAlphabet
:
dlppb
.
CryptoReplaceFfxFpeConfig_NUMERIC
,
},
}
primitiveTransformation
:=
& dlppb
.
PrimitiveTransformation
{
Transformation
:
& dlppb
.
PrimitiveTransformation_CryptoReplaceFfxFpeConfig
{
CryptoReplaceFfxFpeConfig
:
cryptoReplaceFfxFpeConfig
,
},
}
// Specify field to be decrypted.
fieldId
:=
& dlppb
.
FieldId
{
Name
:
"Employee ID"
,
}
// Associate the decryption with the specified field.
fieldTransformation
:=
& dlppb
.
FieldTransformation
{
Transformation
:
& dlppb
.
FieldTransformation_PrimitiveTransformation
{
PrimitiveTransformation
:
primitiveTransformation
,
},
Fields
:
[]
*
dlppb
.
FieldId
{
fieldId
,
},
}
recordTransformations
:=
& dlppb
.
RecordTransformations
{
FieldTransformations
:
[]
*
dlppb
.
FieldTransformation
{
fieldTransformation
,
},
}
deidentifyConfig
:=
& dlppb
.
DeidentifyConfig
{
Transformation
:
& dlppb
.
DeidentifyConfig_RecordTransformations
{
RecordTransformations
:
recordTransformations
,
},
}
// Combine configurations into a request for the service.
req
:=
& dlppb
.
ReidentifyContentRequest
{
Parent
:
fmt
.
Sprintf
(
"projects/%s/locations/global"
,
projectID
),
ReidentifyConfig
:
deidentifyConfig
,
Item
:
contentItem
,
}
// Send the request and receive response from the service.
resp
,
err
:=
client
.
ReidentifyContent
(
ctx
,
req
)
if
err
!=
nil
{
return
err
}
// Print the result.
fmt
.
Fprintf
(
w
,
"Table after re-identification : %v"
,
resp
.
GetItem
().
GetTable
())
return
nil
}
Java
To learn how to install and use the client library for Sensitive Data Protection, see Sensitive Data Protection client libraries .
To authenticate to Sensitive Data Protection, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .
import
com.google.cloud.dlp.v2. DlpServiceClient
;
import
com.google.common.io.BaseEncoding
;
import
com.google.privacy.dlp.v2. ContentItem
;
import
com.google.privacy.dlp.v2. CryptoKey
;
import
com.google.privacy.dlp.v2. CryptoReplaceFfxFpeConfig
;
import
com.google.privacy.dlp.v2. CryptoReplaceFfxFpeConfig
. FfxCommonNativeAlphabet
;
import
com.google.privacy.dlp.v2. DeidentifyConfig
;
import
com.google.privacy.dlp.v2. FieldId
;
import
com.google.privacy.dlp.v2. FieldTransformation
;
import
com.google.privacy.dlp.v2. KmsWrappedCryptoKey
;
import
com.google.privacy.dlp.v2. LocationName
;
import
com.google.privacy.dlp.v2. PrimitiveTransformation
;
import
com.google.privacy.dlp.v2. RecordTransformations
;
import
com.google.privacy.dlp.v2. ReidentifyContentRequest
;
import
com.google.privacy.dlp.v2. ReidentifyContentResponse
;
import
com.google.privacy.dlp.v2. Table
;
import
com.google.privacy.dlp.v2. Table
. Row
;
import
com.google.privacy.dlp.v2. Value
;
import
com.google.protobuf. ByteString
;
import
java.io.IOException
;
public
class
ReIdentifyTableWithFpe
{
public
static
void
main
(
String
[]
args
)
throws
Exception
{
// TODO(developer): Replace these variables before running the sample.
String
projectId
=
"your-project-id"
;
String
kmsKeyName
=
"projects/YOUR_PROJECT/"
+
"locations/YOUR_KEYRING_REGION/"
+
"keyRings/YOUR_KEYRING_NAME/"
+
"cryptoKeys/YOUR_KEY_NAME"
;
String
wrappedAesKey
=
"YOUR_ENCRYPTED_AES_256_KEY"
;
Table
tableToReIdentify
=
Table
.
newBuilder
()
.
addHeaders
(
FieldId
.
newBuilder
().
setName
(
"Employee ID"
).
build
())
.
addRows
(
Row
.
newBuilder
()
.
addValues
(
Value
.
newBuilder
().
setStringValue
(
"28777"
).
build
())
.
build
())
.
build
();
reIdentifyTableWithFpe
(
projectId
,
tableToReIdentify
,
kmsKeyName
,
wrappedAesKey
);
}
public
static
void
reIdentifyTableWithFpe
(
String
projectId
,
Table
tableToReIdentify
,
String
kmsKeyName
,
String
wrappedAesKey
)
throws
IOException
{
// Initialize client that will be used to send requests. This client only needs to be created
// once, and can be reused for multiple requests. After completing all of your requests, call
// the "close" method on the client to safely clean up any remaining background resources.
try
(
DlpServiceClient
dlp
=
DlpServiceClient
.
create
())
{
// Specify what content you want the service to re-identify.
ContentItem
contentItem
=
ContentItem
.
newBuilder
().
setTable
(
tableToReIdentify
).
build
();
// Specify an encrypted AES-256 key and the name of the Cloud KMS key that encrypted it.
KmsWrappedCryptoKey
kmsWrappedCryptoKey
=
KmsWrappedCryptoKey
.
newBuilder
()
.
setWrappedKey
(
ByteString
.
copyFrom
(
BaseEncoding
.
base64
().
decode
(
wrappedAesKey
)))
.
setCryptoKeyName
(
kmsKeyName
)
.
build
();
CryptoKey
cryptoKey
=
CryptoKey
.
newBuilder
().
setKmsWrapped
(
kmsWrappedCryptoKey
).
build
();
// Specify how to un-encrypt the previously de-identified information.
CryptoReplaceFfxFpeConfig
cryptoReplaceFfxFpeConfig
=
CryptoReplaceFfxFpeConfig
.
newBuilder
()
.
setCryptoKey
(
cryptoKey
)
// Set of characters in the input text. For more info, see
// https://cloud.google.com/dlp/docs/reference/rest/v2/organizations.deidentifyTemplates#DeidentifyTemplate.FfxCommonNativeAlphabet
.
setCommonAlphabet
(
FfxCommonNativeAlphabet
.
NUMERIC
)
.
build
();
PrimitiveTransformation
primitiveTransformation
=
PrimitiveTransformation
.
newBuilder
()
.
setCryptoReplaceFfxFpeConfig
(
cryptoReplaceFfxFpeConfig
)
.
build
();
// Specify field to be decrypted.
FieldId
fieldId
=
FieldId
.
newBuilder
().
setName
(
"Employee ID"
).
build
();
// Associate the decryption with the specified field.
FieldTransformation
fieldTransformation
=
FieldTransformation
.
newBuilder
()
.
setPrimitiveTransformation
(
primitiveTransformation
)
.
addFields
(
fieldId
)
.
build
();
RecordTransformations
transformations
=
RecordTransformations
.
newBuilder
().
addFieldTransformations
(
fieldTransformation
).
build
();
DeidentifyConfig
reidentifyConfig
=
DeidentifyConfig
.
newBuilder
().
setRecordTransformations
(
transformations
).
build
();
// Combine configurations into a request for the service.
ReidentifyContentRequest
request
=
ReidentifyContentRequest
.
newBuilder
()
.
setParent
(
LocationName
.
of
(
projectId
,
"global"
).
toString
())
.
setItem
(
contentItem
)
.
setReidentifyConfig
(
reidentifyConfig
)
.
build
();
// Send the request and receive response from the service
ReidentifyContentResponse
response
=
dlp
.
reidentifyContent
(
request
);
// Print the results
System
.
out
.
println
(
"Table after re-identification: "
+
response
.
getItem
().
getValue
());
}
}
}
Node.js
To learn how to install and use the client library for Sensitive Data Protection, see Sensitive Data Protection client libraries .
To authenticate to Sensitive Data Protection, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .
// Imports the Google Cloud Data Loss Prevention library
const
DLP
=
require
(
' @google-cloud/dlp
'
);
// Instantiates a client
const
dlp
=
new
DLP
.
DlpServiceClient
();
// The project ID to run the API call under
// const projectId = 'my-project';
// The set of characters to replace sensitive ones with
// For more information, see https://cloud.google.com/dlp/docs/reference/rest/v2/organizations.deidentifyTemplates#ffxcommonnativealphabet
// const alphabet = 'ALPHA_NUMERIC';
// The name of the Cloud KMS key used to encrypt ('wrap') the AES-256 key
// const keyName = 'projects/YOUR_GCLOUD_PROJECT/locations/YOUR_LOCATION/keyRings/YOUR_KEYRING_NAME/cryptoKeys/YOUR_KEY_NAME';
// The encrypted ('wrapped') AES-256 key to use
// This key should be encrypted using the Cloud KMS key specified above
// const wrappedKey = 'YOUR_ENCRYPTED_AES_256_KEY'
// The name of the surrogate custom info type to use when reidentifying data
// const surrogateType = 'SOME_INFO_TYPE_DEID';
// Table to re-identify
const
tablularData
=
{
headers
:
[{
name
:
'Employee ID'
}],
rows
:
[{
values
:
[{
stringValue
:
'90511'
}]}],
};
async
function
reidentifyTableWithFpe
()
{
// Specify field to be re-identified.
const
fieldIds
=
[{
name
:
'Employee ID'
}];
// Specify an encrypted AES-256 key and the name of the Cloud KMS key that encrypted it
const
cryptoKeyConfig
=
{
kmsWrapped
:
{
wrappedKey
:
wrappedKey
,
cryptoKeyName
:
keyName
,
},
};
// Associate transformation with crypto key congurations.
const
primitiveTransformation
=
{
cryptoReplaceFfxFpeConfig
:
{
cryptoKey
:
cryptoKeyConfig
,
commonAlphabet
:
alphabet
,
},
};
// Combine configurations into a request for the service.
const
request
=
{
parent
:
`projects/
${
projectId
}
/locations/global`
,
reidentifyConfig
:
{
recordTransformations
:
{
fieldTransformations
:
[
{
fields
:
fieldIds
,
primitiveTransformation
:
primitiveTransformation
,
},
],
},
},
item
:
{
table
:
tablularData
,
},
};
// Send the request and receive response from the service.
const
[
response
]
=
await
dlp
.
reidentifyContent
(
request
);
// Print the results.
console
.
log
(
`Table after re-identification:
${
JSON
.
stringify
(
response
.
item
.
table
)
}
`
);
}
await
reidentifyTableWithFpe
();
PHP
To learn how to install and use the client library for Sensitive Data Protection, see Sensitive Data Protection client libraries .
To authenticate to Sensitive Data Protection, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .
use Google\Cloud\Dlp\V2\Client\DlpServiceClient;
use Google\Cloud\Dlp\V2\ContentItem;
use Google\Cloud\Dlp\V2\CryptoKey;
use Google\Cloud\Dlp\V2\CryptoReplaceFfxFpeConfig;
use Google\Cloud\Dlp\V2\CryptoReplaceFfxFpeConfig\FfxCommonNativeAlphabet;
use Google\Cloud\Dlp\V2\DeidentifyConfig;
use Google\Cloud\Dlp\V2\FieldId;
use Google\Cloud\Dlp\V2\FieldTransformation;
use Google\Cloud\Dlp\V2\KmsWrappedCryptoKey;
use Google\Cloud\Dlp\V2\PrimitiveTransformation;
use Google\Cloud\Dlp\V2\RecordTransformations;
use Google\Cloud\Dlp\V2\ReidentifyContentRequest;
use Google\Cloud\Dlp\V2\Table;
use Google\Cloud\Dlp\V2\Table\Row;
use Google\Cloud\Dlp\V2\Value;
/**
* Re-identify table data with FPE.
*
* @param string $callingProjectId The Google Cloud project id to use as a parent resource.
* @param string $inputCsvFile The input file(csv) path to reidentify.
* @param string $outputCsvFile The oupt file path to save reidentify content.
* @param string $encryptedFieldNames The field to be encrypted.
* @param string $kmsKeyName The name of the Cloud KMS key used to encrypt ('wrap') the AES-256 key.
* Example: key_name = 'projects/YOUR_GCLOUD_PROJECT/locations/YOUR_LOCATION/keyRings/YOUR_KEYRING_NAME/cryptoKeys/YOUR_KEY_NAME'
* @param string $wrappedAesKey The encrypted ('wrapped') AES-256 key to use.
*
* */
function reidentify_table_fpe(
string $callingProjectId,
string $inputCsvFile,
string $outputCsvFile,
string $encryptedFieldNames,
string $kmsKeyName,
string $wrappedAesKey
): void {
// Instantiate a client.
$dlp = new DlpServiceClient();
$parent = "projects/$callingProjectId/locations/global";
// Read a CSV file.
$csvLines = file($inputCsvFile, FILE_IGNORE_NEW_LINES);
$csvHeaders = explode(',', $csvLines[0]);
$csvRows = array_slice($csvLines, 1);
// Convert CSV file into protobuf objects.
$tableHeaders = array_map(function ($csvHeader) {
return (new FieldId)
->setName($csvHeader);
}, $csvHeaders);
$tableRows = array_map(function ($csvRow) {
$rowValues = array_map(function ($csvValue) {
return (new Value())
->setStringValue($csvValue);
}, explode(',', $csvRow));
return (new Row())
->setValues($rowValues);
}, $csvRows);
// Construct the table object.
$tableToDeIdentify = (new Table())
->setHeaders($tableHeaders)
->setRows($tableRows);
// Specify the content to be reidentify.
$content = (new ContentItem())
->setTable($tableToDeIdentify);
// Specify an encrypted AES-256 key and the name of the Cloud KMS key that encrypted it.
$kmsWrappedCryptoKey = (new KmsWrappedCryptoKey())
->setWrappedKey(base64_decode($wrappedAesKey))
->setCryptoKeyName($kmsKeyName);
$cryptoKey = (new CryptoKey())
->setKmsWrapped($kmsWrappedCryptoKey);
// Specify how to un-encrypt the previously de-identified information.
$cryptoReplaceFfxFpeConfig = (new CryptoReplaceFfxFpeConfig())
->setCryptoKey($cryptoKey)
->setCommonAlphabet(FfxCommonNativeAlphabet::NUMERIC);
$primitiveTransformation = (new PrimitiveTransformation())
->setCryptoReplaceFfxFpeConfig($cryptoReplaceFfxFpeConfig);
// Specify field to be decrypted.
$encryptedFields = array_map(function ($encryptedFieldName) {
return (new FieldId())
->setName($encryptedFieldName);
}, explode(',', $encryptedFieldNames));
// Associate the decryption with the specified field.
$fieldTransformation = (new FieldTransformation())
->setPrimitiveTransformation($primitiveTransformation)
->setFields($encryptedFields);
$recordtransformations = (new RecordTransformations())
->setFieldTransformations([$fieldTransformation]);
$reidentifyConfig = (new DeidentifyConfig())
->setRecordTransformations($recordtransformations);
// Run request.
$reidentifyContentRequest = (new ReidentifyContentRequest())
->setParent($parent)
->setReidentifyConfig($reidentifyConfig)
->setItem($content);
$response = $dlp->reidentifyContent($reidentifyContentRequest);
// Print the results.
$csvRef = fopen($outputCsvFile, 'w');
fputcsv($csvRef, $csvHeaders);
foreach ($response->getItem()->getTable()->getRows() as $tableRow) {
$values = array_map(function ($tableValue) {
return $tableValue->getStringValue();
}, iterator_to_array($tableRow->getValues()));
fputcsv($csvRef, $values);
};
printf('Table after re-identification (File Location): %s', $outputCsvFile);
}
Python
To learn how to install and use the client library for Sensitive Data Protection, see Sensitive Data Protection client libraries .
To authenticate to Sensitive Data Protection, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .
import
base64
from
typing
import
List
import
google.cloud.dlp
def
reidentify_table_with_fpe
(
project
:
str
,
table_header
:
List
[
str
],
table_rows
:
List
[
List
[
str
]],
reid_field_names
:
List
[
str
],
key_name
:
str
=
None
,
wrapped_key
:
bytes
=
None
,
alphabet
:
str
=
None
,
)
-
> None
:
"""Uses the Data Loss Prevention API to re-identify sensitive data in a
table that was encrypted by Format Preserving Encryption (FPE).
Args:
project: The Google Cloud project id to use as a parent resource.
table_header: List of strings representing table field names.
table_rows: List of rows representing table data.
reid_field_names: A list of fields in table to re-identify.
key_name: The name of the Cloud KMS key used to encrypt ('wrap') the
AES-256 key. Example:
key_name = 'projects/YOUR_GCLOUD_PROJECT/locations/YOUR_LOCATION/
keyRings/YOUR_KEYRING_NAME/cryptoKeys/YOUR_KEY_NAME'
wrapped_key: The decrypted ('wrapped', in bytes) AES-256 key to use. This key
should be encrypted using the Cloud KMS key specified by key_name.
alphabet: The set of characters to replace sensitive ones with. For
more information, see https://cloud.google.com/dlp/docs/reference/
rest/v2/projects.deidentifyTemplates#ffxcommonnativealphabet
"""
# Instantiate a client.
dlp
=
google
.
cloud
.
dlp_v2
.
DlpServiceClient
()
# Construct the `table`. For more details on the table schema, please see
# https://cloud.google.com/dlp/docs/reference/rest/v2/ContentItem#Table
headers
=
[{
"name"
:
val
}
for
val
in
table_header
]
rows
=
[]
for
row
in
table_rows
:
rows
.
append
({
"values"
:
[{
"string_value"
:
cell_val
}
for
cell_val
in
row
]})
table
=
{
"headers"
:
headers
,
"rows"
:
rows
}
# Convert table to `item`
item
=
{
"table"
:
table
}
# Specify fields to be re-identified/decrypted.
reid_field_names
=
[{
"name"
:
_i
}
for
_i
in
reid_field_names
]
# Construct FPE configuration dictionary
crypto_replace_ffx_fpe_config
=
{
"crypto_key"
:
{
"kms_wrapped"
:
{
"wrapped_key"
:
wrapped_key
,
"crypto_key_name"
:
key_name
}
},
"common_alphabet"
:
alphabet
,
}
# Construct reidentify configuration dictionary
reidentify_config
=
{
"record_transformations"
:
{
"field_transformations"
:
[
{
"primitive_transformation"
:
{
"crypto_replace_ffx_fpe_config"
:
crypto_replace_ffx_fpe_config
,
},
"fields"
:
reid_field_names
,
}
]
}
}
# Convert the project id into a full resource id.
parent
=
f
"projects/
{
project
}
/locations/global"
# Call the API.
response
=
dlp
.
reidentify_content
(
request
=
{
"parent"
:
parent
,
"reidentify_config"
:
reidentify_config
,
"item"
:
item
,
}
)
# Print out results.
print
(
f
"Table after re-identification:
{
response
.
item
.
table
}
"
)
What's next
To search and filter code samples for other Google Cloud products, see the Google Cloud sample browser .
