The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.
A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when anInfoTypeTransformationis applied to both structured and unstructuredContentItems.
getCryptoKey
The key used by the encryption function. For deterministic encryption
using AES-SIV, the provided key is internally expanded to 64 bytes prior to
use.
The custom info type to annotate the surrogate with.
This annotation will be applied to the surrogate by prefixing it with
the name of the custom info type followed by the number of
characters comprising the surrogate. The following scheme defines the
format: {info type name}({surrogate character count}):{surrogate}
For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and
the surrogate is 'abc', the full replacement value
will be: 'MY_TOKEN_INFO_TYPE(3):abc'
This annotation identifies the surrogate when inspecting content using the
custom info type 'Surrogate'. This facilitates reversal of the
surrogate when it occurs in free text.
Note: For record transformations where the entire cell in a table is being
transformed, surrogates are not mandatory. Surrogates are used to denote
the location of the token and are necessary for re-identification in free
form text.
In order for inspection to work properly, the name of this info type must
not occur naturally anywhere in your data; otherwise, inspection may either
reverse a surrogate that does not correspond to an actual identifier
be unable to parse the surrogate and result in an error
Therefore, choose your custom info type name carefully after considering
what your data looks like. One way to select a name that has a high chance
of yielding reliable detection is to include one or more unicode characters
that are highly improbable to exist in your data.
For example, assuming your data is entered from a regular ASCII keyboard,
the symbol with the hex code point 29DD might be used like so:
⧝MY_TOKEN_TYPE.
The custom info type to annotate the surrogate with.
This annotation will be applied to the surrogate by prefixing it with
the name of the custom info type followed by the number of
characters comprising the surrogate. The following scheme defines the
format: {info type name}({surrogate character count}):{surrogate}
For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and
the surrogate is 'abc', the full replacement value
will be: 'MY_TOKEN_INFO_TYPE(3):abc'
This annotation identifies the surrogate when inspecting content using the
custom info type 'Surrogate'. This facilitates reversal of the
surrogate when it occurs in free text.
Note: For record transformations where the entire cell in a table is being
transformed, surrogates are not mandatory. Surrogates are used to denote
the location of the token and are necessary for re-identification in free
form text.
In order for inspection to work properly, the name of this info type must
not occur naturally anywhere in your data; otherwise, inspection may either
reverse a surrogate that does not correspond to an actual identifier
be unable to parse the surrogate and result in an error
Therefore, choose your custom info type name carefully after considering
what your data looks like. One way to select a name that has a high chance
of yielding reliable detection is to include one or more unicode characters
that are highly improbable to exist in your data.
For example, assuming your data is entered from a regular ASCII keyboard,
the symbol with the hex code point 29DD might be used like so:
⧝MY_TOKEN_TYPE.
A context may be used for higher security and maintaining
referential integrity such that the same identifier in two different
contexts will be given a distinct surrogate. The context is appended to
plaintext value being encrypted. On decryption the provided context is
validated against the value used during encryption. If a context was
provided during encryption, same context must be provided during decryption
as well.
If the context is not set, plaintext would be used as is for encryption.
If the context is set but:
there is no record present when transforming a given value or
the field is not present when transforming a given value,
plaintext would be used as is for encryption.
Note that case (1) is expected when anInfoTypeTransformationis
applied to both structured and unstructuredContentItems.
A context may be used for higher security and maintaining
referential integrity such that the same identifier in two different
contexts will be given a distinct surrogate. The context is appended to
plaintext value being encrypted. On decryption the provided context is
validated against the value used during encryption. If a context was
provided during encryption, same context must be provided during decryption
as well.
If the context is not set, plaintext would be used as is for encryption.
If the context is set but:
there is no record present when transforming a given value or
the field is not present when transforming a given value,
plaintext would be used as is for encryption.
Note that case (1) is expected when anInfoTypeTransformationis
applied to both structured and unstructuredContentItems.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[],[],null,["# Data Loss Prevention V2 Client - Class CryptoDeterministicConfig (2.6.1)\n\nVersion latestkeyboard_arrow_down\n\n- [2.6.1 (latest)](/php/docs/reference/cloud-dlp/latest/V2.CryptoDeterministicConfig)\n- [2.6.0](/php/docs/reference/cloud-dlp/2.6.0/V2.CryptoDeterministicConfig)\n- [2.4.1](/php/docs/reference/cloud-dlp/2.4.1/V2.CryptoDeterministicConfig)\n- [2.3.0](/php/docs/reference/cloud-dlp/2.3.0/V2.CryptoDeterministicConfig)\n- [2.2.3](/php/docs/reference/cloud-dlp/2.2.3/V2.CryptoDeterministicConfig)\n- [2.1.0](/php/docs/reference/cloud-dlp/2.1.0/V2.CryptoDeterministicConfig)\n- [2.0.0](/php/docs/reference/cloud-dlp/2.0.0/V2.CryptoDeterministicConfig)\n- [1.19.0](/php/docs/reference/cloud-dlp/1.19.0/V2.CryptoDeterministicConfig)\n- [1.18.0](/php/docs/reference/cloud-dlp/1.18.0/V2.CryptoDeterministicConfig)\n- [1.17.0](/php/docs/reference/cloud-dlp/1.17.0/V2.CryptoDeterministicConfig)\n- [1.16.0](/php/docs/reference/cloud-dlp/1.16.0/V2.CryptoDeterministicConfig)\n- [1.15.1](/php/docs/reference/cloud-dlp/1.15.1/V2.CryptoDeterministicConfig)\n- [1.14.0](/php/docs/reference/cloud-dlp/1.14.0/V2.CryptoDeterministicConfig)\n- [1.13.2](/php/docs/reference/cloud-dlp/1.13.2/V2.CryptoDeterministicConfig)\n- [1.12.0](/php/docs/reference/cloud-dlp/1.12.0/V2.CryptoDeterministicConfig)\n- [1.11.0](/php/docs/reference/cloud-dlp/1.11.0/V2.CryptoDeterministicConfig)\n- [1.10.2](/php/docs/reference/cloud-dlp/1.10.2/V2.CryptoDeterministicConfig)\n- [1.9.0](/php/docs/reference/cloud-dlp/1.9.0/V2.CryptoDeterministicConfig)\n- [1.8.6](/php/docs/reference/cloud-dlp/1.8.6/V2.CryptoDeterministicConfig) \nReference documentation and code samples for the Data Loss Prevention V2 Client class CryptoDeterministicConfig.\n\nPseudonymization method that generates deterministic encryption for the given\ninput. Outputs a base64 encoded representation of the encrypted output.\n\nUses AES-SIV based on the RFC \u003chttps://tools.ietf.org/html/rfc5297\u003e.\n\nGenerated from protobuf message `google.privacy.dlp.v2.CryptoDeterministicConfig`\n\nNamespace\n---------\n\nGoogle \\\\ Cloud \\\\ Dlp \\\\ V2\n\nMethods\n-------\n\n### __construct\n\nConstructor.\n\n### getCryptoKey\n\nThe key used by the encryption function. For deterministic encryption\nusing AES-SIV, the provided key is internally expanded to 64 bytes prior to\nuse.\n\n### hasCryptoKey\n\n### clearCryptoKey\n\n### setCryptoKey\n\nThe key used by the encryption function. For deterministic encryption\nusing AES-SIV, the provided key is internally expanded to 64 bytes prior to\nuse.\n\n### getSurrogateInfoType\n\nThe custom info type to annotate the surrogate with.\n\nThis annotation will be applied to the surrogate by prefixing it with\nthe name of the custom info type followed by the number of\ncharacters comprising the surrogate. The following scheme defines the\nformat: {info type name}({surrogate character count}):{surrogate}\nFor example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and\nthe surrogate is 'abc', the full replacement value\nwill be: 'MY_TOKEN_INFO_TYPE(3):abc'\nThis annotation identifies the surrogate when inspecting content using the\ncustom info type 'Surrogate'. This facilitates reversal of the\nsurrogate when it occurs in free text.\nNote: For record transformations where the entire cell in a table is being\ntransformed, surrogates are not mandatory. Surrogates are used to denote\nthe location of the token and are necessary for re-identification in free\nform text.\nIn order for inspection to work properly, the name of this info type must\nnot occur naturally anywhere in your data; otherwise, inspection may either\n\n- reverse a surrogate that does not correspond to an actual identifier\n- be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.\n\n### hasSurrogateInfoType\n\n### clearSurrogateInfoType\n\n### setSurrogateInfoType\n\nThe custom info type to annotate the surrogate with.\n\nThis annotation will be applied to the surrogate by prefixing it with\nthe name of the custom info type followed by the number of\ncharacters comprising the surrogate. The following scheme defines the\nformat: {info type name}({surrogate character count}):{surrogate}\nFor example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and\nthe surrogate is 'abc', the full replacement value\nwill be: 'MY_TOKEN_INFO_TYPE(3):abc'\nThis annotation identifies the surrogate when inspecting content using the\ncustom info type 'Surrogate'. This facilitates reversal of the\nsurrogate when it occurs in free text.\nNote: For record transformations where the entire cell in a table is being\ntransformed, surrogates are not mandatory. Surrogates are used to denote\nthe location of the token and are necessary for re-identification in free\nform text.\nIn order for inspection to work properly, the name of this info type must\nnot occur naturally anywhere in your data; otherwise, inspection may either\n\n- reverse a surrogate that does not correspond to an actual identifier\n- be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.\n\n### getContext\n\nA context may be used for higher security and maintaining\nreferential integrity such that the same identifier in two different\ncontexts will be given a distinct surrogate. The context is appended to\nplaintext value being encrypted. On decryption the provided context is\nvalidated against the value used during encryption. If a context was\nprovided during encryption, same context must be provided during decryption\nas well.\n\nIf the context is not set, plaintext would be used as is for encryption.\nIf the context is set but:\n\n1. there is no record present when transforming a given value or\n2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and unstructured `ContentItem`s.\n\n### hasContext\n\n### clearContext\n\n### setContext\n\nA context may be used for higher security and maintaining\nreferential integrity such that the same identifier in two different\ncontexts will be given a distinct surrogate. The context is appended to\nplaintext value being encrypted. On decryption the provided context is\nvalidated against the value used during encryption. If a context was\nprovided during encryption, same context must be provided during decryption\nas well.\n\nIf the context is not set, plaintext would be used as is for encryption.\nIf the context is set but:\n\n1. there is no record present when transforming a given value or\n2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and unstructured `ContentItem`s."]]
