This product is not supported for your selected
Datadog site. (
).
gcp_dlp_dlp_job
action_details
Type: UNORDERED_LIST_STRUCT
Provider name: actionDetails
Description: Events that should occur after the job has completed.
deidentify_details
Type: STRUCT
Provider name: deidentifyDetails
Description: Outcome of a de-identification action.
deidentify_stats
Type: STRUCT
Provider name: deidentifyStats
Description: Stats about the de-identification operation.
transformation_count
Type: INT64
Provider name: transformationCount
Description: Number of successfully applied transformations.
transformation_error_count
Type: INT64
Provider name: transformationErrorCount
Description: Number of errors encountered while trying to apply transformations.
transformed_bytes
Type: INT64
Provider name: transformedBytes
Description: Total size in bytes that were transformed in some way.
requested_options
Type: STRUCT
Provider name: requestedOptions
Description: De-identification config used for the request.
snapshot_deidentify_template
Type: STRUCT
Provider name: snapshotDeidentifyTemplate
Description: Snapshot of the state of the DeidentifyTemplate from the Deidentify action at the time this job was run.
create_time
Type: TIMESTAMP
Provider name: createTime
Description: Output only. The creation timestamp of an inspectTemplate.
deidentify_config
Type: STRUCT
Provider name: deidentifyConfig
Description: The core content of the template.
image_transformations
Type: STRUCT
Provider name: imageTransformations
Description: Treat the dataset as an image and redact.
transforms
Type: UNORDERED_LIST_STRUCT
Provider name: transforms
Description: List of transforms to make.
all_info_types
Type: STRUCT
Provider name: allInfoTypes
Description: Apply transformation to all findings not specified in other ImageTransformation’s selected_info_types. Only one instance is allowed within the ImageTransformations message.
all_text
Type: STRUCT
Provider name: allText
Description: Apply transformation to all text that doesn’t match an infoType. Only one instance is allowed within the ImageTransformations message.
redaction_color
Type: STRUCT
Provider name: redactionColor
Description: The color to use when redacting content from an image. If not specified, the default is black.
blue
Type: FLOAT
Provider name: blue
Description: The amount of blue in the color as a value in the interval [0, 1].
green
Type: FLOAT
Provider name: green
Description: The amount of green in the color as a value in the interval [0, 1].
red
Type: FLOAT
Provider name: red
Description: The amount of red in the color as a value in the interval [0, 1].
selected_info_types
Type: STRUCT
Provider name: selectedInfoTypes
Description: Apply transformation to the selected info_types.
info_types
Type: UNORDERED_LIST_STRUCT
Provider name: infoTypes
Description: Required. InfoTypes to apply the transformation to. Required. Provided InfoType must be unique within the ImageTransformations message.
name
Type: STRING
Provider name: name
Description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern [A-Za-z0-9$_-]{1,64}.
sensitivity_score
Type: STRUCT
Provider name: sensitivityScore
Description: Optional custom sensitivity for this InfoType. This only applies to data profiling.
score
Type: STRING
Provider name: score
Description: The sensitivity score applied to the resource.
Possible values:
SENSITIVITY_SCORE_UNSPECIFIED - Unused.
SENSITIVITY_LOW - No sensitive information detected. The resource isn’t publicly accessible.
SENSITIVITY_UNKNOWN - Unable to determine sensitivity.
SENSITIVITY_MODERATE - Medium risk. Contains personally identifiable information (PII), potentially sensitive data, or fields with free-text data that are at a higher risk of having intermittent sensitive data. Consider limiting access.
SENSITIVITY_HIGH - High risk. Sensitive personally identifiable information (SPII) can be present. Exfiltration of data can lead to user data loss. Re-identification of users might be possible. Consider limiting usage and or removing SPII.
version
Type: STRING
Provider name: version
Description: Optional version name for this InfoType.
info_type_transformations
Type: STRUCT
Provider name: infoTypeTransformations
Description: Treat the dataset as free-form text and apply the same free text transformation everywhere.
transformations
Type: UNORDERED_LIST_STRUCT
Provider name: transformations
Description: Required. Transformation for each infoType. Cannot specify more than one for a given infoType.
info_types
Type: UNORDERED_LIST_STRUCT
Provider name: infoTypes
Description: InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in InspectConfig.
name
Type: STRING
Provider name: name
Description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern [A-Za-z0-9$_-]{1,64}.
sensitivity_score
Type: STRUCT
Provider name: sensitivityScore
Description: Optional custom sensitivity for this InfoType. This only applies to data profiling.
score
Type: STRING
Provider name: score
Description: The sensitivity score applied to the resource.
Possible values:
SENSITIVITY_SCORE_UNSPECIFIED - Unused.
SENSITIVITY_LOW - No sensitive information detected. The resource isn’t publicly accessible.
SENSITIVITY_UNKNOWN - Unable to determine sensitivity.
SENSITIVITY_MODERATE - Medium risk. Contains personally identifiable information (PII), potentially sensitive data, or fields with free-text data that are at a higher risk of having intermittent sensitive data. Consider limiting access.
SENSITIVITY_HIGH - High risk. Sensitive personally identifiable information (SPII) can be present. Exfiltration of data can lead to user data loss. Re-identification of users might be possible. Consider limiting usage and or removing SPII.
version
Type: STRING
Provider name: version
Description: Optional version name for this InfoType.
primitive_transformation
Type: STRUCT
Provider name: primitiveTransformation
Description: Required. Primitive transformation to apply to the infoType.
bucketing_config
Type: STRUCT
Provider name: bucketingConfig
Description: Bucketing
buckets
Type: UNORDERED_LIST_STRUCT
Provider name: buckets
Description: Set of buckets. Ranges must be non-overlapping.
max
Type: STRUCT
Provider name: max
Description: Upper bound of the range, exclusive; type must match min.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
min
Type: STRUCT
Provider name: min
Description: Lower bound of the range, inclusive. Type should be the same as max if used.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
replacement_value
Type: STRUCT
Provider name: replacementValue
Description: Required. Replacement value for this bucket.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
character_mask_config
Type: STRUCT
Provider name: characterMaskConfig
Description: Mask
characters_to_ignore
Type: UNORDERED_LIST_STRUCT
Provider name: charactersToIgnore
Description: When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is 555-555-5555 and you instruct Cloud DLP to skip - and mask 5 characters with *, Cloud DLP returns ***-**5-5555.
characters_to_skip
Type: STRING
Provider name: charactersToSkip
Description: Characters to not transform when masking.
common_characters_to_ignore
Type: STRING
Provider name: commonCharactersToIgnore
Description: Common characters to not transform when masking. Useful to avoid removing punctuation.
Possible values:
COMMON_CHARS_TO_IGNORE_UNSPECIFIED - Unused.
NUMERIC - 0-9
ALPHA_UPPER_CASE - A-Z
ALPHA_LOWER_CASE - a-z
PUNCTUATION - US Punctuation, one of !’#$%&'()*+,-./:;<=>?@[\]^_`{|}~
WHITESPACE - Whitespace character, one of [ \t\n\x0B\f\r]
masking_character
Type: STRING
Provider name: maskingCharacter
Description: Character to use to mask the sensitive values—for example, * for an alphabetic string such as a name, or 0 for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to * for strings, and 0 for digits.
number_to_mask
Type: INT32
Provider name: numberToMask
Description: Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally. If number_to_mask is negative, this denotes inverse masking. Cloud DLP masks all but a number of characters. For example, suppose you have the following values: - masking_character is * - number_to_mask is -4 - reverse_order is false - CharsToIgnore includes - - Input string is 1234-5678-9012-3456 The resulting de-identified string is ****-****-****-3456. Cloud DLP masks all but the last four characters. If reverse_order is true, all but the first four characters are masked as 1234-****-****-****.
reverse_order
Type: BOOLEAN
Provider name: reverseOrder
Description: Mask characters in reverse order. For example, if masking_character is 0, number_to_mask is 14, and reverse_order is false, then the input string 1234-5678-9012-3456 is masked as 00000000000000-3456. If masking_character is *, number_to_mask is 3, and reverse_order is true, then the string 12345 is masked as 12***.
crypto_deterministic_config
Type: STRUCT
Provider name: cryptoDeterministicConfig
Description: Deterministic Crypto
context
Type: STRUCT
Provider name: context
Description: A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an InfoTypeTransformation is applied to both structured and unstructured ContentItems.
name
Type: STRING
Provider name: name
Description: Name describing the field.
crypto_key
Type: STRUCT
Provider name: cryptoKey
Description: The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use.
kms_wrapped
Type: STRUCT
Provider name: kmsWrapped
Description: Key wrapped using Cloud KMS
crypto_key_name
Type: STRING
Provider name: cryptoKeyName
Description: Required. The resource name of the KMS CryptoKey to use for unwrapping.
transient
Type: STRUCT
Provider name: transient
Description: Transient crypto key
name
Type: STRING
Provider name: name
Description: Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate TransientCryptoKey protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
unwrapped
Type: STRUCT
Provider name: unwrapped
Description: Unwrapped crypto key
surrogate_info_type
Type: STRUCT
Provider name: surrogateInfoType
Description: The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is ‘MY_TOKEN_INFO_TYPE’ and the surrogate is ‘abc’, the full replacement value will be: ‘MY_TOKEN_INFO_TYPE(3):abc’ This annotation identifies the surrogate when inspecting content using the custom info type ‘Surrogate’. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.
name
Type: STRING
Provider name: name
Description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern [A-Za-z0-9$_-]{1,64}.
sensitivity_score
Type: STRUCT
Provider name: sensitivityScore
Description: Optional custom sensitivity for this InfoType. This only applies to data profiling.
score
Type: STRING
Provider name: score
Description: The sensitivity score applied to the resource.
Possible values:
SENSITIVITY_SCORE_UNSPECIFIED - Unused.
SENSITIVITY_LOW - No sensitive information detected. The resource isn’t publicly accessible.
SENSITIVITY_UNKNOWN - Unable to determine sensitivity.
SENSITIVITY_MODERATE - Medium risk. Contains personally identifiable information (PII), potentially sensitive data, or fields with free-text data that are at a higher risk of having intermittent sensitive data. Consider limiting access.
SENSITIVITY_HIGH - High risk. Sensitive personally identifiable information (SPII) can be present. Exfiltration of data can lead to user data loss. Re-identification of users might be possible. Consider limiting usage and or removing SPII.
version
Type: STRING
Provider name: version
Description: Optional version name for this InfoType.
crypto_hash_config
Type: STRUCT
Provider name: cryptoHashConfig
Description: Crypto
crypto_key
Type: STRUCT
Provider name: cryptoKey
Description: The key used by the hash function.
kms_wrapped
Type: STRUCT
Provider name: kmsWrapped
Description: Key wrapped using Cloud KMS
crypto_key_name
Type: STRING
Provider name: cryptoKeyName
Description: Required. The resource name of the KMS CryptoKey to use for unwrapping.
transient
Type: STRUCT
Provider name: transient
Description: Transient crypto key
name
Type: STRING
Provider name: name
Description: Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate TransientCryptoKey protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
unwrapped
Type: STRUCT
Provider name: unwrapped
Description: Unwrapped crypto key
crypto_replace_ffx_fpe_config
Type: STRUCT
Provider name: cryptoReplaceFfxFpeConfig
Description: Ffx-Fpe. Strongly discouraged, consider using CryptoDeterministicConfig instead. Fpe is computationally expensive incurring latency costs.
common_alphabet
Type: STRING
Provider name: commonAlphabet
Description: Common alphabets.
Possible values:
FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED - Unused.
NUMERIC - [0-9] (radix of 10)
HEXADECIMAL - [0-9A-F] (radix of 16)
UPPER_CASE_ALPHA_NUMERIC - [0-9A-Z] (radix of 36)
ALPHA_NUMERIC - [0-9A-Za-z] (radix of 62)
context
Type: STRUCT
Provider name: context
Description: The ’tweak’, a context may be used for higher security since the same identifier in two different contexts won’t be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an InfoTypeTransformation is applied to both structured and unstructured ContentItems. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2
name
Type: STRING
Provider name: name
Description: Name describing the field.
crypto_key
Type: STRUCT
Provider name: cryptoKey
Description: Required. The key used by the encryption algorithm.
kms_wrapped
Type: STRUCT
Provider name: kmsWrapped
Description: Key wrapped using Cloud KMS
crypto_key_name
Type: STRING
Provider name: cryptoKeyName
Description: Required. The resource name of the KMS CryptoKey to use for unwrapping.
transient
Type: STRUCT
Provider name: transient
Description: Transient crypto key
name
Type: STRING
Provider name: name
Description: Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate TransientCryptoKey protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
unwrapped
Type: STRUCT
Provider name: unwrapped
Description: Unwrapped crypto key
custom_alphabet
Type: STRING
Provider name: customAlphabet
Description: This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/
radix
Type: INT32
Provider name: radix
Description: The native way to select the alphabet. Must be in the range [2, 95].
surrogate_info_type
Type: STRUCT
Provider name: surrogateInfoType
Description: The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is ‘MY_TOKEN_INFO_TYPE’ and the surrogate is ‘abc’, the full replacement value will be: ‘MY_TOKEN_INFO_TYPE(3):abc’ This annotation identifies the surrogate when inspecting content using the custom infoType SurrogateType. This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE
name
Type: STRING
Provider name: name
Description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern [A-Za-z0-9$_-]{1,64}.
sensitivity_score
Type: STRUCT
Provider name: sensitivityScore
Description: Optional custom sensitivity for this InfoType. This only applies to data profiling.
score
Type: STRING
Provider name: score
Description: The sensitivity score applied to the resource.
Possible values:
SENSITIVITY_SCORE_UNSPECIFIED - Unused.
SENSITIVITY_LOW - No sensitive information detected. The resource isn’t publicly accessible.
SENSITIVITY_UNKNOWN - Unable to determine sensitivity.
SENSITIVITY_MODERATE - Medium risk. Contains personally identifiable information (PII), potentially sensitive data, or fields with free-text data that are at a higher risk of having intermittent sensitive data. Consider limiting access.
SENSITIVITY_HIGH - High risk. Sensitive personally identifiable information (SPII) can be present. Exfiltration of data can lead to user data loss. Re-identification of users might be possible. Consider limiting usage and or removing SPII.
version
Type: STRING
Provider name: version
Description: Optional version name for this InfoType.
date_shift_config
Type: STRUCT
Provider name: dateShiftConfig
Description: Date Shift
context
Type: STRUCT
Provider name: context
Description: Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.
name
Type: STRING
Provider name: name
Description: Name describing the field.
crypto_key
Type: STRUCT
Provider name: cryptoKey
Description: Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.
kms_wrapped
Type: STRUCT
Provider name: kmsWrapped
Description: Key wrapped using Cloud KMS
crypto_key_name
Type: STRING
Provider name: cryptoKeyName
Description: Required. The resource name of the KMS CryptoKey to use for unwrapping.
transient
Type: STRUCT
Provider name: transient
Description: Transient crypto key
name
Type: STRING
Provider name: name
Description: Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate TransientCryptoKey protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
unwrapped
Type: STRUCT
Provider name: unwrapped
Description: Unwrapped crypto key
lower_bound_days
Type: INT32
Provider name: lowerBoundDays
Description: Required. For example, -5 means shift date to at most 5 days back in the past.
upper_bound_days
Type: INT32
Provider name: upperBoundDays
Description: Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.
fixed_size_bucketing_config
Type: STRUCT
Provider name: fixedSizeBucketingConfig
Description: Fixed size bucketing
bucket_size
Type: DOUBLE
Provider name: bucketSize
Description: Required. Size of each bucket (except for minimum and maximum buckets). So if lower_bound = 10, upper_bound = 89, and bucket_size = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
lower_bound
Type: STRUCT
Provider name: lowerBound
Description: Required. Lower bound value of buckets. All values less than lower_bound are grouped together into a single bucket; for example if lower_bound = 10, then all values less than 10 are replaced with the value “-10”.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
upper_bound
Type: STRUCT
Provider name: upperBound
Description: Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if upper_bound = 89, then all values greater than 89 are replaced with the value “89+”.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
redact_config
Type: STRUCT
Provider name: redactConfig
Description: Redact
replace_config
Type: STRUCT
Provider name: replaceConfig
Description: Replace with a specified value.
new_value
Type: STRUCT
Provider name: newValue
Description: Value to replace it with.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
replace_dictionary_config
Type: STRUCT
Provider name: replaceDictionaryConfig
Description: Replace with a value randomly drawn (with replacement) from a dictionary.
word_list
Type: STRUCT
Provider name: wordList
Description: A list of words to select from for random replacement. The limits page contains details about the size limits of dictionaries.
words
Type: UNORDERED_LIST_STRING
Provider name: words
Description: Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits. [required]
replace_with_info_type_config
Type: STRUCT
Provider name: replaceWithInfoTypeConfig
Description: Replace with infotype
time_part_config
Type: STRUCT
Provider name: timePartConfig
Description: Time extraction
part_to_extract
Type: STRING
Provider name: partToExtract
Description: The part of the time to keep.
Possible values:
TIME_PART_UNSPECIFIED - Unused
YEAR - [0-9999]
MONTH - [1-12]
DAY_OF_MONTH - [1-31]
DAY_OF_WEEK - [1-7]
WEEK_OF_YEAR - [1-53]
HOUR_OF_DAY - [0-23]
record_transformations
Type: STRUCT
Provider name: recordTransformations
Description: Treat the dataset as structured. Transformations can be applied to specific locations within structured datasets, such as transforming a column within a table.
field_transformations
Type: UNORDERED_LIST_STRUCT
Provider name: fieldTransformations
Description: Transform the record by applying various field transformations.
condition
Type: STRUCT
Provider name: condition
Description: Only apply the transformation if the condition evaluates to true for the given RecordCondition. The conditions are allowed to reference fields that are not used in the actual transformation. Example Use Cases: - Apply a different bucket transformation to an age column if the zip code column for the same record is within a specific range. - Redact a field if the date of birth field is greater than 85.
expressions
Type: STRUCT
Provider name: expressions
Description: An expression.
conditions
Type: STRUCT
Provider name: conditions
Description: Conditions to apply to the expression.
conditions
Type: UNORDERED_LIST_STRUCT
Provider name: conditions
Description: A collection of conditions.
field
Type: STRUCT
Provider name: field
Description: Required. Field within the record this condition is evaluated against.
name
Type: STRING
Provider name: name
Description: Name describing the field.
operator
Type: STRING
Provider name: operator
Description: Required. Operator used to compare the field or infoType to the value.
Possible values:
RELATIONAL_OPERATOR_UNSPECIFIED - Unused
EQUAL_TO - Equal. Attempts to match even with incompatible types.
NOT_EQUAL_TO - Not equal to. Attempts to match even with incompatible types.
GREATER_THAN - Greater than.
LESS_THAN - Less than.
GREATER_THAN_OR_EQUALS - Greater than or equals.
LESS_THAN_OR_EQUALS - Less than or equals.
EXISTS - Exists
value
Type: STRUCT
Provider name: value
Description: Value to compare against. [Mandatory, except for EXISTS tests.]
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
logical_operator
Type: STRING
Provider name: logicalOperator
Description: The operator to apply to the result of conditions. Default and currently only supported value is AND.
Possible values:
LOGICAL_OPERATOR_UNSPECIFIED - Unused
AND - Conditional AND
fields
Type: UNORDERED_LIST_STRUCT
Provider name: fields
Description: Required. Input field(s) to apply the transformation to. When you have columns that reference their position within a list, omit the index from the FieldId. FieldId name matching ignores the index. For example, instead of “contact.nums[0].type”, use “contact.nums.type”.
name
Type: STRING
Provider name: name
Description: Name describing the field.
info_type_transformations
Type: STRUCT
Provider name: infoTypeTransformations
Description: Treat the contents of the field as free text, and selectively transform content that matches an InfoType.
transformations
Type: UNORDERED_LIST_STRUCT
Provider name: transformations
Description: Required. Transformation for each infoType. Cannot specify more than one for a given infoType.
info_types
Type: UNORDERED_LIST_STRUCT
Provider name: infoTypes
Description: InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in InspectConfig.
name
Type: STRING
Provider name: name
Description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern [A-Za-z0-9$_-]{1,64}.
sensitivity_score
Type: STRUCT
Provider name: sensitivityScore
Description: Optional custom sensitivity for this InfoType. This only applies to data profiling.
score
Type: STRING
Provider name: score
Description: The sensitivity score applied to the resource.
Possible values:
SENSITIVITY_SCORE_UNSPECIFIED - Unused.
SENSITIVITY_LOW - No sensitive information detected. The resource isn’t publicly accessible.
SENSITIVITY_UNKNOWN - Unable to determine sensitivity.
SENSITIVITY_MODERATE - Medium risk. Contains personally identifiable information (PII), potentially sensitive data, or fields with free-text data that are at a higher risk of having intermittent sensitive data. Consider limiting access.
SENSITIVITY_HIGH - High risk. Sensitive personally identifiable information (SPII) can be present. Exfiltration of data can lead to user data loss. Re-identification of users might be possible. Consider limiting usage and or removing SPII.
version
Type: STRING
Provider name: version
Description: Optional version name for this InfoType.
primitive_transformation
Type: STRUCT
Provider name: primitiveTransformation
Description: Required. Primitive transformation to apply to the infoType.
bucketing_config
Type: STRUCT
Provider name: bucketingConfig
Description: Bucketing
buckets
Type: UNORDERED_LIST_STRUCT
Provider name: buckets
Description: Set of buckets. Ranges must be non-overlapping.
max
Type: STRUCT
Provider name: max
Description: Upper bound of the range, exclusive; type must match min.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
min
Type: STRUCT
Provider name: min
Description: Lower bound of the range, inclusive. Type should be the same as max if used.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
replacement_value
Type: STRUCT
Provider name: replacementValue
Description: Required. Replacement value for this bucket.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
character_mask_config
Type: STRUCT
Provider name: characterMaskConfig
Description: Mask
characters_to_ignore
Type: UNORDERED_LIST_STRUCT
Provider name: charactersToIgnore
Description: When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is 555-555-5555 and you instruct Cloud DLP to skip - and mask 5 characters with *, Cloud DLP returns ***-**5-5555.
characters_to_skip
Type: STRING
Provider name: charactersToSkip
Description: Characters to not transform when masking.
common_characters_to_ignore
Type: STRING
Provider name: commonCharactersToIgnore
Description: Common characters to not transform when masking. Useful to avoid removing punctuation.
Possible values:
COMMON_CHARS_TO_IGNORE_UNSPECIFIED - Unused.
NUMERIC - 0-9
ALPHA_UPPER_CASE - A-Z
ALPHA_LOWER_CASE - a-z
PUNCTUATION - US Punctuation, one of !’#$%&'()*+,-./:;<=>?@[\]^_`{|}~
WHITESPACE - Whitespace character, one of [ \t\n\x0B\f\r]
masking_character
Type: STRING
Provider name: maskingCharacter
Description: Character to use to mask the sensitive values—for example, * for an alphabetic string such as a name, or 0 for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to * for strings, and 0 for digits.
number_to_mask
Type: INT32
Provider name: numberToMask
Description: Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally. If number_to_mask is negative, this denotes inverse masking. Cloud DLP masks all but a number of characters. For example, suppose you have the following values: - masking_character is * - number_to_mask is -4 - reverse_order is false - CharsToIgnore includes - - Input string is 1234-5678-9012-3456 The resulting de-identified string is ****-****-****-3456. Cloud DLP masks all but the last four characters. If reverse_order is true, all but the first four characters are masked as 1234-****-****-****.
reverse_order
Type: BOOLEAN
Provider name: reverseOrder
Description: Mask characters in reverse order. For example, if masking_character is 0, number_to_mask is 14, and reverse_order is false, then the input string 1234-5678-9012-3456 is masked as 00000000000000-3456. If masking_character is *, number_to_mask is 3, and reverse_order is true, then the string 12345 is masked as 12***.
crypto_deterministic_config
Type: STRUCT
Provider name: cryptoDeterministicConfig
Description: Deterministic Crypto
context
Type: STRUCT
Provider name: context
Description: A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an InfoTypeTransformation is applied to both structured and unstructured ContentItems.
name
Type: STRING
Provider name: name
Description: Name describing the field.
crypto_key
Type: STRUCT
Provider name: cryptoKey
Description: The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use.
kms_wrapped
Type: STRUCT
Provider name: kmsWrapped
Description: Key wrapped using Cloud KMS
crypto_key_name
Type: STRING
Provider name: cryptoKeyName
Description: Required. The resource name of the KMS CryptoKey to use for unwrapping.
transient
Type: STRUCT
Provider name: transient
Description: Transient crypto key
name
Type: STRING
Provider name: name
Description: Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate TransientCryptoKey protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
unwrapped
Type: STRUCT
Provider name: unwrapped
Description: Unwrapped crypto key
surrogate_info_type
Type: STRUCT
Provider name: surrogateInfoType
Description: The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is ‘MY_TOKEN_INFO_TYPE’ and the surrogate is ‘abc’, the full replacement value will be: ‘MY_TOKEN_INFO_TYPE(3):abc’ This annotation identifies the surrogate when inspecting content using the custom info type ‘Surrogate’. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.
name
Type: STRING
Provider name: name
Description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern [A-Za-z0-9$_-]{1,64}.
sensitivity_score
Type: STRUCT
Provider name: sensitivityScore
Description: Optional custom sensitivity for this InfoType. This only applies to data profiling.
score
Type: STRING
Provider name: score
Description: The sensitivity score applied to the resource.
Possible values:
SENSITIVITY_SCORE_UNSPECIFIED - Unused.
SENSITIVITY_LOW - No sensitive information detected. The resource isn’t publicly accessible.
SENSITIVITY_UNKNOWN - Unable to determine sensitivity.
SENSITIVITY_MODERATE - Medium risk. Contains personally identifiable information (PII), potentially sensitive data, or fields with free-text data that are at a higher risk of having intermittent sensitive data. Consider limiting access.
SENSITIVITY_HIGH - High risk. Sensitive personally identifiable information (SPII) can be present. Exfiltration of data can lead to user data loss. Re-identification of users might be possible. Consider limiting usage and or removing SPII.
version
Type: STRING
Provider name: version
Description: Optional version name for this InfoType.
crypto_hash_config
Type: STRUCT
Provider name: cryptoHashConfig
Description: Crypto
crypto_key
Type: STRUCT
Provider name: cryptoKey
Description: The key used by the hash function.
kms_wrapped
Type: STRUCT
Provider name: kmsWrapped
Description: Key wrapped using Cloud KMS
crypto_key_name
Type: STRING
Provider name: cryptoKeyName
Description: Required. The resource name of the KMS CryptoKey to use for unwrapping.
transient
Type: STRUCT
Provider name: transient
Description: Transient crypto key
name
Type: STRING
Provider name: name
Description: Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate TransientCryptoKey protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
unwrapped
Type: STRUCT
Provider name: unwrapped
Description: Unwrapped crypto key
crypto_replace_ffx_fpe_config
Type: STRUCT
Provider name: cryptoReplaceFfxFpeConfig
Description: Ffx-Fpe. Strongly discouraged, consider using CryptoDeterministicConfig instead. Fpe is computationally expensive incurring latency costs.
common_alphabet
Type: STRING
Provider name: commonAlphabet
Description: Common alphabets.
Possible values:
FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED - Unused.
NUMERIC - [0-9] (radix of 10)
HEXADECIMAL - [0-9A-F] (radix of 16)
UPPER_CASE_ALPHA_NUMERIC - [0-9A-Z] (radix of 36)
ALPHA_NUMERIC - [0-9A-Za-z] (radix of 62)
context
Type: STRUCT
Provider name: context
Description: The ’tweak’, a context may be used for higher security since the same identifier in two different contexts won’t be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an InfoTypeTransformation is applied to both structured and unstructured ContentItems. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2
name
Type: STRING
Provider name: name
Description: Name describing the field.
crypto_key
Type: STRUCT
Provider name: cryptoKey
Description: Required. The key used by the encryption algorithm.
kms_wrapped
Type: STRUCT
Provider name: kmsWrapped
Description: Key wrapped using Cloud KMS
crypto_key_name
Type: STRING
Provider name: cryptoKeyName
Description: Required. The resource name of the KMS CryptoKey to use for unwrapping.
transient
Type: STRUCT
Provider name: transient
Description: Transient crypto key
name
Type: STRING
Provider name: name
Description: Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate TransientCryptoKey protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
unwrapped
Type: STRUCT
Provider name: unwrapped
Description: Unwrapped crypto key
custom_alphabet
Type: STRING
Provider name: customAlphabet
Description: This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/
radix
Type: INT32
Provider name: radix
Description: The native way to select the alphabet. Must be in the range [2, 95].
surrogate_info_type
Type: STRUCT
Provider name: surrogateInfoType
Description: The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is ‘MY_TOKEN_INFO_TYPE’ and the surrogate is ‘abc’, the full replacement value will be: ‘MY_TOKEN_INFO_TYPE(3):abc’ This annotation identifies the surrogate when inspecting content using the custom infoType SurrogateType. This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE
name
Type: STRING
Provider name: name
Description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern [A-Za-z0-9$_-]{1,64}.
sensitivity_score
Type: STRUCT
Provider name: sensitivityScore
Description: Optional custom sensitivity for this InfoType. This only applies to data profiling.
score
Type: STRING
Provider name: score
Description: The sensitivity score applied to the resource.
Possible values:
SENSITIVITY_SCORE_UNSPECIFIED - Unused.
SENSITIVITY_LOW - No sensitive information detected. The resource isn’t publicly accessible.
SENSITIVITY_UNKNOWN - Unable to determine sensitivity.
SENSITIVITY_MODERATE - Medium risk. Contains personally identifiable information (PII), potentially sensitive data, or fields with free-text data that are at a higher risk of having intermittent sensitive data. Consider limiting access.
SENSITIVITY_HIGH - High risk. Sensitive personally identifiable information (SPII) can be present. Exfiltration of data can lead to user data loss. Re-identification of users might be possible. Consider limiting usage and or removing SPII.
version
Type: STRING
Provider name: version
Description: Optional version name for this InfoType.
date_shift_config
Type: STRUCT
Provider name: dateShiftConfig
Description: Date Shift
context
Type: STRUCT
Provider name: context
Description: Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.
name
Type: STRING
Provider name: name
Description: Name describing the field.
crypto_key
Type: STRUCT
Provider name: cryptoKey
Description: Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.
kms_wrapped
Type: STRUCT
Provider name: kmsWrapped
Description: Key wrapped using Cloud KMS
crypto_key_name
Type: STRING
Provider name: cryptoKeyName
Description: Required. The resource name of the KMS CryptoKey to use for unwrapping.
transient
Type: STRUCT
Provider name: transient
Description: Transient crypto key
name
Type: STRING
Provider name: name
Description: Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate TransientCryptoKey protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
unwrapped
Type: STRUCT
Provider name: unwrapped
Description: Unwrapped crypto key
lower_bound_days
Type: INT32
Provider name: lowerBoundDays
Description: Required. For example, -5 means shift date to at most 5 days back in the past.
upper_bound_days
Type: INT32
Provider name: upperBoundDays
Description: Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.
fixed_size_bucketing_config
Type: STRUCT
Provider name: fixedSizeBucketingConfig
Description: Fixed size bucketing
bucket_size
Type: DOUBLE
Provider name: bucketSize
Description: Required. Size of each bucket (except for minimum and maximum buckets). So if lower_bound = 10, upper_bound = 89, and bucket_size = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
lower_bound
Type: STRUCT
Provider name: lowerBound
Description: Required. Lower bound value of buckets. All values less than lower_bound are grouped together into a single bucket; for example if lower_bound = 10, then all values less than 10 are replaced with the value “-10”.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
upper_bound
Type: STRUCT
Provider name: upperBound
Description: Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if upper_bound = 89, then all values greater than 89 are replaced with the value “89+”.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
redact_config
Type: STRUCT
Provider name: redactConfig
Description: Redact
replace_config
Type: STRUCT
Provider name: replaceConfig
Description: Replace with a specified value.
new_value
Type: STRUCT
Provider name: newValue
Description: Value to replace it with.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
replace_dictionary_config
Type: STRUCT
Provider name: replaceDictionaryConfig
Description: Replace with a value randomly drawn (with replacement) from a dictionary.
word_list
Type: STRUCT
Provider name: wordList
Description: A list of words to select from for random replacement. The limits page contains details about the size limits of dictionaries.
words
Type: UNORDERED_LIST_STRING
Provider name: words
Description: Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits. [required]
replace_with_info_type_config
Type: STRUCT
Provider name: replaceWithInfoTypeConfig
Description: Replace with infotype
time_part_config
Type: STRUCT
Provider name: timePartConfig
Description: Time extraction
part_to_extract
Type: STRING
Provider name: partToExtract
Description: The part of the time to keep.
Possible values:
TIME_PART_UNSPECIFIED - Unused
YEAR - [0-9999]
MONTH - [1-12]
DAY_OF_MONTH - [1-31]
DAY_OF_WEEK - [1-7]
WEEK_OF_YEAR - [1-53]
HOUR_OF_DAY - [0-23]
primitive_transformation
Type: STRUCT
Provider name: primitiveTransformation
Description: Apply the transformation to the entire field.
bucketing_config
Type: STRUCT
Provider name: bucketingConfig
Description: Bucketing
buckets
Type: UNORDERED_LIST_STRUCT
Provider name: buckets
Description: Set of buckets. Ranges must be non-overlapping.
max
Type: STRUCT
Provider name: max
Description: Upper bound of the range, exclusive; type must match min.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
min
Type: STRUCT
Provider name: min
Description: Lower bound of the range, inclusive. Type should be the same as max if used.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
replacement_value
Type: STRUCT
Provider name: replacementValue
Description: Required. Replacement value for this bucket.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
character_mask_config
Type: STRUCT
Provider name: characterMaskConfig
Description: Mask
characters_to_ignore
Type: UNORDERED_LIST_STRUCT
Provider name: charactersToIgnore
Description: When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is 555-555-5555 and you instruct Cloud DLP to skip - and mask 5 characters with *, Cloud DLP returns ***-**5-5555.
characters_to_skip
Type: STRING
Provider name: charactersToSkip
Description: Characters to not transform when masking.
common_characters_to_ignore
Type: STRING
Provider name: commonCharactersToIgnore
Description: Common characters to not transform when masking. Useful to avoid removing punctuation.
Possible values:
COMMON_CHARS_TO_IGNORE_UNSPECIFIED - Unused.
NUMERIC - 0-9
ALPHA_UPPER_CASE - A-Z
ALPHA_LOWER_CASE - a-z
PUNCTUATION - US Punctuation, one of !’#$%&'()*+,-./:;<=>?@[\]^_`{|}~
WHITESPACE - Whitespace character, one of [ \t\n\x0B\f\r]
masking_character
Type: STRING
Provider name: maskingCharacter
Description: Character to use to mask the sensitive values—for example, * for an alphabetic string such as a name, or 0 for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to * for strings, and 0 for digits.
number_to_mask
Type: INT32
Provider name: numberToMask
Description: Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally. If number_to_mask is negative, this denotes inverse masking. Cloud DLP masks all but a number of characters. For example, suppose you have the following values: - masking_character is * - number_to_mask is -4 - reverse_order is false - CharsToIgnore includes - - Input string is 1234-5678-9012-3456 The resulting de-identified string is ****-****-****-3456. Cloud DLP masks all but the last four characters. If reverse_order is true, all but the first four characters are masked as 1234-****-****-****.
reverse_order
Type: BOOLEAN
Provider name: reverseOrder
Description: Mask characters in reverse order. For example, if masking_character is 0, number_to_mask is 14, and reverse_order is false, then the input string 1234-5678-9012-3456 is masked as 00000000000000-3456. If masking_character is *, number_to_mask is 3, and reverse_order is true, then the string 12345 is masked as 12***.
crypto_deterministic_config
Type: STRUCT
Provider name: cryptoDeterministicConfig
Description: Deterministic Crypto
context
Type: STRUCT
Provider name: context
Description: A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an InfoTypeTransformation is applied to both structured and unstructured ContentItems.
name
Type: STRING
Provider name: name
Description: Name describing the field.
crypto_key
Type: STRUCT
Provider name: cryptoKey
Description: The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use.
kms_wrapped
Type: STRUCT
Provider name: kmsWrapped
Description: Key wrapped using Cloud KMS
crypto_key_name
Type: STRING
Provider name: cryptoKeyName
Description: Required. The resource name of the KMS CryptoKey to use for unwrapping.
transient
Type: STRUCT
Provider name: transient
Description: Transient crypto key
name
Type: STRING
Provider name: name
Description: Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate TransientCryptoKey protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
unwrapped
Type: STRUCT
Provider name: unwrapped
Description: Unwrapped crypto key
surrogate_info_type
Type: STRUCT
Provider name: surrogateInfoType
Description: The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is ‘MY_TOKEN_INFO_TYPE’ and the surrogate is ‘abc’, the full replacement value will be: ‘MY_TOKEN_INFO_TYPE(3):abc’ This annotation identifies the surrogate when inspecting content using the custom info type ‘Surrogate’. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.
name
Type: STRING
Provider name: name
Description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern [A-Za-z0-9$_-]{1,64}.
sensitivity_score
Type: STRUCT
Provider name: sensitivityScore
Description: Optional custom sensitivity for this InfoType. This only applies to data profiling.
score
Type: STRING
Provider name: score
Description: The sensitivity score applied to the resource.
Possible values:
SENSITIVITY_SCORE_UNSPECIFIED - Unused.
SENSITIVITY_LOW - No sensitive information detected. The resource isn’t publicly accessible.
SENSITIVITY_UNKNOWN - Unable to determine sensitivity.
SENSITIVITY_MODERATE - Medium risk. Contains personally identifiable information (PII), potentially sensitive data, or fields with free-text data that are at a higher risk of having intermittent sensitive data. Consider limiting access.
SENSITIVITY_HIGH - High risk. Sensitive personally identifiable information (SPII) can be present. Exfiltration of data can lead to user data loss. Re-identification of users might be possible. Consider limiting usage and or removing SPII.
version
Type: STRING
Provider name: version
Description: Optional version name for this InfoType.
crypto_hash_config
Type: STRUCT
Provider name: cryptoHashConfig
Description: Crypto
crypto_key
Type: STRUCT
Provider name: cryptoKey
Description: The key used by the hash function.
kms_wrapped
Type: STRUCT
Provider name: kmsWrapped
Description: Key wrapped using Cloud KMS
crypto_key_name
Type: STRING
Provider name: cryptoKeyName
Description: Required. The resource name of the KMS CryptoKey to use for unwrapping.
transient
Type: STRUCT
Provider name: transient
Description: Transient crypto key
name
Type: STRING
Provider name: name
Description: Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate TransientCryptoKey protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
unwrapped
Type: STRUCT
Provider name: unwrapped
Description: Unwrapped crypto key
crypto_replace_ffx_fpe_config
Type: STRUCT
Provider name: cryptoReplaceFfxFpeConfig
Description: Ffx-Fpe. Strongly discouraged, consider using CryptoDeterministicConfig instead. Fpe is computationally expensive incurring latency costs.
common_alphabet
Type: STRING
Provider name: commonAlphabet
Description: Common alphabets.
Possible values:
FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED - Unused.
NUMERIC - [0-9] (radix of 10)
HEXADECIMAL - [0-9A-F] (radix of 16)
UPPER_CASE_ALPHA_NUMERIC - [0-9A-Z] (radix of 36)
ALPHA_NUMERIC - [0-9A-Za-z] (radix of 62)
context
Type: STRUCT
Provider name: context
Description: The ’tweak’, a context may be used for higher security since the same identifier in two different contexts won’t be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an InfoTypeTransformation is applied to both structured and unstructured ContentItems. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2
name
Type: STRING
Provider name: name
Description: Name describing the field.
crypto_key
Type: STRUCT
Provider name: cryptoKey
Description: Required. The key used by the encryption algorithm.
kms_wrapped
Type: STRUCT
Provider name: kmsWrapped
Description: Key wrapped using Cloud KMS
crypto_key_name
Type: STRING
Provider name: cryptoKeyName
Description: Required. The resource name of the KMS CryptoKey to use for unwrapping.
transient
Type: STRUCT
Provider name: transient
Description: Transient crypto key
name
Type: STRING
Provider name: name
Description: Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate TransientCryptoKey protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
unwrapped
Type: STRUCT
Provider name: unwrapped
Description: Unwrapped crypto key
custom_alphabet
Type: STRING
Provider name: customAlphabet
Description: This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/
radix
Type: INT32
Provider name: radix
Description: The native way to select the alphabet. Must be in the range [2, 95].
surrogate_info_type
Type: STRUCT
Provider name: surrogateInfoType
Description: The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is ‘MY_TOKEN_INFO_TYPE’ and the surrogate is ‘abc’, the full replacement value will be: ‘MY_TOKEN_INFO_TYPE(3):abc’ This annotation identifies the surrogate when inspecting content using the custom infoType SurrogateType. This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE
name
Type: STRING
Provider name: name
Description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern [A-Za-z0-9$_-]{1,64}.
sensitivity_score
Type: STRUCT
Provider name: sensitivityScore
Description: Optional custom sensitivity for this InfoType. This only applies to data profiling.
score
Type: STRING
Provider name: score
Description: The sensitivity score applied to the resource.
Possible values:
SENSITIVITY_SCORE_UNSPECIFIED - Unused.
SENSITIVITY_LOW - No sensitive information detected. The resource isn’t publicly accessible.
SENSITIVITY_UNKNOWN - Unable to determine sensitivity.
SENSITIVITY_MODERATE - Medium risk. Contains personally identifiable information (PII), potentially sensitive data, or fields with free-text data that are at a higher risk of having intermittent sensitive data. Consider limiting access.
SENSITIVITY_HIGH - High risk. Sensitive personally identifiable information (SPII) can be present. Exfiltration of data can lead to user data loss. Re-identification of users might be possible. Consider limiting usage and or removing SPII.
version
Type: STRING
Provider name: version
Description: Optional version name for this InfoType.
date_shift_config
Type: STRUCT
Provider name: dateShiftConfig
Description: Date Shift
context
Type: STRUCT
Provider name: context
Description: Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.
name
Type: STRING
Provider name: name
Description: Name describing the field.
crypto_key
Type: STRUCT
Provider name: cryptoKey
Description: Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.
kms_wrapped
Type: STRUCT
Provider name: kmsWrapped
Description: Key wrapped using Cloud KMS
crypto_key_name
Type: STRING
Provider name: cryptoKeyName
Description: Required. The resource name of the KMS CryptoKey to use for unwrapping.
transient
Type: STRUCT
Provider name: transient
Description: Transient crypto key
name
Type: STRING
Provider name: name
Description: Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate TransientCryptoKey protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
unwrapped
Type: STRUCT
Provider name: unwrapped
Description: Unwrapped crypto key
lower_bound_days
Type: INT32
Provider name: lowerBoundDays
Description: Required. For example, -5 means shift date to at most 5 days back in the past.
upper_bound_days
Type: INT32
Provider name: upperBoundDays
Description: Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.
fixed_size_bucketing_config
Type: STRUCT
Provider name: fixedSizeBucketingConfig
Description: Fixed size bucketing
bucket_size
Type: DOUBLE
Provider name: bucketSize
Description: Required. Size of each bucket (except for minimum and maximum buckets). So if lower_bound = 10, upper_bound = 89, and bucket_size = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
lower_bound
Type: STRUCT
Provider name: lowerBound
Description: Required. Lower bound value of buckets. All values less than lower_bound are grouped together into a single bucket; for example if lower_bound = 10, then all values less than 10 are replaced with the value “-10”.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
upper_bound
Type: STRUCT
Provider name: upperBound
Description: Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if upper_bound = 89, then all values greater than 89 are replaced with the value “89+”.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
redact_config
Type: STRUCT
Provider name: redactConfig
Description: Redact
replace_config
Type: STRUCT
Provider name: replaceConfig
Description: Replace with a specified value.
new_value
Type: STRUCT
Provider name: newValue
Description: Value to replace it with.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
replace_dictionary_config
Type: STRUCT
Provider name: replaceDictionaryConfig
Description: Replace with a value randomly drawn (with replacement) from a dictionary.
word_list
Type: STRUCT
Provider name: wordList
Description: A list of words to select from for random replacement. The limits page contains details about the size limits of dictionaries.
words
Type: UNORDERED_LIST_STRING
Provider name: words
Description: Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits. [required]
replace_with_info_type_config
Type: STRUCT
Provider name: replaceWithInfoTypeConfig
Description: Replace with infotype
time_part_config
Type: STRUCT
Provider name: timePartConfig
Description: Time extraction
part_to_extract
Type: STRING
Provider name: partToExtract
Description: The part of the time to keep.
Possible values:
TIME_PART_UNSPECIFIED - Unused
YEAR - [0-9999]
MONTH - [1-12]
DAY_OF_MONTH - [1-31]
DAY_OF_WEEK - [1-7]
WEEK_OF_YEAR - [1-53]
HOUR_OF_DAY - [0-23]
record_suppressions
Type: UNORDERED_LIST_STRUCT
Provider name: recordSuppressions
Description: Configuration defining which records get suppressed entirely. Records that match any suppression rule are omitted from the output.
condition
Type: STRUCT
Provider name: condition
Description: A condition that when it evaluates to true will result in the record being evaluated to be suppressed from the transformed content.
expressions
Type: STRUCT
Provider name: expressions
Description: An expression.
conditions
Type: STRUCT
Provider name: conditions
Description: Conditions to apply to the expression.
conditions
Type: UNORDERED_LIST_STRUCT
Provider name: conditions
Description: A collection of conditions.
field
Type: STRUCT
Provider name: field
Description: Required. Field within the record this condition is evaluated against.
name
Type: STRING
Provider name: name
Description: Name describing the field.
operator
Type: STRING
Provider name: operator
Description: Required. Operator used to compare the field or infoType to the value.
Possible values:
RELATIONAL_OPERATOR_UNSPECIFIED - Unused
EQUAL_TO - Equal. Attempts to match even with incompatible types.
NOT_EQUAL_TO - Not equal to. Attempts to match even with incompatible types.
GREATER_THAN - Greater than.
LESS_THAN - Less than.
GREATER_THAN_OR_EQUALS - Greater than or equals.
LESS_THAN_OR_EQUALS - Less than or equals.
EXISTS - Exists
value
Type: STRUCT
Provider name: value
Description: Value to compare against. [Mandatory, except for EXISTS tests.]
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
logical_operator
Type: STRING
Provider name: logicalOperator
Description: The operator to apply to the result of conditions. Default and currently only supported value is AND.
Possible values:
LOGICAL_OPERATOR_UNSPECIFIED - Unused
AND - Conditional AND
transformation_error_handling
Type: STRUCT
Provider name: transformationErrorHandling
Description: Mode for handling transformation errors. If left unspecified, the default mode is TransformationErrorHandling.ThrowError.
description
Type: STRING
Provider name: description
Description: Short description (max 256 chars).
gcp_display_name
Type: STRING
Provider name: displayName
Description: Display name (max 256 chars).
name
Type: STRING
Provider name: name
Description: Output only. The template name. The template will have one of the following formats: projects/PROJECT_ID/deidentifyTemplates/TEMPLATE_ID OR organizations/ORGANIZATION_ID/deidentifyTemplates/TEMPLATE_ID
update_time
Type: TIMESTAMP
Provider name: updateTime
Description: Output only. The last update timestamp of an inspectTemplate.
snapshot_image_redact_template
Type: STRUCT
Provider name: snapshotImageRedactTemplate
Description: Snapshot of the state of the image transformation DeidentifyTemplate from the Deidentify action at the time this job was run.
create_time
Type: TIMESTAMP
Provider name: createTime
Description: Output only. The creation timestamp of an inspectTemplate.
deidentify_config
Type: STRUCT
Provider name: deidentifyConfig
Description: The core content of the template.
image_transformations
Type: STRUCT
Provider name: imageTransformations
Description: Treat the dataset as an image and redact.
transforms
Type: UNORDERED_LIST_STRUCT
Provider name: transforms
Description: List of transforms to make.
all_info_types
Type: STRUCT
Provider name: allInfoTypes
Description: Apply transformation to all findings not specified in other ImageTransformation’s selected_info_types. Only one instance is allowed within the ImageTransformations message.
all_text
Type: STRUCT
Provider name: allText
Description: Apply transformation to all text that doesn’t match an infoType. Only one instance is allowed within the ImageTransformations message.
redaction_color
Type: STRUCT
Provider name: redactionColor
Description: The color to use when redacting content from an image. If not specified, the default is black.
blue
Type: FLOAT
Provider name: blue
Description: The amount of blue in the color as a value in the interval [0, 1].
green
Type: FLOAT
Provider name: green
Description: The amount of green in the color as a value in the interval [0, 1].
red
Type: FLOAT
Provider name: red
Description: The amount of red in the color as a value in the interval [0, 1].
selected_info_types
Type: STRUCT
Provider name: selectedInfoTypes
Description: Apply transformation to the selected info_types.
info_types
Type: UNORDERED_LIST_STRUCT
Provider name: infoTypes
Description: Required. InfoTypes to apply the transformation to. Required. Provided InfoType must be unique within the ImageTransformations message.
name
Type: STRING
Provider name: name
Description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern [A-Za-z0-9$_-]{1,64}.
sensitivity_score
Type: STRUCT
Provider name: sensitivityScore
Description: Optional custom sensitivity for this InfoType. This only applies to data profiling.
score
Type: STRING
Provider name: score
Description: The sensitivity score applied to the resource.
Possible values:
SENSITIVITY_SCORE_UNSPECIFIED - Unused.
SENSITIVITY_LOW - No sensitive information detected. The resource isn’t publicly accessible.
SENSITIVITY_UNKNOWN - Unable to determine sensitivity.
SENSITIVITY_MODERATE - Medium risk. Contains personally identifiable information (PII), potentially sensitive data, or fields with free-text data that are at a higher risk of having intermittent sensitive data. Consider limiting access.
SENSITIVITY_HIGH - High risk. Sensitive personally identifiable information (SPII) can be present. Exfiltration of data can lead to user data loss. Re-identification of users might be possible. Consider limiting usage and or removing SPII.
version
Type: STRING
Provider name: version
Description: Optional version name for this InfoType.
info_type_transformations
Type: STRUCT
Provider name: infoTypeTransformations
Description: Treat the dataset as free-form text and apply the same free text transformation everywhere.
transformations
Type: UNORDERED_LIST_STRUCT
Provider name: transformations
Description: Required. Transformation for each infoType. Cannot specify more than one for a given infoType.
info_types
Type: UNORDERED_LIST_STRUCT
Provider name: infoTypes
Description: InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in InspectConfig.
name
Type: STRING
Provider name: name
Description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern [A-Za-z0-9$_-]{1,64}.
sensitivity_score
Type: STRUCT
Provider name: sensitivityScore
Description: Optional custom sensitivity for this InfoType. This only applies to data profiling.
score
Type: STRING
Provider name: score
Description: The sensitivity score applied to the resource.
Possible values:
SENSITIVITY_SCORE_UNSPECIFIED - Unused.
SENSITIVITY_LOW - No sensitive information detected. The resource isn’t publicly accessible.
SENSITIVITY_UNKNOWN - Unable to determine sensitivity.
SENSITIVITY_MODERATE - Medium risk. Contains personally identifiable information (PII), potentially sensitive data, or fields with free-text data that are at a higher risk of having intermittent sensitive data. Consider limiting access.
SENSITIVITY_HIGH - High risk. Sensitive personally identifiable information (SPII) can be present. Exfiltration of data can lead to user data loss. Re-identification of users might be possible. Consider limiting usage and or removing SPII.
version
Type: STRING
Provider name: version
Description: Optional version name for this InfoType.
primitive_transformation
Type: STRUCT
Provider name: primitiveTransformation
Description: Required. Primitive transformation to apply to the infoType.
bucketing_config
Type: STRUCT
Provider name: bucketingConfig
Description: Bucketing
buckets
Type: UNORDERED_LIST_STRUCT
Provider name: buckets
Description: Set of buckets. Ranges must be non-overlapping.
max
Type: STRUCT
Provider name: max
Description: Upper bound of the range, exclusive; type must match min.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
min
Type: STRUCT
Provider name: min
Description: Lower bound of the range, inclusive. Type should be the same as max if used.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
replacement_value
Type: STRUCT
Provider name: replacementValue
Description: Required. Replacement value for this bucket.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
character_mask_config
Type: STRUCT
Provider name: characterMaskConfig
Description: Mask
characters_to_ignore
Type: UNORDERED_LIST_STRUCT
Provider name: charactersToIgnore
Description: When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is 555-555-5555 and you instruct Cloud DLP to skip - and mask 5 characters with *, Cloud DLP returns ***-**5-5555.
characters_to_skip
Type: STRING
Provider name: charactersToSkip
Description: Characters to not transform when masking.
common_characters_to_ignore
Type: STRING
Provider name: commonCharactersToIgnore
Description: Common characters to not transform when masking. Useful to avoid removing punctuation.
Possible values:
COMMON_CHARS_TO_IGNORE_UNSPECIFIED - Unused.
NUMERIC - 0-9
ALPHA_UPPER_CASE - A-Z
ALPHA_LOWER_CASE - a-z
PUNCTUATION - US Punctuation, one of !’#$%&'()*+,-./:;<=>?@[\]^_`{|}~
WHITESPACE - Whitespace character, one of [ \t\n\x0B\f\r]
masking_character
Type: STRING
Provider name: maskingCharacter
Description: Character to use to mask the sensitive values—for example, * for an alphabetic string such as a name, or 0 for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to * for strings, and 0 for digits.
number_to_mask
Type: INT32
Provider name: numberToMask
Description: Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally. If number_to_mask is negative, this denotes inverse masking. Cloud DLP masks all but a number of characters. For example, suppose you have the following values: - masking_character is * - number_to_mask is -4 - reverse_order is false - CharsToIgnore includes - - Input string is 1234-5678-9012-3456 The resulting de-identified string is ****-****-****-3456. Cloud DLP masks all but the last four characters. If reverse_order is true, all but the first four characters are masked as 1234-****-****-****.
reverse_order
Type: BOOLEAN
Provider name: reverseOrder
Description: Mask characters in reverse order. For example, if masking_character is 0, number_to_mask is 14, and reverse_order is false, then the input string 1234-5678-9012-3456 is masked as 00000000000000-3456. If masking_character is *, number_to_mask is 3, and reverse_order is true, then the string 12345 is masked as 12***.
crypto_deterministic_config
Type: STRUCT
Provider name: cryptoDeterministicConfig
Description: Deterministic Crypto
context
Type: STRUCT
Provider name: context
Description: A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an InfoTypeTransformation is applied to both structured and unstructured ContentItems.
name
Type: STRING
Provider name: name
Description: Name describing the field.
crypto_key
Type: STRUCT
Provider name: cryptoKey
Description: The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use.
kms_wrapped
Type: STRUCT
Provider name: kmsWrapped
Description: Key wrapped using Cloud KMS
crypto_key_name
Type: STRING
Provider name: cryptoKeyName
Description: Required. The resource name of the KMS CryptoKey to use for unwrapping.
transient
Type: STRUCT
Provider name: transient
Description: Transient crypto key
name
Type: STRING
Provider name: name
Description: Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate TransientCryptoKey protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
unwrapped
Type: STRUCT
Provider name: unwrapped
Description: Unwrapped crypto key
surrogate_info_type
Type: STRUCT
Provider name: surrogateInfoType
Description: The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is ‘MY_TOKEN_INFO_TYPE’ and the surrogate is ‘abc’, the full replacement value will be: ‘MY_TOKEN_INFO_TYPE(3):abc’ This annotation identifies the surrogate when inspecting content using the custom info type ‘Surrogate’. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.
name
Type: STRING
Provider name: name
Description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern [A-Za-z0-9$_-]{1,64}.
sensitivity_score
Type: STRUCT
Provider name: sensitivityScore
Description: Optional custom sensitivity for this InfoType. This only applies to data profiling.
score
Type: STRING
Provider name: score
Description: The sensitivity score applied to the resource.
Possible values:
SENSITIVITY_SCORE_UNSPECIFIED - Unused.
SENSITIVITY_LOW - No sensitive information detected. The resource isn’t publicly accessible.
SENSITIVITY_UNKNOWN - Unable to determine sensitivity.
SENSITIVITY_MODERATE - Medium risk. Contains personally identifiable information (PII), potentially sensitive data, or fields with free-text data that are at a higher risk of having intermittent sensitive data. Consider limiting access.
SENSITIVITY_HIGH - High risk. Sensitive personally identifiable information (SPII) can be present. Exfiltration of data can lead to user data loss. Re-identification of users might be possible. Consider limiting usage and or removing SPII.
version
Type: STRING
Provider name: version
Description: Optional version name for this InfoType.
crypto_hash_config
Type: STRUCT
Provider name: cryptoHashConfig
Description: Crypto
crypto_key
Type: STRUCT
Provider name: cryptoKey
Description: The key used by the hash function.
kms_wrapped
Type: STRUCT
Provider name: kmsWrapped
Description: Key wrapped using Cloud KMS
crypto_key_name
Type: STRING
Provider name: cryptoKeyName
Description: Required. The resource name of the KMS CryptoKey to use for unwrapping.
transient
Type: STRUCT
Provider name: transient
Description: Transient crypto key
name
Type: STRING
Provider name: name
Description: Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate TransientCryptoKey protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
unwrapped
Type: STRUCT
Provider name: unwrapped
Description: Unwrapped crypto key
crypto_replace_ffx_fpe_config
Type: STRUCT
Provider name: cryptoReplaceFfxFpeConfig
Description: Ffx-Fpe. Strongly discouraged, consider using CryptoDeterministicConfig instead. Fpe is computationally expensive incurring latency costs.
common_alphabet
Type: STRING
Provider name: commonAlphabet
Description: Common alphabets.
Possible values:
FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED - Unused.
NUMERIC - [0-9] (radix of 10)
HEXADECIMAL - [0-9A-F] (radix of 16)
UPPER_CASE_ALPHA_NUMERIC - [0-9A-Z] (radix of 36)
ALPHA_NUMERIC - [0-9A-Za-z] (radix of 62)
context
Type: STRUCT
Provider name: context
Description: The ’tweak’, a context may be used for higher security since the same identifier in two different contexts won’t be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an InfoTypeTransformation is applied to both structured and unstructured ContentItems. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2
name
Type: STRING
Provider name: name
Description: Name describing the field.
crypto_key
Type: STRUCT
Provider name: cryptoKey
Description: Required. The key used by the encryption algorithm.
kms_wrapped
Type: STRUCT
Provider name: kmsWrapped
Description: Key wrapped using Cloud KMS
crypto_key_name
Type: STRING
Provider name: cryptoKeyName
Description: Required. The resource name of the KMS CryptoKey to use for unwrapping.
transient
Type: STRUCT
Provider name: transient
Description: Transient crypto key
name
Type: STRING
Provider name: name
Description: Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate TransientCryptoKey protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
unwrapped
Type: STRUCT
Provider name: unwrapped
Description: Unwrapped crypto key
custom_alphabet
Type: STRING
Provider name: customAlphabet
Description: This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/
radix
Type: INT32
Provider name: radix
Description: The native way to select the alphabet. Must be in the range [2, 95].
surrogate_info_type
Type: STRUCT
Provider name: surrogateInfoType
Description: The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is ‘MY_TOKEN_INFO_TYPE’ and the surrogate is ‘abc’, the full replacement value will be: ‘MY_TOKEN_INFO_TYPE(3):abc’ This annotation identifies the surrogate when inspecting content using the custom infoType SurrogateType. This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE
name
Type: STRING
Provider name: name
Description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern [A-Za-z0-9$_-]{1,64}.
sensitivity_score
Type: STRUCT
Provider name: sensitivityScore
Description: Optional custom sensitivity for this InfoType. This only applies to data profiling.
score
Type: STRING
Provider name: score
Description: The sensitivity score applied to the resource.
Possible values:
SENSITIVITY_SCORE_UNSPECIFIED - Unused.
SENSITIVITY_LOW - No sensitive information detected. The resource isn’t publicly accessible.
SENSITIVITY_UNKNOWN - Unable to determine sensitivity.
SENSITIVITY_MODERATE - Medium risk. Contains personally identifiable information (PII), potentially sensitive data, or fields with free-text data that are at a higher risk of having intermittent sensitive data. Consider limiting access.
SENSITIVITY_HIGH - High risk. Sensitive personally identifiable information (SPII) can be present. Exfiltration of data can lead to user data loss. Re-identification of users might be possible. Consider limiting usage and or removing SPII.
version
Type: STRING
Provider name: version
Description: Optional version name for this InfoType.
date_shift_config
Type: STRUCT
Provider name: dateShiftConfig
Description: Date Shift
context
Type: STRUCT
Provider name: context
Description: Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.
name
Type: STRING
Provider name: name
Description: Name describing the field.
crypto_key
Type: STRUCT
Provider name: cryptoKey
Description: Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.
kms_wrapped
Type: STRUCT
Provider name: kmsWrapped
Description: Key wrapped using Cloud KMS
crypto_key_name
Type: STRING
Provider name: cryptoKeyName
Description: Required. The resource name of the KMS CryptoKey to use for unwrapping.
transient
Type: STRUCT
Provider name: transient
Description: Transient crypto key
name
Type: STRING
Provider name: name
Description: Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate TransientCryptoKey protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
unwrapped
Type: STRUCT
Provider name: unwrapped
Description: Unwrapped crypto key
lower_bound_days
Type: INT32
Provider name: lowerBoundDays
Description: Required. For example, -5 means shift date to at most 5 days back in the past.
upper_bound_days
Type: INT32
Provider name: upperBoundDays
Description: Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.
fixed_size_bucketing_config
Type: STRUCT
Provider name: fixedSizeBucketingConfig
Description: Fixed size bucketing
bucket_size
Type: DOUBLE
Provider name: bucketSize
Description: Required. Size of each bucket (except for minimum and maximum buckets). So if lower_bound = 10, upper_bound = 89, and bucket_size = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
lower_bound
Type: STRUCT
Provider name: lowerBound
Description: Required. Lower bound value of buckets. All values less than lower_bound are grouped together into a single bucket; for example if lower_bound = 10, then all values less than 10 are replaced with the value “-10”.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
upper_bound
Type: STRUCT
Provider name: upperBound
Description: Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if upper_bound = 89, then all values greater than 89 are replaced with the value “89+”.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
redact_config
Type: STRUCT
Provider name: redactConfig
Description: Redact
replace_config
Type: STRUCT
Provider name: replaceConfig
Description: Replace with a specified value.
new_value
Type: STRUCT
Provider name: newValue
Description: Value to replace it with.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
replace_dictionary_config
Type: STRUCT
Provider name: replaceDictionaryConfig
Description: Replace with a value randomly drawn (with replacement) from a dictionary.
word_list
Type: STRUCT
Provider name: wordList
Description: A list of words to select from for random replacement. The limits page contains details about the size limits of dictionaries.
words
Type: UNORDERED_LIST_STRING
Provider name: words
Description: Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits. [required]
replace_with_info_type_config
Type: STRUCT
Provider name: replaceWithInfoTypeConfig
Description: Replace with infotype
time_part_config
Type: STRUCT
Provider name: timePartConfig
Description: Time extraction
part_to_extract
Type: STRING
Provider name: partToExtract
Description: The part of the time to keep.
Possible values:
TIME_PART_UNSPECIFIED - Unused
YEAR - [0-9999]
MONTH - [1-12]
DAY_OF_MONTH - [1-31]
DAY_OF_WEEK - [1-7]
WEEK_OF_YEAR - [1-53]
HOUR_OF_DAY - [0-23]
record_transformations
Type: STRUCT
Provider name: recordTransformations
Description: Treat the dataset as structured. Transformations can be applied to specific locations within structured datasets, such as transforming a column within a table.
field_transformations
Type: UNORDERED_LIST_STRUCT
Provider name: fieldTransformations
Description: Transform the record by applying various field transformations.
condition
Type: STRUCT
Provider name: condition
Description: Only apply the transformation if the condition evaluates to true for the given RecordCondition. The conditions are allowed to reference fields that are not used in the actual transformation. Example Use Cases: - Apply a different bucket transformation to an age column if the zip code column for the same record is within a specific range. - Redact a field if the date of birth field is greater than 85.
expressions
Type: STRUCT
Provider name: expressions
Description: An expression.
conditions
Type: STRUCT
Provider name: conditions
Description: Conditions to apply to the expression.
conditions
Type: UNORDERED_LIST_STRUCT
Provider name: conditions
Description: A collection of conditions.
field
Type: STRUCT
Provider name: field
Description: Required. Field within the record this condition is evaluated against.
name
Type: STRING
Provider name: name
Description: Name describing the field.
operator
Type: STRING
Provider name: operator
Description: Required. Operator used to compare the field or infoType to the value.
Possible values:
RELATIONAL_OPERATOR_UNSPECIFIED - Unused
EQUAL_TO - Equal. Attempts to match even with incompatible types.
NOT_EQUAL_TO - Not equal to. Attempts to match even with incompatible types.
GREATER_THAN - Greater than.
LESS_THAN - Less than.
GREATER_THAN_OR_EQUALS - Greater than or equals.
LESS_THAN_OR_EQUALS - Less than or equals.
EXISTS - Exists
value
Type: STRUCT
Provider name: value
Description: Value to compare against. [Mandatory, except for EXISTS tests.]
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
logical_operator
Type: STRING
Provider name: logicalOperator
Description: The operator to apply to the result of conditions. Default and currently only supported value is AND.
Possible values:
LOGICAL_OPERATOR_UNSPECIFIED - Unused
AND - Conditional AND
fields
Type: UNORDERED_LIST_STRUCT
Provider name: fields
Description: Required. Input field(s) to apply the transformation to. When you have columns that reference their position within a list, omit the index from the FieldId. FieldId name matching ignores the index. For example, instead of “contact.nums[0].type”, use “contact.nums.type”.
name
Type: STRING
Provider name: name
Description: Name describing the field.
info_type_transformations
Type: STRUCT
Provider name: infoTypeTransformations
Description: Treat the contents of the field as free text, and selectively transform content that matches an InfoType.
transformations
Type: UNORDERED_LIST_STRUCT
Provider name: transformations
Description: Required. Transformation for each infoType. Cannot specify more than one for a given infoType.
info_types
Type: UNORDERED_LIST_STRUCT
Provider name: infoTypes
Description: InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in InspectConfig.
name
Type: STRING
Provider name: name
Description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern [A-Za-z0-9$_-]{1,64}.
sensitivity_score
Type: STRUCT
Provider name: sensitivityScore
Description: Optional custom sensitivity for this InfoType. This only applies to data profiling.
score
Type: STRING
Provider name: score
Description: The sensitivity score applied to the resource.
Possible values:
SENSITIVITY_SCORE_UNSPECIFIED - Unused.
SENSITIVITY_LOW - No sensitive information detected. The resource isn’t publicly accessible.
SENSITIVITY_UNKNOWN - Unable to determine sensitivity.
SENSITIVITY_MODERATE - Medium risk. Contains personally identifiable information (PII), potentially sensitive data, or fields with free-text data that are at a higher risk of having intermittent sensitive data. Consider limiting access.
SENSITIVITY_HIGH - High risk. Sensitive personally identifiable information (SPII) can be present. Exfiltration of data can lead to user data loss. Re-identification of users might be possible. Consider limiting usage and or removing SPII.
version
Type: STRING
Provider name: version
Description: Optional version name for this InfoType.
primitive_transformation
Type: STRUCT
Provider name: primitiveTransformation
Description: Required. Primitive transformation to apply to the infoType.
bucketing_config
Type: STRUCT
Provider name: bucketingConfig
Description: Bucketing
buckets
Type: UNORDERED_LIST_STRUCT
Provider name: buckets
Description: Set of buckets. Ranges must be non-overlapping.
max
Type: STRUCT
Provider name: max
Description: Upper bound of the range, exclusive; type must match min.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
min
Type: STRUCT
Provider name: min
Description: Lower bound of the range, inclusive. Type should be the same as max if used.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
replacement_value
Type: STRUCT
Provider name: replacementValue
Description: Required. Replacement value for this bucket.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
character_mask_config
Type: STRUCT
Provider name: characterMaskConfig
Description: Mask
characters_to_ignore
Type: UNORDERED_LIST_STRUCT
Provider name: charactersToIgnore
Description: When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is 555-555-5555 and you instruct Cloud DLP to skip - and mask 5 characters with *, Cloud DLP returns ***-**5-5555.
characters_to_skip
Type: STRING
Provider name: charactersToSkip
Description: Characters to not transform when masking.
common_characters_to_ignore
Type: STRING
Provider name: commonCharactersToIgnore
Description: Common characters to not transform when masking. Useful to avoid removing punctuation.
Possible values:
COMMON_CHARS_TO_IGNORE_UNSPECIFIED - Unused.
NUMERIC - 0-9
ALPHA_UPPER_CASE - A-Z
ALPHA_LOWER_CASE - a-z
PUNCTUATION - US Punctuation, one of !’#$%&'()*+,-./:;<=>?@[\]^_`{|}~
WHITESPACE - Whitespace character, one of [ \t\n\x0B\f\r]
masking_character
Type: STRING
Provider name: maskingCharacter
Description: Character to use to mask the sensitive values—for example, * for an alphabetic string such as a name, or 0 for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to * for strings, and 0 for digits.
number_to_mask
Type: INT32
Provider name: numberToMask
Description: Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally. If number_to_mask is negative, this denotes inverse masking. Cloud DLP masks all but a number of characters. For example, suppose you have the following values: - masking_character is * - number_to_mask is -4 - reverse_order is false - CharsToIgnore includes - - Input string is 1234-5678-9012-3456 The resulting de-identified string is ****-****-****-3456. Cloud DLP masks all but the last four characters. If reverse_order is true, all but the first four characters are masked as 1234-****-****-****.
reverse_order
Type: BOOLEAN
Provider name: reverseOrder
Description: Mask characters in reverse order. For example, if masking_character is 0, number_to_mask is 14, and reverse_order is false, then the input string 1234-5678-9012-3456 is masked as 00000000000000-3456. If masking_character is *, number_to_mask is 3, and reverse_order is true, then the string 12345 is masked as 12***.
crypto_deterministic_config
Type: STRUCT
Provider name: cryptoDeterministicConfig
Description: Deterministic Crypto
context
Type: STRUCT
Provider name: context
Description: A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an InfoTypeTransformation is applied to both structured and unstructured ContentItems.
name
Type: STRING
Provider name: name
Description: Name describing the field.
crypto_key
Type: STRUCT
Provider name: cryptoKey
Description: The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use.
kms_wrapped
Type: STRUCT
Provider name: kmsWrapped
Description: Key wrapped using Cloud KMS
crypto_key_name
Type: STRING
Provider name: cryptoKeyName
Description: Required. The resource name of the KMS CryptoKey to use for unwrapping.
transient
Type: STRUCT
Provider name: transient
Description: Transient crypto key
name
Type: STRING
Provider name: name
Description: Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate TransientCryptoKey protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
unwrapped
Type: STRUCT
Provider name: unwrapped
Description: Unwrapped crypto key
surrogate_info_type
Type: STRUCT
Provider name: surrogateInfoType
Description: The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is ‘MY_TOKEN_INFO_TYPE’ and the surrogate is ‘abc’, the full replacement value will be: ‘MY_TOKEN_INFO_TYPE(3):abc’ This annotation identifies the surrogate when inspecting content using the custom info type ‘Surrogate’. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.
name
Type: STRING
Provider name: name
Description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern [A-Za-z0-9$_-]{1,64}.
sensitivity_score
Type: STRUCT
Provider name: sensitivityScore
Description: Optional custom sensitivity for this InfoType. This only applies to data profiling.
score
Type: STRING
Provider name: score
Description: The sensitivity score applied to the resource.
Possible values:
SENSITIVITY_SCORE_UNSPECIFIED - Unused.
SENSITIVITY_LOW - No sensitive information detected. The resource isn’t publicly accessible.
SENSITIVITY_UNKNOWN - Unable to determine sensitivity.
SENSITIVITY_MODERATE - Medium risk. Contains personally identifiable information (PII), potentially sensitive data, or fields with free-text data that are at a higher risk of having intermittent sensitive data. Consider limiting access.
SENSITIVITY_HIGH - High risk. Sensitive personally identifiable information (SPII) can be present. Exfiltration of data can lead to user data loss. Re-identification of users might be possible. Consider limiting usage and or removing SPII.
version
Type: STRING
Provider name: version
Description: Optional version name for this InfoType.
crypto_hash_config
Type: STRUCT
Provider name: cryptoHashConfig
Description: Crypto
crypto_key
Type: STRUCT
Provider name: cryptoKey
Description: The key used by the hash function.
kms_wrapped
Type: STRUCT
Provider name: kmsWrapped
Description: Key wrapped using Cloud KMS
crypto_key_name
Type: STRING
Provider name: cryptoKeyName
Description: Required. The resource name of the KMS CryptoKey to use for unwrapping.
transient
Type: STRUCT
Provider name: transient
Description: Transient crypto key
name
Type: STRING
Provider name: name
Description: Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate TransientCryptoKey protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
unwrapped
Type: STRUCT
Provider name: unwrapped
Description: Unwrapped crypto key
crypto_replace_ffx_fpe_config
Type: STRUCT
Provider name: cryptoReplaceFfxFpeConfig
Description: Ffx-Fpe. Strongly discouraged, consider using CryptoDeterministicConfig instead. Fpe is computationally expensive incurring latency costs.
common_alphabet
Type: STRING
Provider name: commonAlphabet
Description: Common alphabets.
Possible values:
FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED - Unused.
NUMERIC - [0-9] (radix of 10)
HEXADECIMAL - [0-9A-F] (radix of 16)
UPPER_CASE_ALPHA_NUMERIC - [0-9A-Z] (radix of 36)
ALPHA_NUMERIC - [0-9A-Za-z] (radix of 62)
context
Type: STRUCT
Provider name: context
Description: The ’tweak’, a context may be used for higher security since the same identifier in two different contexts won’t be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an InfoTypeTransformation is applied to both structured and unstructured ContentItems. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2
name
Type: STRING
Provider name: name
Description: Name describing the field.
crypto_key
Type: STRUCT
Provider name: cryptoKey
Description: Required. The key used by the encryption algorithm.
kms_wrapped
Type: STRUCT
Provider name: kmsWrapped
Description: Key wrapped using Cloud KMS
crypto_key_name
Type: STRING
Provider name: cryptoKeyName
Description: Required. The resource name of the KMS CryptoKey to use for unwrapping.
transient
Type: STRUCT
Provider name: transient
Description: Transient crypto key
name
Type: STRING
Provider name: name
Description: Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate TransientCryptoKey protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
unwrapped
Type: STRUCT
Provider name: unwrapped
Description: Unwrapped crypto key
custom_alphabet
Type: STRING
Provider name: customAlphabet
Description: This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/
radix
Type: INT32
Provider name: radix
Description: The native way to select the alphabet. Must be in the range [2, 95].
surrogate_info_type
Type: STRUCT
Provider name: surrogateInfoType
Description: The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is ‘MY_TOKEN_INFO_TYPE’ and the surrogate is ‘abc’, the full replacement value will be: ‘MY_TOKEN_INFO_TYPE(3):abc’ This annotation identifies the surrogate when inspecting content using the custom infoType SurrogateType. This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE
name
Type: STRING
Provider name: name
Description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern [A-Za-z0-9$_-]{1,64}.
sensitivity_score
Type: STRUCT
Provider name: sensitivityScore
Description: Optional custom sensitivity for this InfoType. This only applies to data profiling.
score
Type: STRING
Provider name: score
Description: The sensitivity score applied to the resource.
Possible values:
SENSITIVITY_SCORE_UNSPECIFIED - Unused.
SENSITIVITY_LOW - No sensitive information detected. The resource isn’t publicly accessible.
SENSITIVITY_UNKNOWN - Unable to determine sensitivity.
SENSITIVITY_MODERATE - Medium risk. Contains personally identifiable information (PII), potentially sensitive data, or fields with free-text data that are at a higher risk of having intermittent sensitive data. Consider limiting access.
SENSITIVITY_HIGH - High risk. Sensitive personally identifiable information (SPII) can be present. Exfiltration of data can lead to user data loss. Re-identification of users might be possible. Consider limiting usage and or removing SPII.
version
Type: STRING
Provider name: version
Description: Optional version name for this InfoType.
date_shift_config
Type: STRUCT
Provider name: dateShiftConfig
Description: Date Shift
context
Type: STRUCT
Provider name: context
Description: Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.
name
Type: STRING
Provider name: name
Description: Name describing the field.
crypto_key
Type: STRUCT
Provider name: cryptoKey
Description: Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.
kms_wrapped
Type: STRUCT
Provider name: kmsWrapped
Description: Key wrapped using Cloud KMS
crypto_key_name
Type: STRING
Provider name: cryptoKeyName
Description: Required. The resource name of the KMS CryptoKey to use for unwrapping.
transient
Type: STRUCT
Provider name: transient
Description: Transient crypto key
name
Type: STRING
Provider name: name
Description: Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate TransientCryptoKey protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
unwrapped
Type: STRUCT
Provider name: unwrapped
Description: Unwrapped crypto key
lower_bound_days
Type: INT32
Provider name: lowerBoundDays
Description: Required. For example, -5 means shift date to at most 5 days back in the past.
upper_bound_days
Type: INT32
Provider name: upperBoundDays
Description: Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.
fixed_size_bucketing_config
Type: STRUCT
Provider name: fixedSizeBucketingConfig
Description: Fixed size bucketing
bucket_size
Type: DOUBLE
Provider name: bucketSize
Description: Required. Size of each bucket (except for minimum and maximum buckets). So if lower_bound = 10, upper_bound = 89, and bucket_size = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
lower_bound
Type: STRUCT
Provider name: lowerBound
Description: Required. Lower bound value of buckets. All values less than lower_bound are grouped together into a single bucket; for example if lower_bound = 10, then all values less than 10 are replaced with the value “-10”.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
upper_bound
Type: STRUCT
Provider name: upperBound
Description: Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if upper_bound = 89, then all values greater than 89 are replaced with the value “89+”.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
redact_config
Type: STRUCT
Provider name: redactConfig
Description: Redact
replace_config
Type: STRUCT
Provider name: replaceConfig
Description: Replace with a specified value.
new_value
Type: STRUCT
Provider name: newValue
Description: Value to replace it with.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
replace_dictionary_config
Type: STRUCT
Provider name: replaceDictionaryConfig
Description: Replace with a value randomly drawn (with replacement) from a dictionary.
word_list
Type: STRUCT
Provider name: wordList
Description: A list of words to select from for random replacement. The limits page contains details about the size limits of dictionaries.
words
Type: UNORDERED_LIST_STRING
Provider name: words
Description: Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits. [required]
replace_with_info_type_config
Type: STRUCT
Provider name: replaceWithInfoTypeConfig
Description: Replace with infotype
time_part_config
Type: STRUCT
Provider name: timePartConfig
Description: Time extraction
part_to_extract
Type: STRING
Provider name: partToExtract
Description: The part of the time to keep.
Possible values:
TIME_PART_UNSPECIFIED - Unused
YEAR - [0-9999]
MONTH - [1-12]
DAY_OF_MONTH - [1-31]
DAY_OF_WEEK - [1-7]
WEEK_OF_YEAR - [1-53]
HOUR_OF_DAY - [0-23]
primitive_transformation
Type: STRUCT
Provider name: primitiveTransformation
Description: Apply the transformation to the entire field.
bucketing_config
Type: STRUCT
Provider name: bucketingConfig
Description: Bucketing
buckets
Type: UNORDERED_LIST_STRUCT
Provider name: buckets
Description: Set of buckets. Ranges must be non-overlapping.
max
Type: STRUCT
Provider name: max
Description: Upper bound of the range, exclusive; type must match min.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
min
Type: STRUCT
Provider name: min
Description: Lower bound of the range, inclusive. Type should be the same as max if used.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
replacement_value
Type: STRUCT
Provider name: replacementValue
Description: Required. Replacement value for this bucket.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
character_mask_config
Type: STRUCT
Provider name: characterMaskConfig
Description: Mask
characters_to_ignore
Type: UNORDERED_LIST_STRUCT
Provider name: charactersToIgnore
Description: When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is 555-555-5555 and you instruct Cloud DLP to skip - and mask 5 characters with *, Cloud DLP returns ***-**5-5555.
characters_to_skip
Type: STRING
Provider name: charactersToSkip
Description: Characters to not transform when masking.
common_characters_to_ignore
Type: STRING
Provider name: commonCharactersToIgnore
Description: Common characters to not transform when masking. Useful to avoid removing punctuation.
Possible values:
COMMON_CHARS_TO_IGNORE_UNSPECIFIED - Unused.
NUMERIC - 0-9
ALPHA_UPPER_CASE - A-Z
ALPHA_LOWER_CASE - a-z
PUNCTUATION - US Punctuation, one of !’#$%&'()*+,-./:;<=>?@[\]^_`{|}~
WHITESPACE - Whitespace character, one of [ \t\n\x0B\f\r]
masking_character
Type: STRING
Provider name: maskingCharacter
Description: Character to use to mask the sensitive values—for example, * for an alphabetic string such as a name, or 0 for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to * for strings, and 0 for digits.
number_to_mask
Type: INT32
Provider name: numberToMask
Description: Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally. If number_to_mask is negative, this denotes inverse masking. Cloud DLP masks all but a number of characters. For example, suppose you have the following values: - masking_character is * - number_to_mask is -4 - reverse_order is false - CharsToIgnore includes - - Input string is 1234-5678-9012-3456 The resulting de-identified string is ****-****-****-3456. Cloud DLP masks all but the last four characters. If reverse_order is true, all but the first four characters are masked as 1234-****-****-****.
reverse_order
Type: BOOLEAN
Provider name: reverseOrder
Description: Mask characters in reverse order. For example, if masking_character is 0, number_to_mask is 14, and reverse_order is false, then the input string 1234-5678-9012-3456 is masked as 00000000000000-3456. If masking_character is *, number_to_mask is 3, and reverse_order is true, then the string 12345 is masked as 12***.
crypto_deterministic_config
Type: STRUCT
Provider name: cryptoDeterministicConfig
Description: Deterministic Crypto
context
Type: STRUCT
Provider name: context
Description: A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an InfoTypeTransformation is applied to both structured and unstructured ContentItems.
name
Type: STRING
Provider name: name
Description: Name describing the field.
crypto_key
Type: STRUCT
Provider name: cryptoKey
Description: The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use.
kms_wrapped
Type: STRUCT
Provider name: kmsWrapped
Description: Key wrapped using Cloud KMS
crypto_key_name
Type: STRING
Provider name: cryptoKeyName
Description: Required. The resource name of the KMS CryptoKey to use for unwrapping.
transient
Type: STRUCT
Provider name: transient
Description: Transient crypto key
name
Type: STRING
Provider name: name
Description: Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate TransientCryptoKey protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
unwrapped
Type: STRUCT
Provider name: unwrapped
Description: Unwrapped crypto key
surrogate_info_type
Type: STRUCT
Provider name: surrogateInfoType
Description: The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is ‘MY_TOKEN_INFO_TYPE’ and the surrogate is ‘abc’, the full replacement value will be: ‘MY_TOKEN_INFO_TYPE(3):abc’ This annotation identifies the surrogate when inspecting content using the custom info type ‘Surrogate’. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.
name
Type: STRING
Provider name: name
Description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern [A-Za-z0-9$_-]{1,64}.
sensitivity_score
Type: STRUCT
Provider name: sensitivityScore
Description: Optional custom sensitivity for this InfoType. This only applies to data profiling.
score
Type: STRING
Provider name: score
Description: The sensitivity score applied to the resource.
Possible values:
SENSITIVITY_SCORE_UNSPECIFIED - Unused.
SENSITIVITY_LOW - No sensitive information detected. The resource isn’t publicly accessible.
SENSITIVITY_UNKNOWN - Unable to determine sensitivity.
SENSITIVITY_MODERATE - Medium risk. Contains personally identifiable information (PII), potentially sensitive data, or fields with free-text data that are at a higher risk of having intermittent sensitive data. Consider limiting access.
SENSITIVITY_HIGH - High risk. Sensitive personally identifiable information (SPII) can be present. Exfiltration of data can lead to user data loss. Re-identification of users might be possible. Consider limiting usage and or removing SPII.
version
Type: STRING
Provider name: version
Description: Optional version name for this InfoType.
crypto_hash_config
Type: STRUCT
Provider name: cryptoHashConfig
Description: Crypto
crypto_key
Type: STRUCT
Provider name: cryptoKey
Description: The key used by the hash function.
kms_wrapped
Type: STRUCT
Provider name: kmsWrapped
Description: Key wrapped using Cloud KMS
crypto_key_name
Type: STRING
Provider name: cryptoKeyName
Description: Required. The resource name of the KMS CryptoKey to use for unwrapping.
transient
Type: STRUCT
Provider name: transient
Description: Transient crypto key
name
Type: STRING
Provider name: name
Description: Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate TransientCryptoKey protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
unwrapped
Type: STRUCT
Provider name: unwrapped
Description: Unwrapped crypto key
crypto_replace_ffx_fpe_config
Type: STRUCT
Provider name: cryptoReplaceFfxFpeConfig
Description: Ffx-Fpe. Strongly discouraged, consider using CryptoDeterministicConfig instead. Fpe is computationally expensive incurring latency costs.
common_alphabet
Type: STRING
Provider name: commonAlphabet
Description: Common alphabets.
Possible values:
FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED - Unused.
NUMERIC - [0-9] (radix of 10)
HEXADECIMAL - [0-9A-F] (radix of 16)
UPPER_CASE_ALPHA_NUMERIC - [0-9A-Z] (radix of 36)
ALPHA_NUMERIC - [0-9A-Za-z] (radix of 62)
context
Type: STRUCT
Provider name: context
Description: The ’tweak’, a context may be used for higher security since the same identifier in two different contexts won’t be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an InfoTypeTransformation is applied to both structured and unstructured ContentItems. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2
name
Type: STRING
Provider name: name
Description: Name describing the field.
crypto_key
Type: STRUCT
Provider name: cryptoKey
Description: Required. The key used by the encryption algorithm.
kms_wrapped
Type: STRUCT
Provider name: kmsWrapped
Description: Key wrapped using Cloud KMS
crypto_key_name
Type: STRING
Provider name: cryptoKeyName
Description: Required. The resource name of the KMS CryptoKey to use for unwrapping.
transient
Type: STRUCT
Provider name: transient
Description: Transient crypto key
name
Type: STRING
Provider name: name
Description: Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate TransientCryptoKey protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
unwrapped
Type: STRUCT
Provider name: unwrapped
Description: Unwrapped crypto key
custom_alphabet
Type: STRING
Provider name: customAlphabet
Description: This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/
radix
Type: INT32
Provider name: radix
Description: The native way to select the alphabet. Must be in the range [2, 95].
surrogate_info_type
Type: STRUCT
Provider name: surrogateInfoType
Description: The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is ‘MY_TOKEN_INFO_TYPE’ and the surrogate is ‘abc’, the full replacement value will be: ‘MY_TOKEN_INFO_TYPE(3):abc’ This annotation identifies the surrogate when inspecting content using the custom infoType SurrogateType. This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE
name
Type: STRING
Provider name: name
Description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern [A-Za-z0-9$_-]{1,64}.
sensitivity_score
Type: STRUCT
Provider name: sensitivityScore
Description: Optional custom sensitivity for this InfoType. This only applies to data profiling.
score
Type: STRING
Provider name: score
Description: The sensitivity score applied to the resource.
Possible values:
SENSITIVITY_SCORE_UNSPECIFIED - Unused.
SENSITIVITY_LOW - No sensitive information detected. The resource isn’t publicly accessible.
SENSITIVITY_UNKNOWN - Unable to determine sensitivity.
SENSITIVITY_MODERATE - Medium risk. Contains personally identifiable information (PII), potentially sensitive data, or fields with free-text data that are at a higher risk of having intermittent sensitive data. Consider limiting access.
SENSITIVITY_HIGH - High risk. Sensitive personally identifiable information (SPII) can be present. Exfiltration of data can lead to user data loss. Re-identification of users might be possible. Consider limiting usage and or removing SPII.
version
Type: STRING
Provider name: version
Description: Optional version name for this InfoType.
date_shift_config
Type: STRUCT
Provider name: dateShiftConfig
Description: Date Shift
context
Type: STRUCT
Provider name: context
Description: Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.
name
Type: STRING
Provider name: name
Description: Name describing the field.
crypto_key
Type: STRUCT
Provider name: cryptoKey
Description: Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.
kms_wrapped
Type: STRUCT
Provider name: kmsWrapped
Description: Key wrapped using Cloud KMS
crypto_key_name
Type: STRING
Provider name: cryptoKeyName
Description: Required. The resource name of the KMS CryptoKey to use for unwrapping.
transient
Type: STRUCT
Provider name: transient
Description: Transient crypto key
name
Type: STRING
Provider name: name
Description: Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate TransientCryptoKey protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
unwrapped
Type: STRUCT
Provider name: unwrapped
Description: Unwrapped crypto key
lower_bound_days
Type: INT32
Provider name: lowerBoundDays
Description: Required. For example, -5 means shift date to at most 5 days back in the past.
upper_bound_days
Type: INT32
Provider name: upperBoundDays
Description: Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.
fixed_size_bucketing_config
Type: STRUCT
Provider name: fixedSizeBucketingConfig
Description: Fixed size bucketing
bucket_size
Type: DOUBLE
Provider name: bucketSize
Description: Required. Size of each bucket (except for minimum and maximum buckets). So if lower_bound = 10, upper_bound = 89, and bucket_size = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
lower_bound
Type: STRUCT
Provider name: lowerBound
Description: Required. Lower bound value of buckets. All values less than lower_bound are grouped together into a single bucket; for example if lower_bound = 10, then all values less than 10 are replaced with the value “-10”.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
upper_bound
Type: STRUCT
Provider name: upperBound
Description: Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if upper_bound = 89, then all values greater than 89 are replaced with the value “89+”.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
redact_config
Type: STRUCT
Provider name: redactConfig
Description: Redact
replace_config
Type: STRUCT
Provider name: replaceConfig
Description: Replace with a specified value.
new_value
Type: STRUCT
Provider name: newValue
Description: Value to replace it with.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
replace_dictionary_config
Type: STRUCT
Provider name: replaceDictionaryConfig
Description: Replace with a value randomly drawn (with replacement) from a dictionary.
word_list
Type: STRUCT
Provider name: wordList
Description: A list of words to select from for random replacement. The limits page contains details about the size limits of dictionaries.
words
Type: UNORDERED_LIST_STRING
Provider name: words
Description: Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits. [required]
replace_with_info_type_config
Type: STRUCT
Provider name: replaceWithInfoTypeConfig
Description: Replace with infotype
time_part_config
Type: STRUCT
Provider name: timePartConfig
Description: Time extraction
part_to_extract
Type: STRING
Provider name: partToExtract
Description: The part of the time to keep.
Possible values:
TIME_PART_UNSPECIFIED - Unused
YEAR - [0-9999]
MONTH - [1-12]
DAY_OF_MONTH - [1-31]
DAY_OF_WEEK - [1-7]
WEEK_OF_YEAR - [1-53]
HOUR_OF_DAY - [0-23]
record_suppressions
Type: UNORDERED_LIST_STRUCT
Provider name: recordSuppressions
Description: Configuration defining which records get suppressed entirely. Records that match any suppression rule are omitted from the output.
condition
Type: STRUCT
Provider name: condition
Description: A condition that when it evaluates to true will result in the record being evaluated to be suppressed from the transformed content.
expressions
Type: STRUCT
Provider name: expressions
Description: An expression.
conditions
Type: STRUCT
Provider name: conditions
Description: Conditions to apply to the expression.
conditions
Type: UNORDERED_LIST_STRUCT
Provider name: conditions
Description: A collection of conditions.
field
Type: STRUCT
Provider name: field
Description: Required. Field within the record this condition is evaluated against.
name
Type: STRING
Provider name: name
Description: Name describing the field.
operator
Type: STRING
Provider name: operator
Description: Required. Operator used to compare the field or infoType to the value.
Possible values:
RELATIONAL_OPERATOR_UNSPECIFIED - Unused
EQUAL_TO - Equal. Attempts to match even with incompatible types.
NOT_EQUAL_TO - Not equal to. Attempts to match even with incompatible types.
GREATER_THAN - Greater than.
LESS_THAN - Less than.
GREATER_THAN_OR_EQUALS - Greater than or equals.
LESS_THAN_OR_EQUALS - Less than or equals.
EXISTS - Exists
value
Type: STRUCT
Provider name: value
Description: Value to compare against. [Mandatory, except for EXISTS tests.]
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
logical_operator
Type: STRING
Provider name: logicalOperator
Description: The operator to apply to the result of conditions. Default and currently only supported value is AND.
Possible values:
LOGICAL_OPERATOR_UNSPECIFIED - Unused
AND - Conditional AND
transformation_error_handling
Type: STRUCT
Provider name: transformationErrorHandling
Description: Mode for handling transformation errors. If left unspecified, the default mode is TransformationErrorHandling.ThrowError.
description
Type: STRING
Provider name: description
Description: Short description (max 256 chars).
gcp_display_name
Type: STRING
Provider name: displayName
Description: Display name (max 256 chars).
name
Type: STRING
Provider name: name
Description: Output only. The template name. The template will have one of the following formats: projects/PROJECT_ID/deidentifyTemplates/TEMPLATE_ID OR organizations/ORGANIZATION_ID/deidentifyTemplates/TEMPLATE_ID
update_time
Type: TIMESTAMP
Provider name: updateTime
Description: Output only. The last update timestamp of an inspectTemplate.
snapshot_structured_deidentify_template
Type: STRUCT
Provider name: snapshotStructuredDeidentifyTemplate
Description: Snapshot of the state of the structured DeidentifyTemplate from the Deidentify action at the time this job was run.
create_time
Type: TIMESTAMP
Provider name: createTime
Description: Output only. The creation timestamp of an inspectTemplate.
deidentify_config
Type: STRUCT
Provider name: deidentifyConfig
Description: The core content of the template.
image_transformations
Type: STRUCT
Provider name: imageTransformations
Description: Treat the dataset as an image and redact.
transforms
Type: UNORDERED_LIST_STRUCT
Provider name: transforms
Description: List of transforms to make.
all_info_types
Type: STRUCT
Provider name: allInfoTypes
Description: Apply transformation to all findings not specified in other ImageTransformation’s selected_info_types. Only one instance is allowed within the ImageTransformations message.
all_text
Type: STRUCT
Provider name: allText
Description: Apply transformation to all text that doesn’t match an infoType. Only one instance is allowed within the ImageTransformations message.
redaction_color
Type: STRUCT
Provider name: redactionColor
Description: The color to use when redacting content from an image. If not specified, the default is black.
blue
Type: FLOAT
Provider name: blue
Description: The amount of blue in the color as a value in the interval [0, 1].
green
Type: FLOAT
Provider name: green
Description: The amount of green in the color as a value in the interval [0, 1].
red
Type: FLOAT
Provider name: red
Description: The amount of red in the color as a value in the interval [0, 1].
selected_info_types
Type: STRUCT
Provider name: selectedInfoTypes
Description: Apply transformation to the selected info_types.
info_types
Type: UNORDERED_LIST_STRUCT
Provider name: infoTypes
Description: Required. InfoTypes to apply the transformation to. Required. Provided InfoType must be unique within the ImageTransformations message.
name
Type: STRING
Provider name: name
Description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern [A-Za-z0-9$_-]{1,64}.
sensitivity_score
Type: STRUCT
Provider name: sensitivityScore
Description: Optional custom sensitivity for this InfoType. This only applies to data profiling.
score
Type: STRING
Provider name: score
Description: The sensitivity score applied to the resource.
Possible values:
SENSITIVITY_SCORE_UNSPECIFIED - Unused.
SENSITIVITY_LOW - No sensitive information detected. The resource isn’t publicly accessible.
SENSITIVITY_UNKNOWN - Unable to determine sensitivity.
SENSITIVITY_MODERATE - Medium risk. Contains personally identifiable information (PII), potentially sensitive data, or fields with free-text data that are at a higher risk of having intermittent sensitive data. Consider limiting access.
SENSITIVITY_HIGH - High risk. Sensitive personally identifiable information (SPII) can be present. Exfiltration of data can lead to user data loss. Re-identification of users might be possible. Consider limiting usage and or removing SPII.
version
Type: STRING
Provider name: version
Description: Optional version name for this InfoType.
info_type_transformations
Type: STRUCT
Provider name: infoTypeTransformations
Description: Treat the dataset as free-form text and apply the same free text transformation everywhere.
transformations
Type: UNORDERED_LIST_STRUCT
Provider name: transformations
Description: Required. Transformation for each infoType. Cannot specify more than one for a given infoType.
info_types
Type: UNORDERED_LIST_STRUCT
Provider name: infoTypes
Description: InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in InspectConfig.
name
Type: STRING
Provider name: name
Description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern [A-Za-z0-9$_-]{1,64}.
sensitivity_score
Type: STRUCT
Provider name: sensitivityScore
Description: Optional custom sensitivity for this InfoType. This only applies to data profiling.
score
Type: STRING
Provider name: score
Description: The sensitivity score applied to the resource.
Possible values:
SENSITIVITY_SCORE_UNSPECIFIED - Unused.
SENSITIVITY_LOW - No sensitive information detected. The resource isn’t publicly accessible.
SENSITIVITY_UNKNOWN - Unable to determine sensitivity.
SENSITIVITY_MODERATE - Medium risk. Contains personally identifiable information (PII), potentially sensitive data, or fields with free-text data that are at a higher risk of having intermittent sensitive data. Consider limiting access.
SENSITIVITY_HIGH - High risk. Sensitive personally identifiable information (SPII) can be present. Exfiltration of data can lead to user data loss. Re-identification of users might be possible. Consider limiting usage and or removing SPII.
version
Type: STRING
Provider name: version
Description: Optional version name for this InfoType.
primitive_transformation
Type: STRUCT
Provider name: primitiveTransformation
Description: Required. Primitive transformation to apply to the infoType.
bucketing_config
Type: STRUCT
Provider name: bucketingConfig
Description: Bucketing
buckets
Type: UNORDERED_LIST_STRUCT
Provider name: buckets
Description: Set of buckets. Ranges must be non-overlapping.
max
Type: STRUCT
Provider name: max
Description: Upper bound of the range, exclusive; type must match min.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
min
Type: STRUCT
Provider name: min
Description: Lower bound of the range, inclusive. Type should be the same as max if used.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
replacement_value
Type: STRUCT
Provider name: replacementValue
Description: Required. Replacement value for this bucket.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
character_mask_config
Type: STRUCT
Provider name: characterMaskConfig
Description: Mask
characters_to_ignore
Type: UNORDERED_LIST_STRUCT
Provider name: charactersToIgnore
Description: When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is 555-555-5555 and you instruct Cloud DLP to skip - and mask 5 characters with *, Cloud DLP returns ***-**5-5555.
characters_to_skip
Type: STRING
Provider name: charactersToSkip
Description: Characters to not transform when masking.
common_characters_to_ignore
Type: STRING
Provider name: commonCharactersToIgnore
Description: Common characters to not transform when masking. Useful to avoid removing punctuation.
Possible values:
COMMON_CHARS_TO_IGNORE_UNSPECIFIED - Unused.
NUMERIC - 0-9
ALPHA_UPPER_CASE - A-Z
ALPHA_LOWER_CASE - a-z
PUNCTUATION - US Punctuation, one of !’#$%&'()*+,-./:;<=>?@[\]^_`{|}~
WHITESPACE - Whitespace character, one of [ \t\n\x0B\f\r]
masking_character
Type: STRING
Provider name: maskingCharacter
Description: Character to use to mask the sensitive values—for example, * for an alphabetic string such as a name, or 0 for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to * for strings, and 0 for digits.
number_to_mask
Type: INT32
Provider name: numberToMask
Description: Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally. If number_to_mask is negative, this denotes inverse masking. Cloud DLP masks all but a number of characters. For example, suppose you have the following values: - masking_character is * - number_to_mask is -4 - reverse_order is false - CharsToIgnore includes - - Input string is 1234-5678-9012-3456 The resulting de-identified string is ****-****-****-3456. Cloud DLP masks all but the last four characters. If reverse_order is true, all but the first four characters are masked as 1234-****-****-****.
reverse_order
Type: BOOLEAN
Provider name: reverseOrder
Description: Mask characters in reverse order. For example, if masking_character is 0, number_to_mask is 14, and reverse_order is false, then the input string 1234-5678-9012-3456 is masked as 00000000000000-3456. If masking_character is *, number_to_mask is 3, and reverse_order is true, then the string 12345 is masked as 12***.
crypto_deterministic_config
Type: STRUCT
Provider name: cryptoDeterministicConfig
Description: Deterministic Crypto
context
Type: STRUCT
Provider name: context
Description: A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an InfoTypeTransformation is applied to both structured and unstructured ContentItems.
name
Type: STRING
Provider name: name
Description: Name describing the field.
crypto_key
Type: STRUCT
Provider name: cryptoKey
Description: The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use.
kms_wrapped
Type: STRUCT
Provider name: kmsWrapped
Description: Key wrapped using Cloud KMS
crypto_key_name
Type: STRING
Provider name: cryptoKeyName
Description: Required. The resource name of the KMS CryptoKey to use for unwrapping.
transient
Type: STRUCT
Provider name: transient
Description: Transient crypto key
name
Type: STRING
Provider name: name
Description: Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate TransientCryptoKey protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
unwrapped
Type: STRUCT
Provider name: unwrapped
Description: Unwrapped crypto key
surrogate_info_type
Type: STRUCT
Provider name: surrogateInfoType
Description: The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is ‘MY_TOKEN_INFO_TYPE’ and the surrogate is ‘abc’, the full replacement value will be: ‘MY_TOKEN_INFO_TYPE(3):abc’ This annotation identifies the surrogate when inspecting content using the custom info type ‘Surrogate’. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.
name
Type: STRING
Provider name: name
Description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern [A-Za-z0-9$_-]{1,64}.
sensitivity_score
Type: STRUCT
Provider name: sensitivityScore
Description: Optional custom sensitivity for this InfoType. This only applies to data profiling.
score
Type: STRING
Provider name: score
Description: The sensitivity score applied to the resource.
Possible values:
SENSITIVITY_SCORE_UNSPECIFIED - Unused.
SENSITIVITY_LOW - No sensitive information detected. The resource isn’t publicly accessible.
SENSITIVITY_UNKNOWN - Unable to determine sensitivity.
SENSITIVITY_MODERATE - Medium risk. Contains personally identifiable information (PII), potentially sensitive data, or fields with free-text data that are at a higher risk of having intermittent sensitive data. Consider limiting access.
SENSITIVITY_HIGH - High risk. Sensitive personally identifiable information (SPII) can be present. Exfiltration of data can lead to user data loss. Re-identification of users might be possible. Consider limiting usage and or removing SPII.
version
Type: STRING
Provider name: version
Description: Optional version name for this InfoType.
crypto_hash_config
Type: STRUCT
Provider name: cryptoHashConfig
Description: Crypto
crypto_key
Type: STRUCT
Provider name: cryptoKey
Description: The key used by the hash function.
kms_wrapped
Type: STRUCT
Provider name: kmsWrapped
Description: Key wrapped using Cloud KMS
crypto_key_name
Type: STRING
Provider name: cryptoKeyName
Description: Required. The resource name of the KMS CryptoKey to use for unwrapping.
transient
Type: STRUCT
Provider name: transient
Description: Transient crypto key
name
Type: STRING
Provider name: name
Description: Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate TransientCryptoKey protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
unwrapped
Type: STRUCT
Provider name: unwrapped
Description: Unwrapped crypto key
crypto_replace_ffx_fpe_config
Type: STRUCT
Provider name: cryptoReplaceFfxFpeConfig
Description: Ffx-Fpe. Strongly discouraged, consider using CryptoDeterministicConfig instead. Fpe is computationally expensive incurring latency costs.
common_alphabet
Type: STRING
Provider name: commonAlphabet
Description: Common alphabets.
Possible values:
FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED - Unused.
NUMERIC - [0-9] (radix of 10)
HEXADECIMAL - [0-9A-F] (radix of 16)
UPPER_CASE_ALPHA_NUMERIC - [0-9A-Z] (radix of 36)
ALPHA_NUMERIC - [0-9A-Za-z] (radix of 62)
context
Type: STRUCT
Provider name: context
Description: The ’tweak’, a context may be used for higher security since the same identifier in two different contexts won’t be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an InfoTypeTransformation is applied to both structured and unstructured ContentItems. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2
name
Type: STRING
Provider name: name
Description: Name describing the field.
crypto_key
Type: STRUCT
Provider name: cryptoKey
Description: Required. The key used by the encryption algorithm.
kms_wrapped
Type: STRUCT
Provider name: kmsWrapped
Description: Key wrapped using Cloud KMS
crypto_key_name
Type: STRING
Provider name: cryptoKeyName
Description: Required. The resource name of the KMS CryptoKey to use for unwrapping.
transient
Type: STRUCT
Provider name: transient
Description: Transient crypto key
name
Type: STRING
Provider name: name
Description: Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate TransientCryptoKey protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
unwrapped
Type: STRUCT
Provider name: unwrapped
Description: Unwrapped crypto key
custom_alphabet
Type: STRING
Provider name: customAlphabet
Description: This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/
radix
Type: INT32
Provider name: radix
Description: The native way to select the alphabet. Must be in the range [2, 95].
surrogate_info_type
Type: STRUCT
Provider name: surrogateInfoType
Description: The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is ‘MY_TOKEN_INFO_TYPE’ and the surrogate is ‘abc’, the full replacement value will be: ‘MY_TOKEN_INFO_TYPE(3):abc’ This annotation identifies the surrogate when inspecting content using the custom infoType SurrogateType. This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE
name
Type: STRING
Provider name: name
Description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern [A-Za-z0-9$_-]{1,64}.
sensitivity_score
Type: STRUCT
Provider name: sensitivityScore
Description: Optional custom sensitivity for this InfoType. This only applies to data profiling.
score
Type: STRING
Provider name: score
Description: The sensitivity score applied to the resource.
Possible values:
SENSITIVITY_SCORE_UNSPECIFIED - Unused.
SENSITIVITY_LOW - No sensitive information detected. The resource isn’t publicly accessible.
SENSITIVITY_UNKNOWN - Unable to determine sensitivity.
SENSITIVITY_MODERATE - Medium risk. Contains personally identifiable information (PII), potentially sensitive data, or fields with free-text data that are at a higher risk of having intermittent sensitive data. Consider limiting access.
SENSITIVITY_HIGH - High risk. Sensitive personally identifiable information (SPII) can be present. Exfiltration of data can lead to user data loss. Re-identification of users might be possible. Consider limiting usage and or removing SPII.
version
Type: STRING
Provider name: version
Description: Optional version name for this InfoType.
date_shift_config
Type: STRUCT
Provider name: dateShiftConfig
Description: Date Shift
context
Type: STRUCT
Provider name: context
Description: Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.
name
Type: STRING
Provider name: name
Description: Name describing the field.
crypto_key
Type: STRUCT
Provider name: cryptoKey
Description: Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.
kms_wrapped
Type: STRUCT
Provider name: kmsWrapped
Description: Key wrapped using Cloud KMS
crypto_key_name
Type: STRING
Provider name: cryptoKeyName
Description: Required. The resource name of the KMS CryptoKey to use for unwrapping.
transient
Type: STRUCT
Provider name: transient
Description: Transient crypto key
name
Type: STRING
Provider name: name
Description: Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate TransientCryptoKey protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
unwrapped
Type: STRUCT
Provider name: unwrapped
Description: Unwrapped crypto key
lower_bound_days
Type: INT32
Provider name: lowerBoundDays
Description: Required. For example, -5 means shift date to at most 5 days back in the past.
upper_bound_days
Type: INT32
Provider name: upperBoundDays
Description: Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.
fixed_size_bucketing_config
Type: STRUCT
Provider name: fixedSizeBucketingConfig
Description: Fixed size bucketing
bucket_size
Type: DOUBLE
Provider name: bucketSize
Description: Required. Size of each bucket (except for minimum and maximum buckets). So if lower_bound = 10, upper_bound = 89, and bucket_size = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
lower_bound
Type: STRUCT
Provider name: lowerBound
Description: Required. Lower bound value of buckets. All values less than lower_bound are grouped together into a single bucket; for example if lower_bound = 10, then all values less than 10 are replaced with the value “-10”.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
upper_bound
Type: STRUCT
Provider name: upperBound
Description: Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if upper_bound = 89, then all values greater than 89 are replaced with the value “89+”.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
redact_config
Type: STRUCT
Provider name: redactConfig
Description: Redact
replace_config
Type: STRUCT
Provider name: replaceConfig
Description: Replace with a specified value.
new_value
Type: STRUCT
Provider name: newValue
Description: Value to replace it with.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
replace_dictionary_config
Type: STRUCT
Provider name: replaceDictionaryConfig
Description: Replace with a value randomly drawn (with replacement) from a dictionary.
word_list
Type: STRUCT
Provider name: wordList
Description: A list of words to select from for random replacement. The limits page contains details about the size limits of dictionaries.
words
Type: UNORDERED_LIST_STRING
Provider name: words
Description: Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits. [required]
replace_with_info_type_config
Type: STRUCT
Provider name: replaceWithInfoTypeConfig
Description: Replace with infotype
time_part_config
Type: STRUCT
Provider name: timePartConfig
Description: Time extraction
part_to_extract
Type: STRING
Provider name: partToExtract
Description: The part of the time to keep.
Possible values:
TIME_PART_UNSPECIFIED - Unused
YEAR - [0-9999]
MONTH - [1-12]
DAY_OF_MONTH - [1-31]
DAY_OF_WEEK - [1-7]
WEEK_OF_YEAR - [1-53]
HOUR_OF_DAY - [0-23]
record_transformations
Type: STRUCT
Provider name: recordTransformations
Description: Treat the dataset as structured. Transformations can be applied to specific locations within structured datasets, such as transforming a column within a table.
field_transformations
Type: UNORDERED_LIST_STRUCT
Provider name: fieldTransformations
Description: Transform the record by applying various field transformations.
condition
Type: STRUCT
Provider name: condition
Description: Only apply the transformation if the condition evaluates to true for the given RecordCondition. The conditions are allowed to reference fields that are not used in the actual transformation. Example Use Cases: - Apply a different bucket transformation to an age column if the zip code column for the same record is within a specific range. - Redact a field if the date of birth field is greater than 85.
expressions
Type: STRUCT
Provider name: expressions
Description: An expression.
conditions
Type: STRUCT
Provider name: conditions
Description: Conditions to apply to the expression.
conditions
Type: UNORDERED_LIST_STRUCT
Provider name: conditions
Description: A collection of conditions.
field
Type: STRUCT
Provider name: field
Description: Required. Field within the record this condition is evaluated against.
name
Type: STRING
Provider name: name
Description: Name describing the field.
operator
Type: STRING
Provider name: operator
Description: Required. Operator used to compare the field or infoType to the value.
Possible values:
RELATIONAL_OPERATOR_UNSPECIFIED - Unused
EQUAL_TO - Equal. Attempts to match even with incompatible types.
NOT_EQUAL_TO - Not equal to. Attempts to match even with incompatible types.
GREATER_THAN - Greater than.
LESS_THAN - Less than.
GREATER_THAN_OR_EQUALS - Greater than or equals.
LESS_THAN_OR_EQUALS - Less than or equals.
EXISTS - Exists
value
Type: STRUCT
Provider name: value
Description: Value to compare against. [Mandatory, except for EXISTS tests.]
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
logical_operator
Type: STRING
Provider name: logicalOperator
Description: The operator to apply to the result of conditions. Default and currently only supported value is AND.
Possible values:
LOGICAL_OPERATOR_UNSPECIFIED - Unused
AND - Conditional AND
fields
Type: UNORDERED_LIST_STRUCT
Provider name: fields
Description: Required. Input field(s) to apply the transformation to. When you have columns that reference their position within a list, omit the index from the FieldId. FieldId name matching ignores the index. For example, instead of “contact.nums[0].type”, use “contact.nums.type”.
name
Type: STRING
Provider name: name
Description: Name describing the field.
info_type_transformations
Type: STRUCT
Provider name: infoTypeTransformations
Description: Treat the contents of the field as free text, and selectively transform content that matches an InfoType.
transformations
Type: UNORDERED_LIST_STRUCT
Provider name: transformations
Description: Required. Transformation for each infoType. Cannot specify more than one for a given infoType.
info_types
Type: UNORDERED_LIST_STRUCT
Provider name: infoTypes
Description: InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in InspectConfig.
name
Type: STRING
Provider name: name
Description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern [A-Za-z0-9$_-]{1,64}.
sensitivity_score
Type: STRUCT
Provider name: sensitivityScore
Description: Optional custom sensitivity for this InfoType. This only applies to data profiling.
score
Type: STRING
Provider name: score
Description: The sensitivity score applied to the resource.
Possible values:
SENSITIVITY_SCORE_UNSPECIFIED - Unused.
SENSITIVITY_LOW - No sensitive information detected. The resource isn’t publicly accessible.
SENSITIVITY_UNKNOWN - Unable to determine sensitivity.
SENSITIVITY_MODERATE - Medium risk. Contains personally identifiable information (PII), potentially sensitive data, or fields with free-text data that are at a higher risk of having intermittent sensitive data. Consider limiting access.
SENSITIVITY_HIGH - High risk. Sensitive personally identifiable information (SPII) can be present. Exfiltration of data can lead to user data loss. Re-identification of users might be possible. Consider limiting usage and or removing SPII.
version
Type: STRING
Provider name: version
Description: Optional version name for this InfoType.
primitive_transformation
Type: STRUCT
Provider name: primitiveTransformation
Description: Required. Primitive transformation to apply to the infoType.
bucketing_config
Type: STRUCT
Provider name: bucketingConfig
Description: Bucketing
buckets
Type: UNORDERED_LIST_STRUCT
Provider name: buckets
Description: Set of buckets. Ranges must be non-overlapping.
max
Type: STRUCT
Provider name: max
Description: Upper bound of the range, exclusive; type must match min.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
min
Type: STRUCT
Provider name: min
Description: Lower bound of the range, inclusive. Type should be the same as max if used.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
replacement_value
Type: STRUCT
Provider name: replacementValue
Description: Required. Replacement value for this bucket.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
character_mask_config
Type: STRUCT
Provider name: characterMaskConfig
Description: Mask
characters_to_ignore
Type: UNORDERED_LIST_STRUCT
Provider name: charactersToIgnore
Description: When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is 555-555-5555 and you instruct Cloud DLP to skip - and mask 5 characters with *, Cloud DLP returns ***-**5-5555.
characters_to_skip
Type: STRING
Provider name: charactersToSkip
Description: Characters to not transform when masking.
common_characters_to_ignore
Type: STRING
Provider name: commonCharactersToIgnore
Description: Common characters to not transform when masking. Useful to avoid removing punctuation.
Possible values:
COMMON_CHARS_TO_IGNORE_UNSPECIFIED - Unused.
NUMERIC - 0-9
ALPHA_UPPER_CASE - A-Z
ALPHA_LOWER_CASE - a-z
PUNCTUATION - US Punctuation, one of !’#$%&'()*+,-./:;<=>?@[\]^_`{|}~
WHITESPACE - Whitespace character, one of [ \t\n\x0B\f\r]
masking_character
Type: STRING
Provider name: maskingCharacter
Description: Character to use to mask the sensitive values—for example, * for an alphabetic string such as a name, or 0 for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to * for strings, and 0 for digits.
number_to_mask
Type: INT32
Provider name: numberToMask
Description: Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally. If number_to_mask is negative, this denotes inverse masking. Cloud DLP masks all but a number of characters. For example, suppose you have the following values: - masking_character is * - number_to_mask is -4 - reverse_order is false - CharsToIgnore includes - - Input string is 1234-5678-9012-3456 The resulting de-identified string is ****-****-****-3456. Cloud DLP masks all but the last four characters. If reverse_order is true, all but the first four characters are masked as 1234-****-****-****.
reverse_order
Type: BOOLEAN
Provider name: reverseOrder
Description: Mask characters in reverse order. For example, if masking_character is 0, number_to_mask is 14, and reverse_order is false, then the input string 1234-5678-9012-3456 is masked as 00000000000000-3456. If masking_character is *, number_to_mask is 3, and reverse_order is true, then the string 12345 is masked as 12***.
crypto_deterministic_config
Type: STRUCT
Provider name: cryptoDeterministicConfig
Description: Deterministic Crypto
context
Type: STRUCT
Provider name: context
Description: A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an InfoTypeTransformation is applied to both structured and unstructured ContentItems.
name
Type: STRING
Provider name: name
Description: Name describing the field.
crypto_key
Type: STRUCT
Provider name: cryptoKey
Description: The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use.
kms_wrapped
Type: STRUCT
Provider name: kmsWrapped
Description: Key wrapped using Cloud KMS
crypto_key_name
Type: STRING
Provider name: cryptoKeyName
Description: Required. The resource name of the KMS CryptoKey to use for unwrapping.
transient
Type: STRUCT
Provider name: transient
Description: Transient crypto key
name
Type: STRING
Provider name: name
Description: Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate TransientCryptoKey protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
unwrapped
Type: STRUCT
Provider name: unwrapped
Description: Unwrapped crypto key
surrogate_info_type
Type: STRUCT
Provider name: surrogateInfoType
Description: The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is ‘MY_TOKEN_INFO_TYPE’ and the surrogate is ‘abc’, the full replacement value will be: ‘MY_TOKEN_INFO_TYPE(3):abc’ This annotation identifies the surrogate when inspecting content using the custom info type ‘Surrogate’. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.
name
Type: STRING
Provider name: name
Description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern [A-Za-z0-9$_-]{1,64}.
sensitivity_score
Type: STRUCT
Provider name: sensitivityScore
Description: Optional custom sensitivity for this InfoType. This only applies to data profiling.
score
Type: STRING
Provider name: score
Description: The sensitivity score applied to the resource.
Possible values:
SENSITIVITY_SCORE_UNSPECIFIED - Unused.
SENSITIVITY_LOW - No sensitive information detected. The resource isn’t publicly accessible.
SENSITIVITY_UNKNOWN - Unable to determine sensitivity.
SENSITIVITY_MODERATE - Medium risk. Contains personally identifiable information (PII), potentially sensitive data, or fields with free-text data that are at a higher risk of having intermittent sensitive data. Consider limiting access.
SENSITIVITY_HIGH - High risk. Sensitive personally identifiable information (SPII) can be present. Exfiltration of data can lead to user data loss. Re-identification of users might be possible. Consider limiting usage and or removing SPII.
version
Type: STRING
Provider name: version
Description: Optional version name for this InfoType.
crypto_hash_config
Type: STRUCT
Provider name: cryptoHashConfig
Description: Crypto
crypto_key
Type: STRUCT
Provider name: cryptoKey
Description: The key used by the hash function.
kms_wrapped
Type: STRUCT
Provider name: kmsWrapped
Description: Key wrapped using Cloud KMS
crypto_key_name
Type: STRING
Provider name: cryptoKeyName
Description: Required. The resource name of the KMS CryptoKey to use for unwrapping.
transient
Type: STRUCT
Provider name: transient
Description: Transient crypto key
name
Type: STRING
Provider name: name
Description: Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate TransientCryptoKey protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
unwrapped
Type: STRUCT
Provider name: unwrapped
Description: Unwrapped crypto key
crypto_replace_ffx_fpe_config
Type: STRUCT
Provider name: cryptoReplaceFfxFpeConfig
Description: Ffx-Fpe. Strongly discouraged, consider using CryptoDeterministicConfig instead. Fpe is computationally expensive incurring latency costs.
common_alphabet
Type: STRING
Provider name: commonAlphabet
Description: Common alphabets.
Possible values:
FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED - Unused.
NUMERIC - [0-9] (radix of 10)
HEXADECIMAL - [0-9A-F] (radix of 16)
UPPER_CASE_ALPHA_NUMERIC - [0-9A-Z] (radix of 36)
ALPHA_NUMERIC - [0-9A-Za-z] (radix of 62)
context
Type: STRUCT
Provider name: context
Description: The ’tweak’, a context may be used for higher security since the same identifier in two different contexts won’t be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an InfoTypeTransformation is applied to both structured and unstructured ContentItems. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2
name
Type: STRING
Provider name: name
Description: Name describing the field.
crypto_key
Type: STRUCT
Provider name: cryptoKey
Description: Required. The key used by the encryption algorithm.
kms_wrapped
Type: STRUCT
Provider name: kmsWrapped
Description: Key wrapped using Cloud KMS
crypto_key_name
Type: STRING
Provider name: cryptoKeyName
Description: Required. The resource name of the KMS CryptoKey to use for unwrapping.
transient
Type: STRUCT
Provider name: transient
Description: Transient crypto key
name
Type: STRING
Provider name: name
Description: Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate TransientCryptoKey protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
unwrapped
Type: STRUCT
Provider name: unwrapped
Description: Unwrapped crypto key
custom_alphabet
Type: STRING
Provider name: customAlphabet
Description: This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/
radix
Type: INT32
Provider name: radix
Description: The native way to select the alphabet. Must be in the range [2, 95].
surrogate_info_type
Type: STRUCT
Provider name: surrogateInfoType
Description: The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is ‘MY_TOKEN_INFO_TYPE’ and the surrogate is ‘abc’, the full replacement value will be: ‘MY_TOKEN_INFO_TYPE(3):abc’ This annotation identifies the surrogate when inspecting content using the custom infoType SurrogateType. This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE
name
Type: STRING
Provider name: name
Description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern [A-Za-z0-9$_-]{1,64}.
sensitivity_score
Type: STRUCT
Provider name: sensitivityScore
Description: Optional custom sensitivity for this InfoType. This only applies to data profiling.
score
Type: STRING
Provider name: score
Description: The sensitivity score applied to the resource.
Possible values:
SENSITIVITY_SCORE_UNSPECIFIED - Unused.
SENSITIVITY_LOW - No sensitive information detected. The resource isn’t publicly accessible.
SENSITIVITY_UNKNOWN - Unable to determine sensitivity.
SENSITIVITY_MODERATE - Medium risk. Contains personally identifiable information (PII), potentially sensitive data, or fields with free-text data that are at a higher risk of having intermittent sensitive data. Consider limiting access.
SENSITIVITY_HIGH - High risk. Sensitive personally identifiable information (SPII) can be present. Exfiltration of data can lead to user data loss. Re-identification of users might be possible. Consider limiting usage and or removing SPII.
version
Type: STRING
Provider name: version
Description: Optional version name for this InfoType.
date_shift_config
Type: STRUCT
Provider name: dateShiftConfig
Description: Date Shift
context
Type: STRUCT
Provider name: context
Description: Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.
name
Type: STRING
Provider name: name
Description: Name describing the field.
crypto_key
Type: STRUCT
Provider name: cryptoKey
Description: Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.
kms_wrapped
Type: STRUCT
Provider name: kmsWrapped
Description: Key wrapped using Cloud KMS
crypto_key_name
Type: STRING
Provider name: cryptoKeyName
Description: Required. The resource name of the KMS CryptoKey to use for unwrapping.
transient
Type: STRUCT
Provider name: transient
Description: Transient crypto key
name
Type: STRING
Provider name: name
Description: Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate TransientCryptoKey protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
unwrapped
Type: STRUCT
Provider name: unwrapped
Description: Unwrapped crypto key
lower_bound_days
Type: INT32
Provider name: lowerBoundDays
Description: Required. For example, -5 means shift date to at most 5 days back in the past.
upper_bound_days
Type: INT32
Provider name: upperBoundDays
Description: Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.
fixed_size_bucketing_config
Type: STRUCT
Provider name: fixedSizeBucketingConfig
Description: Fixed size bucketing
bucket_size
Type: DOUBLE
Provider name: bucketSize
Description: Required. Size of each bucket (except for minimum and maximum buckets). So if lower_bound = 10, upper_bound = 89, and bucket_size = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
lower_bound
Type: STRUCT
Provider name: lowerBound
Description: Required. Lower bound value of buckets. All values less than lower_bound are grouped together into a single bucket; for example if lower_bound = 10, then all values less than 10 are replaced with the value “-10”.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
upper_bound
Type: STRUCT
Provider name: upperBound
Description: Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if upper_bound = 89, then all values greater than 89 are replaced with the value “89+”.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
redact_config
Type: STRUCT
Provider name: redactConfig
Description: Redact
replace_config
Type: STRUCT
Provider name: replaceConfig
Description: Replace with a specified value.
new_value
Type: STRUCT
Provider name: newValue
Description: Value to replace it with.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
replace_dictionary_config
Type: STRUCT
Provider name: replaceDictionaryConfig
Description: Replace with a value randomly drawn (with replacement) from a dictionary.
word_list
Type: STRUCT
Provider name: wordList
Description: A list of words to select from for random replacement. The limits page contains details about the size limits of dictionaries.
words
Type: UNORDERED_LIST_STRING
Provider name: words
Description: Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits. [required]
replace_with_info_type_config
Type: STRUCT
Provider name: replaceWithInfoTypeConfig
Description: Replace with infotype
time_part_config
Type: STRUCT
Provider name: timePartConfig
Description: Time extraction
part_to_extract
Type: STRING
Provider name: partToExtract
Description: The part of the time to keep.
Possible values:
TIME_PART_UNSPECIFIED - Unused
YEAR - [0-9999]
MONTH - [1-12]
DAY_OF_MONTH - [1-31]
DAY_OF_WEEK - [1-7]
WEEK_OF_YEAR - [1-53]
HOUR_OF_DAY - [0-23]
primitive_transformation
Type: STRUCT
Provider name: primitiveTransformation
Description: Apply the transformation to the entire field.
bucketing_config
Type: STRUCT
Provider name: bucketingConfig
Description: Bucketing
buckets
Type: UNORDERED_LIST_STRUCT
Provider name: buckets
Description: Set of buckets. Ranges must be non-overlapping.
max
Type: STRUCT
Provider name: max
Description: Upper bound of the range, exclusive; type must match min.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
min
Type: STRUCT
Provider name: min
Description: Lower bound of the range, inclusive. Type should be the same as max if used.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
replacement_value
Type: STRUCT
Provider name: replacementValue
Description: Required. Replacement value for this bucket.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
character_mask_config
Type: STRUCT
Provider name: characterMaskConfig
Description: Mask
characters_to_ignore
Type: UNORDERED_LIST_STRUCT
Provider name: charactersToIgnore
Description: When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is 555-555-5555 and you instruct Cloud DLP to skip - and mask 5 characters with *, Cloud DLP returns ***-**5-5555.
characters_to_skip
Type: STRING
Provider name: charactersToSkip
Description: Characters to not transform when masking.
common_characters_to_ignore
Type: STRING
Provider name: commonCharactersToIgnore
Description: Common characters to not transform when masking. Useful to avoid removing punctuation.
Possible values:
COMMON_CHARS_TO_IGNORE_UNSPECIFIED - Unused.
NUMERIC - 0-9
ALPHA_UPPER_CASE - A-Z
ALPHA_LOWER_CASE - a-z
PUNCTUATION - US Punctuation, one of !’#$%&'()*+,-./:;<=>?@[\]^_`{|}~
WHITESPACE - Whitespace character, one of [ \t\n\x0B\f\r]
masking_character
Type: STRING
Provider name: maskingCharacter
Description: Character to use to mask the sensitive values—for example, * for an alphabetic string such as a name, or 0 for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to * for strings, and 0 for digits.
number_to_mask
Type: INT32
Provider name: numberToMask
Description: Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally. If number_to_mask is negative, this denotes inverse masking. Cloud DLP masks all but a number of characters. For example, suppose you have the following values: - masking_character is * - number_to_mask is -4 - reverse_order is false - CharsToIgnore includes - - Input string is 1234-5678-9012-3456 The resulting de-identified string is ****-****-****-3456. Cloud DLP masks all but the last four characters. If reverse_order is true, all but the first four characters are masked as 1234-****-****-****.
reverse_order
Type: BOOLEAN
Provider name: reverseOrder
Description: Mask characters in reverse order. For example, if masking_character is 0, number_to_mask is 14, and reverse_order is false, then the input string 1234-5678-9012-3456 is masked as 00000000000000-3456. If masking_character is *, number_to_mask is 3, and reverse_order is true, then the string 12345 is masked as 12***.
crypto_deterministic_config
Type: STRUCT
Provider name: cryptoDeterministicConfig
Description: Deterministic Crypto
context
Type: STRUCT
Provider name: context
Description: A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an InfoTypeTransformation is applied to both structured and unstructured ContentItems.
name
Type: STRING
Provider name: name
Description: Name describing the field.
crypto_key
Type: STRUCT
Provider name: cryptoKey
Description: The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use.
kms_wrapped
Type: STRUCT
Provider name: kmsWrapped
Description: Key wrapped using Cloud KMS
crypto_key_name
Type: STRING
Provider name: cryptoKeyName
Description: Required. The resource name of the KMS CryptoKey to use for unwrapping.
transient
Type: STRUCT
Provider name: transient
Description: Transient crypto key
name
Type: STRING
Provider name: name
Description: Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate TransientCryptoKey protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
unwrapped
Type: STRUCT
Provider name: unwrapped
Description: Unwrapped crypto key
surrogate_info_type
Type: STRUCT
Provider name: surrogateInfoType
Description: The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is ‘MY_TOKEN_INFO_TYPE’ and the surrogate is ‘abc’, the full replacement value will be: ‘MY_TOKEN_INFO_TYPE(3):abc’ This annotation identifies the surrogate when inspecting content using the custom info type ‘Surrogate’. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.
name
Type: STRING
Provider name: name
Description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern [A-Za-z0-9$_-]{1,64}.
sensitivity_score
Type: STRUCT
Provider name: sensitivityScore
Description: Optional custom sensitivity for this InfoType. This only applies to data profiling.
score
Type: STRING
Provider name: score
Description: The sensitivity score applied to the resource.
Possible values:
SENSITIVITY_SCORE_UNSPECIFIED - Unused.
SENSITIVITY_LOW - No sensitive information detected. The resource isn’t publicly accessible.
SENSITIVITY_UNKNOWN - Unable to determine sensitivity.
SENSITIVITY_MODERATE - Medium risk. Contains personally identifiable information (PII), potentially sensitive data, or fields with free-text data that are at a higher risk of having intermittent sensitive data. Consider limiting access.
SENSITIVITY_HIGH - High risk. Sensitive personally identifiable information (SPII) can be present. Exfiltration of data can lead to user data loss. Re-identification of users might be possible. Consider limiting usage and or removing SPII.
version
Type: STRING
Provider name: version
Description: Optional version name for this InfoType.
crypto_hash_config
Type: STRUCT
Provider name: cryptoHashConfig
Description: Crypto
crypto_key
Type: STRUCT
Provider name: cryptoKey
Description: The key used by the hash function.
kms_wrapped
Type: STRUCT
Provider name: kmsWrapped
Description: Key wrapped using Cloud KMS
crypto_key_name
Type: STRING
Provider name: cryptoKeyName
Description: Required. The resource name of the KMS CryptoKey to use for unwrapping.
transient
Type: STRUCT
Provider name: transient
Description: Transient crypto key
name
Type: STRING
Provider name: name
Description: Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate TransientCryptoKey protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
unwrapped
Type: STRUCT
Provider name: unwrapped
Description: Unwrapped crypto key
crypto_replace_ffx_fpe_config
Type: STRUCT
Provider name: cryptoReplaceFfxFpeConfig
Description: Ffx-Fpe. Strongly discouraged, consider using CryptoDeterministicConfig instead. Fpe is computationally expensive incurring latency costs.
common_alphabet
Type: STRING
Provider name: commonAlphabet
Description: Common alphabets.
Possible values:
FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED - Unused.
NUMERIC - [0-9] (radix of 10)
HEXADECIMAL - [0-9A-F] (radix of 16)
UPPER_CASE_ALPHA_NUMERIC - [0-9A-Z] (radix of 36)
ALPHA_NUMERIC - [0-9A-Za-z] (radix of 62)
context
Type: STRUCT
Provider name: context
Description: The ’tweak’, a context may be used for higher security since the same identifier in two different contexts won’t be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an InfoTypeTransformation is applied to both structured and unstructured ContentItems. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2
name
Type: STRING
Provider name: name
Description: Name describing the field.
crypto_key
Type: STRUCT
Provider name: cryptoKey
Description: Required. The key used by the encryption algorithm.
kms_wrapped
Type: STRUCT
Provider name: kmsWrapped
Description: Key wrapped using Cloud KMS
crypto_key_name
Type: STRING
Provider name: cryptoKeyName
Description: Required. The resource name of the KMS CryptoKey to use for unwrapping.
transient
Type: STRUCT
Provider name: transient
Description: Transient crypto key
name
Type: STRING
Provider name: name
Description: Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate TransientCryptoKey protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
unwrapped
Type: STRUCT
Provider name: unwrapped
Description: Unwrapped crypto key
custom_alphabet
Type: STRING
Provider name: customAlphabet
Description: This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/
radix
Type: INT32
Provider name: radix
Description: The native way to select the alphabet. Must be in the range [2, 95].
surrogate_info_type
Type: STRUCT
Provider name: surrogateInfoType
Description: The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is ‘MY_TOKEN_INFO_TYPE’ and the surrogate is ‘abc’, the full replacement value will be: ‘MY_TOKEN_INFO_TYPE(3):abc’ This annotation identifies the surrogate when inspecting content using the custom infoType SurrogateType. This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE
name
Type: STRING
Provider name: name
Description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern [A-Za-z0-9$_-]{1,64}.
sensitivity_score
Type: STRUCT
Provider name: sensitivityScore
Description: Optional custom sensitivity for this InfoType. This only applies to data profiling.
score
Type: STRING
Provider name: score
Description: The sensitivity score applied to the resource.
Possible values:
SENSITIVITY_SCORE_UNSPECIFIED - Unused.
SENSITIVITY_LOW - No sensitive information detected. The resource isn’t publicly accessible.
SENSITIVITY_UNKNOWN - Unable to determine sensitivity.
SENSITIVITY_MODERATE - Medium risk. Contains personally identifiable information (PII), potentially sensitive data, or fields with free-text data that are at a higher risk of having intermittent sensitive data. Consider limiting access.
SENSITIVITY_HIGH - High risk. Sensitive personally identifiable information (SPII) can be present. Exfiltration of data can lead to user data loss. Re-identification of users might be possible. Consider limiting usage and or removing SPII.
version
Type: STRING
Provider name: version
Description: Optional version name for this InfoType.
date_shift_config
Type: STRUCT
Provider name: dateShiftConfig
Description: Date Shift
context
Type: STRUCT
Provider name: context
Description: Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.
name
Type: STRING
Provider name: name
Description: Name describing the field.
crypto_key
Type: STRUCT
Provider name: cryptoKey
Description: Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.
kms_wrapped
Type: STRUCT
Provider name: kmsWrapped
Description: Key wrapped using Cloud KMS
crypto_key_name
Type: STRING
Provider name: cryptoKeyName
Description: Required. The resource name of the KMS CryptoKey to use for unwrapping.
transient
Type: STRUCT
Provider name: transient
Description: Transient crypto key
name
Type: STRING
Provider name: name
Description: Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate TransientCryptoKey protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
unwrapped
Type: STRUCT
Provider name: unwrapped
Description: Unwrapped crypto key
lower_bound_days
Type: INT32
Provider name: lowerBoundDays
Description: Required. For example, -5 means shift date to at most 5 days back in the past.
upper_bound_days
Type: INT32
Provider name: upperBoundDays
Description: Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.
fixed_size_bucketing_config
Type: STRUCT
Provider name: fixedSizeBucketingConfig
Description: Fixed size bucketing
bucket_size
Type: DOUBLE
Provider name: bucketSize
Description: Required. Size of each bucket (except for minimum and maximum buckets). So if lower_bound = 10, upper_bound = 89, and bucket_size = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
lower_bound
Type: STRUCT
Provider name: lowerBound
Description: Required. Lower bound value of buckets. All values less than lower_bound are grouped together into a single bucket; for example if lower_bound = 10, then all values less than 10 are replaced with the value “-10”.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
upper_bound
Type: STRUCT
Provider name: upperBound
Description: Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if upper_bound = 89, then all values greater than 89 are replaced with the value “89+”.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
redact_config
Type: STRUCT
Provider name: redactConfig
Description: Redact
replace_config
Type: STRUCT
Provider name: replaceConfig
Description: Replace with a specified value.
new_value
Type: STRUCT
Provider name: newValue
Description: Value to replace it with.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
replace_dictionary_config
Type: STRUCT
Provider name: replaceDictionaryConfig
Description: Replace with a value randomly drawn (with replacement) from a dictionary.
word_list
Type: STRUCT
Provider name: wordList
Description: A list of words to select from for random replacement. The limits page contains details about the size limits of dictionaries.
words
Type: UNORDERED_LIST_STRING
Provider name: words
Description: Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits. [required]
replace_with_info_type_config
Type: STRUCT
Provider name: replaceWithInfoTypeConfig
Description: Replace with infotype
time_part_config
Type: STRUCT
Provider name: timePartConfig
Description: Time extraction
part_to_extract
Type: STRING
Provider name: partToExtract
Description: The part of the time to keep.
Possible values:
TIME_PART_UNSPECIFIED - Unused
YEAR - [0-9999]
MONTH - [1-12]
DAY_OF_MONTH - [1-31]
DAY_OF_WEEK - [1-7]
WEEK_OF_YEAR - [1-53]
HOUR_OF_DAY - [0-23]
record_suppressions
Type: UNORDERED_LIST_STRUCT
Provider name: recordSuppressions
Description: Configuration defining which records get suppressed entirely. Records that match any suppression rule are omitted from the output.
condition
Type: STRUCT
Provider name: condition
Description: A condition that when it evaluates to true will result in the record being evaluated to be suppressed from the transformed content.
expressions
Type: STRUCT
Provider name: expressions
Description: An expression.
conditions
Type: STRUCT
Provider name: conditions
Description: Conditions to apply to the expression.
conditions
Type: UNORDERED_LIST_STRUCT
Provider name: conditions
Description: A collection of conditions.
field
Type: STRUCT
Provider name: field
Description: Required. Field within the record this condition is evaluated against.
name
Type: STRING
Provider name: name
Description: Name describing the field.
operator
Type: STRING
Provider name: operator
Description: Required. Operator used to compare the field or infoType to the value.
Possible values:
RELATIONAL_OPERATOR_UNSPECIFIED - Unused
EQUAL_TO - Equal. Attempts to match even with incompatible types.
NOT_EQUAL_TO - Not equal to. Attempts to match even with incompatible types.
GREATER_THAN - Greater than.
LESS_THAN - Less than.
GREATER_THAN_OR_EQUALS - Greater than or equals.
LESS_THAN_OR_EQUALS - Less than or equals.
EXISTS - Exists
value
Type: STRUCT
Provider name: value
Description: Value to compare against. [Mandatory, except for EXISTS tests.]
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
logical_operator
Type: STRING
Provider name: logicalOperator
Description: The operator to apply to the result of conditions. Default and currently only supported value is AND.
Possible values:
LOGICAL_OPERATOR_UNSPECIFIED - Unused
AND - Conditional AND
transformation_error_handling
Type: STRUCT
Provider name: transformationErrorHandling
Description: Mode for handling transformation errors. If left unspecified, the default mode is TransformationErrorHandling.ThrowError.
description
Type: STRING
Provider name: description
Description: Short description (max 256 chars).
gcp_display_name
Type: STRING
Provider name: displayName
Description: Display name (max 256 chars).
name
Type: STRING
Provider name: name
Description: Output only. The template name. The template will have one of the following formats: projects/PROJECT_ID/deidentifyTemplates/TEMPLATE_ID OR organizations/ORGANIZATION_ID/deidentifyTemplates/TEMPLATE_ID
update_time
Type: TIMESTAMP
Provider name: updateTime
Description: Output only. The last update timestamp of an inspectTemplate.
ancestors
Type: UNORDERED_LIST_STRING
create_time
Type: TIMESTAMP
Provider name: createTime
Description: Time when the job was created.
end_time
Type: TIMESTAMP
Provider name: endTime
Description: Time when the job finished.
errors
Type: UNORDERED_LIST_STRUCT
Provider name: errors
Description: A stream of errors encountered running the job.
details
Type: STRUCT
Provider name: details
Description: Detailed error codes and messages.
code
Type: INT32
Provider name: code
Description: The status code, which should be an enum value of google.rpc.Code.
message
Type: STRING
Provider name: message
Description: A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
extra_info
Type: STRING
Provider name: extraInfo
Description: Additional information about the error.
Possible values:
ERROR_INFO_UNSPECIFIED - Unused.
IMAGE_SCAN_UNAVAILABLE_IN_REGION - Image scan is not available in the region.
FILE_STORE_CLUSTER_UNSUPPORTED - File store cluster is not supported for profile generation.
timestamps
Type: UNORDERED_LIST_TIMESTAMP
Provider name: timestamps
Description: The times the error occurred. List includes the oldest timestamp and the last 9 timestamps.
inspect_details
Type: STRUCT
Provider name: inspectDetails
Description: Results from inspecting a data source.
requested_options
Type: STRUCT
Provider name: requestedOptions
Description: The configuration used for this job.
job_config
Type: STRUCT
Provider name: jobConfig
Description: Inspect config.
actions
Type: UNORDERED_LIST_STRUCT
Provider name: actions
Description: Actions to execute at the completion of the job.
deidentify
Type: STRUCT
Provider name: deidentify
Description: Create a de-identified copy of the input data.
cloud_storage_output
Type: STRING
Provider name: cloudStorageOutput
Description: Required. User settable Cloud Storage bucket and folders to store de-identified files. This field must be set for Cloud Storage deidentification. The output Cloud Storage bucket must be different from the input bucket. De-identified files will overwrite files in the output path. Form of: gs://bucket/folder/ or gs://bucket
file_types_to_transform
Type: UNORDERED_LIST_STRING
Provider name: fileTypesToTransform
Description: List of user-specified file type groups to transform. If specified, only the files with these file types are transformed. If empty, all supported files are transformed. Supported types may be automatically added over time. Any unsupported file types that are set in this field are excluded from de-identification. An error is recorded for each unsupported file in the TransformationDetails output table. Currently the only file types supported are: IMAGES, TEXT_FILES, CSV, TSV.
transformation_config
Type: STRUCT
Provider name: transformationConfig
Description: User specified deidentify templates and configs for structured, unstructured, and image files.
deidentify_template
Type: STRING
Provider name: deidentifyTemplate
Description: De-identify template. If this template is specified, it will serve as the default de-identify template. This template cannot contain record_transformations since it can be used for unstructured content such as free-form text files. If this template is not set, a default ReplaceWithInfoTypeConfig will be used to de-identify unstructured content.
image_redact_template
Type: STRING
Provider name: imageRedactTemplate
Description: Image redact template. If this template is specified, it will serve as the de-identify template for images. If this template is not set, all findings in the image will be redacted with a black box.
structured_deidentify_template
Type: STRING
Provider name: structuredDeidentifyTemplate
Description: Structured de-identify template. If this template is specified, it will serve as the de-identify template for structured content such as delimited files and tables. If this template is not set but the deidentify_template is set, then deidentify_template will also apply to the structured content. If neither template is set, a default ReplaceWithInfoTypeConfig will be used to de-identify structured content.
transformation_details_storage_config
Type: STRUCT
Provider name: transformationDetailsStorageConfig
Description: Config for storing transformation details. This field specifies the configuration for storing detailed metadata about each transformation performed during a de-identification process. The metadata is stored separately from the de-identified content itself and provides a granular record of both successful transformations and any failures that occurred. Enabling this configuration is essential for users who need to access comprehensive information about the status, outcome, and specifics of each transformation. The details are captured in the TransformationDetails message for each operation. Key use cases: * Auditing and compliance * Provides a verifiable audit trail of de-identification activities, which is crucial for meeting regulatory requirements and internal data governance policies. * Logs what data was transformed, what transformations were applied, when they occurred, and their success status. This helps demonstrate accountability and due diligence in protecting sensitive data. * Troubleshooting and debugging * Offers detailed error messages and context if a transformation fails. This information is useful for diagnosing and resolving issues in the de-identification pipeline. * Helps pinpoint the exact location and nature of failures, speeding up the debugging process. * Process verification and quality assurance * Allows users to confirm that de-identification rules and transformations were applied correctly and consistently across the dataset as intended. * Helps in verifying the effectiveness of the chosen de-identification strategies. * Data lineage and impact analysis * Creates a record of how data elements were modified, contributing to data lineage. This is useful for understanding the provenance of de-identified data. * Aids in assessing the potential impact of de-identification choices on downstream analytical processes or data usability. * Reporting and operational insights * You can analyze the metadata stored in a queryable BigQuery table to generate reports on transformation success rates, common error types, processing volumes (e.g., transformedBytes), and the types of transformations applied. * These insights can inform optimization of de-identification configurations and resource planning. To take advantage of these benefits, set this configuration. The stored details include a description of the transformation, success or error codes, error messages, the number of bytes transformed, the location of the transformed content, and identifiers for the job and source data.
table
Type: STRUCT
Provider name: table
Description: The BigQuery table in which to store the output. This may be an existing table or in a new table in an existing dataset. If table_id is not set a new one will be generated for you with the following format: dlp_googleapis_transformation_details_yyyy_mm_dd_[dlp_job_id]. Pacific time zone will be used for generating the date details.
dataset_id
Type: STRING
Provider name: datasetId
Description: Dataset ID of the table.
project_id
Type: STRING
Provider name: projectId
Description: The Google Cloud project ID of the project containing the table. If omitted, project ID is inferred from the API call.
table_id
Type: STRING
Provider name: tableId
Description: Name of the table.
job_notification_emails
Type: STRUCT
Provider name: jobNotificationEmails
Description: Sends an email when the job completes. The email goes to IAM project owners and technical Essential Contacts.
pub_sub
Type: STRUCT
Provider name: pubSub
Description: Publish a notification to a Pub/Sub topic.
topic
Type: STRING
Provider name: topic
Description: Cloud Pub/Sub topic to send notifications to. The topic must have given publishing access rights to the DLP API service account executing the long running DlpJob sending the notifications. Format is projects/{project}/topics/{topic}.
publish_findings_to_cloud_data_catalog
Type: STRUCT
Provider name: publishFindingsToCloudDataCatalog
Description: Publish findings to Cloud Datahub.
publish_summary_to_cscc
Type: STRUCT
Provider name: publishSummaryToCscc
Description: Publish summary to Cloud Security Command Center (Alpha).
publish_to_stackdriver
Type: STRUCT
Provider name: publishToStackdriver
Description: Enable Stackdriver metric dlp.googleapis.com/finding_count.
save_findings
Type: STRUCT
Provider name: saveFindings
Description: Save resulting findings in a provided location.
output_config
Type: STRUCT
Provider name: outputConfig
Description: Location to store findings outside of DLP.
output_schema
Type: STRING
Provider name: outputSchema
Description: Schema used for writing the findings for Inspect jobs. This field is only used for Inspect and must be unspecified for Risk jobs. Columns are derived from the Finding object. If appending to an existing table, any columns from the predefined schema that are missing will be added. No columns in the existing table will be deleted. If unspecified, then all available columns will be used for a new table or an (existing) table with no schema, and no changes will be made to an existing table that has a schema. Only for use with external storage.
Possible values:
OUTPUT_SCHEMA_UNSPECIFIED - Unused.
BASIC_COLUMNS - Basic schema including only info_type, quote, certainty, and timestamp.
GCS_COLUMNS - Schema tailored to findings from scanning Cloud Storage.
DATASTORE_COLUMNS - Schema tailored to findings from scanning Google Datastore.
BIG_QUERY_COLUMNS - Schema tailored to findings from scanning Google BigQuery.
ALL_COLUMNS - Schema containing all columns.
table
Type: STRUCT
Provider name: table
Description: Store findings in an existing table or a new table in an existing dataset. If table_id is not set a new one will be generated for you with the following format: dlp_googleapis_yyyy_mm_dd_[dlp_job_id]. Pacific time zone will be used for generating the date details. For Inspect, each column in an existing output table must have the same name, type, and mode of a field in the Finding object. For Risk, an existing output table should be the output of a previous Risk analysis job run on the same source table, with the same privacy metric and quasi-identifiers. Risk jobs that analyze the same table but compute a different privacy metric, or use different sets of quasi-identifiers, cannot store their results in the same table.
dataset_id
Type: STRING
Provider name: datasetId
Description: Dataset ID of the table.
project_id
Type: STRING
Provider name: projectId
Description: The Google Cloud project ID of the project containing the table. If omitted, project ID is inferred from the API call.
table_id
Type: STRING
Provider name: tableId
Description: Name of the table.
inspect_config
Type: STRUCT
Provider name: inspectConfig
Description: How and what to scan for.
content_options
Type: UNORDERED_LIST_STRING
Provider name: contentOptions
Description: Deprecated and unused.
custom_info_types
Type: UNORDERED_LIST_STRUCT
Provider name: customInfoTypes
Description: CustomInfoTypes provided by the user. See https://cloud.google.com/sensitive-data-protection/docs/creating-custom-infotypes to learn more.
detection_rules
Type: UNORDERED_LIST_STRUCT
Provider name: detectionRules
Description: Set of detection rules to apply to all findings of this CustomInfoType. Rules are applied in order that they are specified. Not supported for the surrogate_type CustomInfoType.
hotword_rule
Type: STRUCT
Provider name: hotwordRule
Description: Hotword-based detection rule.
hotword_regex
Type: STRUCT
Provider name: hotwordRegex
Description: Regular expression pattern defining what qualifies as a hotword.
group_indexes
Type: UNORDERED_LIST_INT32
Provider name: groupIndexes
Description: The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.
pattern
Type: STRING
Provider name: pattern
Description: Pattern defining the regular expression. Its syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.
likelihood_adjustment
Type: STRUCT
Provider name: likelihoodAdjustment
Description: Likelihood adjustment to apply to all matching findings.
fixed_likelihood
Type: STRING
Provider name: fixedLikelihood
Description: Set the likelihood of a finding to a fixed value.
Possible values:
LIKELIHOOD_UNSPECIFIED - Default value; same as POSSIBLE.
VERY_UNLIKELY - Highest chance of a false positive.
UNLIKELY - High chance of a false positive.
POSSIBLE - Some matching signals. The default value.
LIKELY - Low chance of a false positive.
VERY_LIKELY - Confidence level is high. Lowest chance of a false positive.
relative_likelihood
Type: INT32
Provider name: relativeLikelihood
Description: Increase or decrease the likelihood by the specified number of levels. For example, if a finding would be POSSIBLE without the detection rule and relative_likelihood is 1, then it is upgraded to LIKELY, while a value of -1 would downgrade it to UNLIKELY. Likelihood may never drop below VERY_UNLIKELY or exceed VERY_LIKELY, so applying an adjustment of 1 followed by an adjustment of -1 when base likelihood is VERY_LIKELY will result in a final likelihood of LIKELY.
proximity
Type: STRUCT
Provider name: proximity
Description: Range of characters within which the entire hotword must reside. The total length of the window cannot exceed 1000 characters. The finding itself will be included in the window, so that hotwords can be used to match substrings of the finding itself. Suppose you want Cloud DLP to promote the likelihood of the phone number regex “(\d{3}) \d{3}-\d{4}” if the area code is known to be the area code of a company’s office. In this case, use the hotword regex “(xxx)”, where “xxx” is the area code in question. For tabular data, if you want to modify the likelihood of an entire column of findngs, see [Hotword example: Set the match likelihood of a table column] (https://cloud.google.com/sensitive-data-protection/docs/creating-custom-infotypes-likelihood#match-column-values).
dictionary
Type: STRUCT
Provider name: dictionary
Description: A list of phrases to detect as a CustomInfoType.
cloud_storage_path
Type: STRUCT
Provider name: cloudStoragePath
Description: Newline-delimited file of words in Cloud Storage. Only a single file is accepted.
path
Type: STRING
Provider name: path
Description: A URL representing a file or path (no wildcards) in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt
word_list
Type: STRUCT
Provider name: wordList
Description: List of words or phrases to search for.
words
Type: UNORDERED_LIST_STRING
Provider name: words
Description: Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits. [required]
exclusion_type
Type: STRING
Provider name: exclusionType
Description: If set to EXCLUSION_TYPE_EXCLUDE this infoType will not cause a finding to be returned. It still can be used for rules matching.
Possible values:
EXCLUSION_TYPE_UNSPECIFIED - A finding of this custom info type will not be excluded from results.
EXCLUSION_TYPE_EXCLUDE - A finding of this custom info type will be excluded from final results, but can still affect rule execution.
info_type
Type: STRUCT
Provider name: infoType
Description: CustomInfoType can either be a new infoType, or an extension of built-in infoType, when the name matches one of existing infoTypes and that infoType is specified in InspectContent.info_types field. Specifying the latter adds findings to the one detected by the system. If built-in info type is not specified in InspectContent.info_types list then the name is treated as a custom info type.
name
Type: STRING
Provider name: name
Description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern [A-Za-z0-9$_-]{1,64}.
sensitivity_score
Type: STRUCT
Provider name: sensitivityScore
Description: Optional custom sensitivity for this InfoType. This only applies to data profiling.
score
Type: STRING
Provider name: score
Description: The sensitivity score applied to the resource.
Possible values:
SENSITIVITY_SCORE_UNSPECIFIED - Unused.
SENSITIVITY_LOW - No sensitive information detected. The resource isn’t publicly accessible.
SENSITIVITY_UNKNOWN - Unable to determine sensitivity.
SENSITIVITY_MODERATE - Medium risk. Contains personally identifiable information (PII), potentially sensitive data, or fields with free-text data that are at a higher risk of having intermittent sensitive data. Consider limiting access.
SENSITIVITY_HIGH - High risk. Sensitive personally identifiable information (SPII) can be present. Exfiltration of data can lead to user data loss. Re-identification of users might be possible. Consider limiting usage and or removing SPII.
version
Type: STRING
Provider name: version
Description: Optional version name for this InfoType.
likelihood
Type: STRING
Provider name: likelihood
Description: Likelihood to return for this CustomInfoType. This base value can be altered by a detection rule if the finding meets the criteria specified by the rule. Defaults to VERY_LIKELY if not specified.
Possible values:
LIKELIHOOD_UNSPECIFIED - Default value; same as POSSIBLE.
VERY_UNLIKELY - Highest chance of a false positive.
UNLIKELY - High chance of a false positive.
POSSIBLE - Some matching signals. The default value.
LIKELY - Low chance of a false positive.
VERY_LIKELY - Confidence level is high. Lowest chance of a false positive.
regex
Type: STRUCT
Provider name: regex
Description: Regular expression based CustomInfoType.
group_indexes
Type: UNORDERED_LIST_INT32
Provider name: groupIndexes
Description: The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.
pattern
Type: STRING
Provider name: pattern
Description: Pattern defining the regular expression. Its syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.
sensitivity_score
Type: STRUCT
Provider name: sensitivityScore
Description: Sensitivity for this CustomInfoType. If this CustomInfoType extends an existing InfoType, the sensitivity here will take precedence over that of the original InfoType. If unset for a CustomInfoType, it will default to HIGH. This only applies to data profiling.
score
Type: STRING
Provider name: score
Description: The sensitivity score applied to the resource.
Possible values:
SENSITIVITY_SCORE_UNSPECIFIED - Unused.
SENSITIVITY_LOW - No sensitive information detected. The resource isn’t publicly accessible.
SENSITIVITY_UNKNOWN - Unable to determine sensitivity.
SENSITIVITY_MODERATE - Medium risk. Contains personally identifiable information (PII), potentially sensitive data, or fields with free-text data that are at a higher risk of having intermittent sensitive data. Consider limiting access.
SENSITIVITY_HIGH - High risk. Sensitive personally identifiable information (SPII) can be present. Exfiltration of data can lead to user data loss. Re-identification of users might be possible. Consider limiting usage and or removing SPII.
stored_type
Type: STRUCT
Provider name: storedType
Description: Load an existing StoredInfoType resource for use in InspectDataSource. Not currently supported in InspectContent.
create_time
Type: TIMESTAMP
Provider name: createTime
Description: Timestamp indicating when the version of the StoredInfoType used for inspection was created. Output-only field, populated by the system.
name
Type: STRING
Provider name: name
Description: Resource name of the requested StoredInfoType, for example organizations/433245324/storedInfoTypes/432452342 or projects/project-id/storedInfoTypes/432452342.
surrogate_type
Type: STRUCT
Provider name: surrogateType
Description: Message for detecting output from deidentification transformations that support reversing.
exclude_info_types
Type: BOOLEAN
Provider name: excludeInfoTypes
Description: When true, excludes type information of the findings. This is not used for data profiling.
include_quote
Type: BOOLEAN
Provider name: includeQuote
Description: When true, a contextual quote from the data that triggered a finding is included in the response; see Finding.quote. This is not used for data profiling.
info_types
Type: UNORDERED_LIST_STRUCT
Provider name: infoTypes
Description: Restricts what info_types to look for. The values must correspond to InfoType values returned by ListInfoTypes or listed at https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference. When no InfoTypes or CustomInfoTypes are specified in a request, the system may automatically choose a default list of detectors to run, which may change over time. If you need precise control and predictability as to what detectors are run you should specify specific InfoTypes listed in the reference, otherwise a default list will be used, which may change over time.
name
Type: STRING
Provider name: name
Description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern [A-Za-z0-9$_-]{1,64}.
sensitivity_score
Type: STRUCT
Provider name: sensitivityScore
Description: Optional custom sensitivity for this InfoType. This only applies to data profiling.
score
Type: STRING
Provider name: score
Description: The sensitivity score applied to the resource.
Possible values:
SENSITIVITY_SCORE_UNSPECIFIED - Unused.
SENSITIVITY_LOW - No sensitive information detected. The resource isn’t publicly accessible.
SENSITIVITY_UNKNOWN - Unable to determine sensitivity.
SENSITIVITY_MODERATE - Medium risk. Contains personally identifiable information (PII), potentially sensitive data, or fields with free-text data that are at a higher risk of having intermittent sensitive data. Consider limiting access.
SENSITIVITY_HIGH - High risk. Sensitive personally identifiable information (SPII) can be present. Exfiltration of data can lead to user data loss. Re-identification of users might be possible. Consider limiting usage and or removing SPII.
version
Type: STRING
Provider name: version
Description: Optional version name for this InfoType.
limits
Type: STRUCT
Provider name: limits
Description: Configuration to control the number of findings returned. This is not used for data profiling. When redacting sensitive data from images, finding limits don’t apply. They can cause unexpected or inconsistent results, where only some data is redacted. Don’t include finding limits in RedactImage requests. Otherwise, Cloud DLP returns an error. When set within an InspectJobConfig, the specified maximum values aren’t hard limits. If an inspection job reaches these limits, the job ends gradually, not abruptly. Therefore, the actual number of findings that Cloud DLP returns can be multiple times higher than these maximum values.
max_findings_per_info_type
Type: UNORDERED_LIST_STRUCT
Provider name: maxFindingsPerInfoType
Description: Configuration of findings limit given for specified infoTypes.
info_type
Type: STRUCT
Provider name: infoType
Description: Type of information the findings limit applies to. Only one limit per info_type should be provided. If InfoTypeLimit does not have an info_type, the DLP API applies the limit against all info_types that are found but not specified in another InfoTypeLimit.
name
Type: STRING
Provider name: name
Description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern [A-Za-z0-9$_-]{1,64}.
sensitivity_score
Type: STRUCT
Provider name: sensitivityScore
Description: Optional custom sensitivity for this InfoType. This only applies to data profiling.
score
Type: STRING
Provider name: score
Description: The sensitivity score applied to the resource.
Possible values:
SENSITIVITY_SCORE_UNSPECIFIED - Unused.
SENSITIVITY_LOW - No sensitive information detected. The resource isn’t publicly accessible.
SENSITIVITY_UNKNOWN - Unable to determine sensitivity.
SENSITIVITY_MODERATE - Medium risk. Contains personally identifiable information (PII), potentially sensitive data, or fields with free-text data that are at a higher risk of having intermittent sensitive data. Consider limiting access.
SENSITIVITY_HIGH - High risk. Sensitive personally identifiable information (SPII) can be present. Exfiltration of data can lead to user data loss. Re-identification of users might be possible. Consider limiting usage and or removing SPII.
version
Type: STRING
Provider name: version
Description: Optional version name for this InfoType.
max_findings
Type: INT32
Provider name: maxFindings
Description: Max findings limit for the given infoType.
max_findings_per_item
Type: INT32
Provider name: maxFindingsPerItem
Description: Max number of findings that are returned for each item scanned. When set within an InspectContentRequest, this field is ignored. This value isn’t a hard limit. If the number of findings for an item reaches this limit, the inspection of that item ends gradually, not abruptly. Therefore, the actual number of findings that Cloud DLP returns for the item can be multiple times higher than this value.
max_findings_per_request
Type: INT32
Provider name: maxFindingsPerRequest
Description: Max number of findings that are returned per request or job. If you set this field in an InspectContentRequest, the resulting maximum value is the value that you set or 3,000, whichever is lower. This value isn’t a hard limit. If an inspection reaches this limit, the inspection ends gradually, not abruptly. Therefore, the actual number of findings that Cloud DLP returns can be multiple times higher than this value.
min_likelihood
Type: STRING
Provider name: minLikelihood
Description: Only returns findings equal to or above this threshold. The default is POSSIBLE. In general, the highest likelihood setting yields the fewest findings in results and the lowest chance of a false positive. For more information, see Match likelihood.
Possible values:
LIKELIHOOD_UNSPECIFIED - Default value; same as POSSIBLE.
VERY_UNLIKELY - Highest chance of a false positive.
UNLIKELY - High chance of a false positive.
POSSIBLE - Some matching signals. The default value.
LIKELY - Low chance of a false positive.
VERY_LIKELY - Confidence level is high. Lowest chance of a false positive.
min_likelihood_per_info_type
Type: UNORDERED_LIST_STRUCT
Provider name: minLikelihoodPerInfoType
Description: Minimum likelihood per infotype. For each infotype, a user can specify a minimum likelihood. The system only returns a finding if its likelihood is above this threshold. If this field is not set, the system uses the InspectConfig min_likelihood.
info_type
Type: STRUCT
Provider name: infoType
Description: Type of information the likelihood threshold applies to. Only one likelihood per info_type should be provided. If InfoTypeLikelihood does not have an info_type, the configuration fails.
name
Type: STRING
Provider name: name
Description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern [A-Za-z0-9$_-]{1,64}.
sensitivity_score
Type: STRUCT
Provider name: sensitivityScore
Description: Optional custom sensitivity for this InfoType. This only applies to data profiling.
score
Type: STRING
Provider name: score
Description: The sensitivity score applied to the resource.
Possible values:
SENSITIVITY_SCORE_UNSPECIFIED - Unused.
SENSITIVITY_LOW - No sensitive information detected. The resource isn’t publicly accessible.
SENSITIVITY_UNKNOWN - Unable to determine sensitivity.
SENSITIVITY_MODERATE - Medium risk. Contains personally identifiable information (PII), potentially sensitive data, or fields with free-text data that are at a higher risk of having intermittent sensitive data. Consider limiting access.
SENSITIVITY_HIGH - High risk. Sensitive personally identifiable information (SPII) can be present. Exfiltration of data can lead to user data loss. Re-identification of users might be possible. Consider limiting usage and or removing SPII.
version
Type: STRING
Provider name: version
Description: Optional version name for this InfoType.
min_likelihood
Type: STRING
Provider name: minLikelihood
Description: Only returns findings equal to or above this threshold. This field is required or else the configuration fails.
Possible values:
LIKELIHOOD_UNSPECIFIED - Default value; same as POSSIBLE.
VERY_UNLIKELY - Highest chance of a false positive.
UNLIKELY - High chance of a false positive.
POSSIBLE - Some matching signals. The default value.
LIKELY - Low chance of a false positive.
VERY_LIKELY - Confidence level is high. Lowest chance of a false positive.
rule_set
Type: UNORDERED_LIST_STRUCT
Provider name: ruleSet
Description: Set of rules to apply to the findings for this InspectConfig. Exclusion rules, contained in the set are executed in the end, other rules are executed in the order they are specified for each info type.
info_types
Type: UNORDERED_LIST_STRUCT
Provider name: infoTypes
Description: List of infoTypes this rule set is applied to.
name
Type: STRING
Provider name: name
Description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern [A-Za-z0-9$_-]{1,64}.
sensitivity_score
Type: STRUCT
Provider name: sensitivityScore
Description: Optional custom sensitivity for this InfoType. This only applies to data profiling.
score
Type: STRING
Provider name: score
Description: The sensitivity score applied to the resource.
Possible values:
SENSITIVITY_SCORE_UNSPECIFIED - Unused.
SENSITIVITY_LOW - No sensitive information detected. The resource isn’t publicly accessible.
SENSITIVITY_UNKNOWN - Unable to determine sensitivity.
SENSITIVITY_MODERATE - Medium risk. Contains personally identifiable information (PII), potentially sensitive data, or fields with free-text data that are at a higher risk of having intermittent sensitive data. Consider limiting access.
SENSITIVITY_HIGH - High risk. Sensitive personally identifiable information (SPII) can be present. Exfiltration of data can lead to user data loss. Re-identification of users might be possible. Consider limiting usage and or removing SPII.
version
Type: STRING
Provider name: version
Description: Optional version name for this InfoType.
rules
Type: UNORDERED_LIST_STRUCT
Provider name: rules
Description: Set of rules to be applied to infoTypes. The rules are applied in order.
exclusion_rule
Type: STRUCT
Provider name: exclusionRule
Description: Exclusion rule.
dictionary
Type: STRUCT
Provider name: dictionary
Description: Dictionary which defines the rule.
cloud_storage_path
Type: STRUCT
Provider name: cloudStoragePath
Description: Newline-delimited file of words in Cloud Storage. Only a single file is accepted.
path
Type: STRING
Provider name: path
Description: A URL representing a file or path (no wildcards) in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt
word_list
Type: STRUCT
Provider name: wordList
Description: List of words or phrases to search for.
words
Type: UNORDERED_LIST_STRING
Provider name: words
Description: Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits. [required]
exclude_by_hotword
Type: STRUCT
Provider name: excludeByHotword
Description: Drop if the hotword rule is contained in the proximate context. For tabular data, the context includes the column name.
hotword_regex
Type: STRUCT
Provider name: hotwordRegex
Description: Regular expression pattern defining what qualifies as a hotword.
group_indexes
Type: UNORDERED_LIST_INT32
Provider name: groupIndexes
Description: The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.
pattern
Type: STRING
Provider name: pattern
Description: Pattern defining the regular expression. Its syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.
proximity
Type: STRUCT
Provider name: proximity
Description: Range of characters within which the entire hotword must reside. The total length of the window cannot exceed 1000 characters. The windowBefore property in proximity should be set to 1 if the hotword needs to be included in a column header.
exclude_info_types
Type: STRUCT
Provider name: excludeInfoTypes
Description: Set of infoTypes for which findings would affect this rule.
info_types
Type: UNORDERED_LIST_STRUCT
Provider name: infoTypes
Description: InfoType list in ExclusionRule rule drops a finding when it overlaps or contained within with a finding of an infoType from this list. For example, for InspectionRuleSet.info_types containing “PHONE_NUMBER”andexclusion_rulecontainingexclude_info_types.info_types` with “EMAIL_ADDRESS” the phone number findings are dropped if they overlap with EMAIL_ADDRESS finding. That leads to “555-222-2222@example.org” to generate only a single finding, namely email address.
name
Type: STRING
Provider name: name
Description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern [A-Za-z0-9$_-]{1,64}.
sensitivity_score
Type: STRUCT
Provider name: sensitivityScore
Description: Optional custom sensitivity for this InfoType. This only applies to data profiling.
score
Type: STRING
Provider name: score
Description: The sensitivity score applied to the resource.
Possible values:
SENSITIVITY_SCORE_UNSPECIFIED - Unused.
SENSITIVITY_LOW - No sensitive information detected. The resource isn’t publicly accessible.
SENSITIVITY_UNKNOWN - Unable to determine sensitivity.
SENSITIVITY_MODERATE - Medium risk. Contains personally identifiable information (PII), potentially sensitive data, or fields with free-text data that are at a higher risk of having intermittent sensitive data. Consider limiting access.
SENSITIVITY_HIGH - High risk. Sensitive personally identifiable information (SPII) can be present. Exfiltration of data can lead to user data loss. Re-identification of users might be possible. Consider limiting usage and or removing SPII.
version
Type: STRING
Provider name: version
Description: Optional version name for this InfoType.
matching_type
Type: STRING
Provider name: matchingType
Description: How the rule is applied, see MatchingType documentation for details.
Possible values:
MATCHING_TYPE_UNSPECIFIED - Invalid.
MATCHING_TYPE_FULL_MATCH - Full match. - Dictionary: join of Dictionary results matched complete finding quote - Regex: all regex matches fill a finding quote start to end - Exclude info type: completely inside affecting info types findings
MATCHING_TYPE_PARTIAL_MATCH - Partial match. - Dictionary: at least one of the tokens in the finding matches - Regex: substring of the finding matches - Exclude info type: intersects with affecting info types findings
MATCHING_TYPE_INVERSE_MATCH - Inverse match. - Dictionary: no tokens in the finding match the dictionary - Regex: finding doesn’t match the regex - Exclude info type: no intersection with affecting info types findings
regex
Type: STRUCT
Provider name: regex
Description: Regular expression which defines the rule.
group_indexes
Type: UNORDERED_LIST_INT32
Provider name: groupIndexes
Description: The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.
pattern
Type: STRING
Provider name: pattern
Description: Pattern defining the regular expression. Its syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.
hotword_rule
Type: STRUCT
Provider name: hotwordRule
Description: Hotword-based detection rule.
hotword_regex
Type: STRUCT
Provider name: hotwordRegex
Description: Regular expression pattern defining what qualifies as a hotword.
group_indexes
Type: UNORDERED_LIST_INT32
Provider name: groupIndexes
Description: The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.
pattern
Type: STRING
Provider name: pattern
Description: Pattern defining the regular expression. Its syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.
likelihood_adjustment
Type: STRUCT
Provider name: likelihoodAdjustment
Description: Likelihood adjustment to apply to all matching findings.
fixed_likelihood
Type: STRING
Provider name: fixedLikelihood
Description: Set the likelihood of a finding to a fixed value.
Possible values:
LIKELIHOOD_UNSPECIFIED - Default value; same as POSSIBLE.
VERY_UNLIKELY - Highest chance of a false positive.
UNLIKELY - High chance of a false positive.
POSSIBLE - Some matching signals. The default value.
LIKELY - Low chance of a false positive.
VERY_LIKELY - Confidence level is high. Lowest chance of a false positive.
relative_likelihood
Type: INT32
Provider name: relativeLikelihood
Description: Increase or decrease the likelihood by the specified number of levels. For example, if a finding would be POSSIBLE without the detection rule and relative_likelihood is 1, then it is upgraded to LIKELY, while a value of -1 would downgrade it to UNLIKELY. Likelihood may never drop below VERY_UNLIKELY or exceed VERY_LIKELY, so applying an adjustment of 1 followed by an adjustment of -1 when base likelihood is VERY_LIKELY will result in a final likelihood of LIKELY.
proximity
Type: STRUCT
Provider name: proximity
Description: Range of characters within which the entire hotword must reside. The total length of the window cannot exceed 1000 characters. The finding itself will be included in the window, so that hotwords can be used to match substrings of the finding itself. Suppose you want Cloud DLP to promote the likelihood of the phone number regex “(\d{3}) \d{3}-\d{4}” if the area code is known to be the area code of a company’s office. In this case, use the hotword regex “(xxx)”, where “xxx” is the area code in question. For tabular data, if you want to modify the likelihood of an entire column of findngs, see [Hotword example: Set the match likelihood of a table column] (https://cloud.google.com/sensitive-data-protection/docs/creating-custom-infotypes-likelihood#match-column-values).
inspect_template_name
Type: STRING
Provider name: inspectTemplateName
Description: If provided, will be used as the default for all values in InspectConfig. inspect_config will be merged into the values persisted as part of the template.
storage_config
Type: STRUCT
Provider name: storageConfig
Description: The data to scan.
big_query_options
Type: STRUCT
Provider name: bigQueryOptions
Description: BigQuery options.
excluded_fields
Type: UNORDERED_LIST_STRUCT
Provider name: excludedFields
Description: References to fields excluded from scanning. This allows you to skip inspection of entire columns which you know have no findings. When inspecting a table, we recommend that you inspect all columns. Otherwise, findings might be affected because hints from excluded columns will not be used.
name
Type: STRING
Provider name: name
Description: Name describing the field.
identifying_fields
Type: UNORDERED_LIST_STRUCT
Provider name: identifyingFields
Description: Table fields that may uniquely identify a row within the table. When actions.saveFindings.outputConfig.table is specified, the values of columns specified here are available in the output table under location.content_locations.record_location.record_key.id_values. Nested fields such as person.birthdate.year are allowed.
name
Type: STRING
Provider name: name
Description: Name describing the field.
included_fields
Type: UNORDERED_LIST_STRUCT
Provider name: includedFields
Description: Limit scanning only to these fields. When inspecting a table, we recommend that you inspect all columns. Otherwise, findings might be affected because hints from excluded columns will not be used.
name
Type: STRING
Provider name: name
Description: Name describing the field.
rows_limit
Type: INT64
Provider name: rowsLimit
Description: Max number of rows to scan. If the table has more rows than this value, the rest of the rows are omitted. If not set, or if set to 0, all rows will be scanned. Only one of rows_limit and rows_limit_percent can be specified. Cannot be used in conjunction with TimespanConfig.
rows_limit_percent
Type: INT32
Provider name: rowsLimitPercent
Description: Max percentage of rows to scan. The rest are omitted. The number of rows scanned is rounded down. Must be between 0 and 100, inclusively. Both 0 and 100 means no limit. Defaults to 0. Only one of rows_limit and rows_limit_percent can be specified. Cannot be used in conjunction with TimespanConfig. Caution: A known issue is causing the rowsLimitPercent field to behave unexpectedly. We recommend using rowsLimit instead.
sample_method
Type: STRING
Provider name: sampleMethod
Description: How to sample the data.
Possible values:
SAMPLE_METHOD_UNSPECIFIED - No sampling.
TOP - Scan groups of rows in the order BigQuery provides (default). Multiple groups of rows may be scanned in parallel, so results may not appear in the same order the rows are read.
RANDOM_START - Randomly pick groups of rows to scan.
table_reference
Type: STRUCT
Provider name: tableReference
Description: Complete BigQuery table reference.
dataset_id
Type: STRING
Provider name: datasetId
Description: Dataset ID of the table.
project_id
Type: STRING
Provider name: projectId
Description: The Google Cloud project ID of the project containing the table. If omitted, project ID is inferred from the API call.
table_id
Type: STRING
Provider name: tableId
Description: Name of the table.
cloud_storage_options
Type: STRUCT
Provider name: cloudStorageOptions
Description: Cloud Storage options.
bytes_limit_per_file
Type: INT64
Provider name: bytesLimitPerFile
Description: Max number of bytes to scan from a file. If a scanned file’s size is bigger than this value then the rest of the bytes are omitted. Only one of bytes_limit_per_file and bytes_limit_per_file_percent can be specified. This field can’t be set if de-identification is requested. For certain file types, setting this field has no effect. For more information, see Limits on bytes scanned per file.
bytes_limit_per_file_percent
Type: INT32
Provider name: bytesLimitPerFilePercent
Description: Max percentage of bytes to scan from a file. The rest are omitted. The number of bytes scanned is rounded down. Must be between 0 and 100, inclusively. Both 0 and 100 means no limit. Defaults to 0. Only one of bytes_limit_per_file and bytes_limit_per_file_percent can be specified. This field can’t be set if de-identification is requested. For certain file types, setting this field has no effect. For more information, see Limits on bytes scanned per file.
file_set
Type: STRUCT
Provider name: fileSet
Description: The set of one or more files to scan.
regex_file_set
Type: STRUCT
Provider name: regexFileSet
Description: The regex-filtered set of files to scan. Exactly one of url or regex_file_set must be set.
bucket_name
Type: STRING
Provider name: bucketName
Description: The name of a Cloud Storage bucket. Required.
exclude_regex
Type: UNORDERED_LIST_STRING
Provider name: excludeRegex
Description: A list of regular expressions matching file paths to exclude. All files in the bucket that match at least one of these regular expressions will be excluded from the scan. Regular expressions use RE2 syntax; a guide can be found under the google/re2 repository on GitHub.
include_regex
Type: UNORDERED_LIST_STRING
Provider name: includeRegex
Description: A list of regular expressions matching file paths to include. All files in the bucket that match at least one of these regular expressions will be included in the set of files, except for those that also match an item in exclude_regex. Leaving this field empty will match all files by default (this is equivalent to including .* in the list). Regular expressions use RE2 syntax; a guide can be found under the google/re2 repository on GitHub.
url
Type: STRING
Provider name: url
Description: The Cloud Storage url of the file(s) to scan, in the format gs:///. Trailing wildcard in the path is allowed. If the url ends in a trailing slash, the bucket or directory represented by the url will be scanned non-recursively (content in sub-directories will not be scanned). This means that gs://mybucket/ is equivalent to gs://mybucket/*, and gs://mybucket/directory/ is equivalent to gs://mybucket/directory/*. Exactly one of url or regex_file_set must be set.
file_types
Type: UNORDERED_LIST_STRING
Provider name: fileTypes
Description: List of file type groups to include in the scan. If empty, all files are scanned and available data format processors are applied. In addition, the binary content of the selected files is always scanned as well. Images are scanned only as binary if the specified region does not support image inspection and no file_types were specified. Image inspection is restricted to ‘global’, ‘us’, ‘asia’, and ’europe’.
files_limit_percent
Type: INT32
Provider name: filesLimitPercent
Description: Limits the number of files to scan to this percentage of the input FileSet. Number of files scanned is rounded down. Must be between 0 and 100, inclusively. Both 0 and 100 means no limit. Defaults to 0.
sample_method
Type: STRING
Provider name: sampleMethod
Description: How to sample the data.
Possible values:
SAMPLE_METHOD_UNSPECIFIED - No sampling.
TOP - Scan from the top (default).
RANDOM_START - For each file larger than bytes_limit_per_file, randomly pick the offset to start scanning. The scanned bytes are contiguous.
datastore_options
Type: STRUCT
Provider name: datastoreOptions
Description: Google Cloud Datastore options.
kind
Type: STRUCT
Provider name: kind
Description: The kind to process.
name
Type: STRING
Provider name: name
Description: The name of the kind.
partition_id
Type: STRUCT
Provider name: partitionId
Description: A partition ID identifies a grouping of entities. The grouping is always by project and namespace, however the namespace ID may be empty.
namespace_id
Type: STRING
Provider name: namespaceId
Description: If not empty, the ID of the namespace to which the entities belong.
project_id
Type: STRING
Provider name: projectId
Description: The ID of the project to which the entities belong.
hybrid_options
Type: STRUCT
Provider name: hybridOptions
Description: Hybrid inspection options.
description
Type: STRING
Provider name: description
Description: A short description of where the data is coming from. Will be stored once in the job. 256 max length.
required_finding_label_keys
Type: UNORDERED_LIST_STRING
Provider name: requiredFindingLabelKeys
Description: These are labels that each inspection request must include within their ‘finding_labels’ map. Request may contain others, but any missing one of these will be rejected. Label keys must be between 1 and 63 characters long and must conform to the following regular expression: [a-z]([-a-z0-9]*[a-z0-9])?. No more than 10 keys can be required.
table_options
Type: STRUCT
Provider name: tableOptions
Description: If the container is a table, additional information to make findings meaningful such as the columns that are primary keys.
identifying_fields
Type: UNORDERED_LIST_STRUCT
Provider name: identifyingFields
Description: The columns that are the primary keys for table objects included in ContentItem. A copy of this cell’s value will stored alongside alongside each finding so that the finding can be traced to the specific row it came from. No more than 3 may be provided.
name
Type: STRING
Provider name: name
Description: Name describing the field.
timespan_config
Type: STRUCT
Provider name: timespanConfig
Description: Configuration of the timespan of the items to include in scanning.
enable_auto_population_of_timespan_config
Type: BOOLEAN
Provider name: enableAutoPopulationOfTimespanConfig
Description: When the job is started by a JobTrigger we will automatically figure out a valid start_time to avoid scanning files that have not been modified since the last time the JobTrigger executed. This will be based on the time of the execution of the last run of the JobTrigger or the timespan end_time used in the last run of the JobTrigger. For BigQuery Inspect jobs triggered by automatic population will scan data that is at least three hours old when the job starts. This is because streaming buffer rows are not read during inspection and reading up to the current timestamp will result in skipped rows. See the known issue related to this operation.
end_time
Type: TIMESTAMP
Provider name: endTime
Description: Exclude files, tables, or rows newer than this value. If not set, no upper time limit is applied.
start_time
Type: TIMESTAMP
Provider name: startTime
Description: Exclude files, tables, or rows older than this value. If not set, no lower time limit is applied.
timestamp_field
Type: STRUCT
Provider name: timestampField
Description: Specification of the field containing the timestamp of scanned items. Used for data sources like Datastore and BigQuery. For BigQuery If this value is not specified and the table was modified between the given start and end times, the entire table will be scanned. If this value is specified, then rows are filtered based on the given start and end times. Rows with a NULL value in the provided BigQuery column are skipped. Valid data types of the provided BigQuery column are: INTEGER, DATE, TIMESTAMP, and DATETIME. If your BigQuery table is partitioned at ingestion time, you can use any of the following pseudo-columns as your timestamp field. When used with Cloud DLP, these pseudo-column names are case sensitive. - _PARTITIONTIME - _PARTITIONDATE - _PARTITION_LOAD_TIME For Datastore If this value is specified, then entities are filtered based on the given start and end times. If an entity does not contain the provided timestamp property or contains empty or invalid values, then it is included. Valid data types of the provided timestamp property are: TIMESTAMP. See the known issue related to this operation.
name
Type: STRING
Provider name: name
Description: Name describing the field.
snapshot_inspect_template
Type: STRUCT
Provider name: snapshotInspectTemplate
Description: If run with an InspectTemplate, a snapshot of its state at the time of this run.
create_time
Type: TIMESTAMP
Provider name: createTime
Description: Output only. The creation timestamp of an inspectTemplate.
description
Type: STRING
Provider name: description
Description: Short description (max 256 chars).
gcp_display_name
Type: STRING
Provider name: displayName
Description: Display name (max 256 chars).
inspect_config
Type: STRUCT
Provider name: inspectConfig
Description: The core content of the template. Configuration of the scanning process.
content_options
Type: UNORDERED_LIST_STRING
Provider name: contentOptions
Description: Deprecated and unused.
custom_info_types
Type: UNORDERED_LIST_STRUCT
Provider name: customInfoTypes
Description: CustomInfoTypes provided by the user. See https://cloud.google.com/sensitive-data-protection/docs/creating-custom-infotypes to learn more.
detection_rules
Type: UNORDERED_LIST_STRUCT
Provider name: detectionRules
Description: Set of detection rules to apply to all findings of this CustomInfoType. Rules are applied in order that they are specified. Not supported for the surrogate_type CustomInfoType.
hotword_rule
Type: STRUCT
Provider name: hotwordRule
Description: Hotword-based detection rule.
hotword_regex
Type: STRUCT
Provider name: hotwordRegex
Description: Regular expression pattern defining what qualifies as a hotword.
group_indexes
Type: UNORDERED_LIST_INT32
Provider name: groupIndexes
Description: The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.
pattern
Type: STRING
Provider name: pattern
Description: Pattern defining the regular expression. Its syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.
likelihood_adjustment
Type: STRUCT
Provider name: likelihoodAdjustment
Description: Likelihood adjustment to apply to all matching findings.
fixed_likelihood
Type: STRING
Provider name: fixedLikelihood
Description: Set the likelihood of a finding to a fixed value.
Possible values:
LIKELIHOOD_UNSPECIFIED - Default value; same as POSSIBLE.
VERY_UNLIKELY - Highest chance of a false positive.
UNLIKELY - High chance of a false positive.
POSSIBLE - Some matching signals. The default value.
LIKELY - Low chance of a false positive.
VERY_LIKELY - Confidence level is high. Lowest chance of a false positive.
relative_likelihood
Type: INT32
Provider name: relativeLikelihood
Description: Increase or decrease the likelihood by the specified number of levels. For example, if a finding would be POSSIBLE without the detection rule and relative_likelihood is 1, then it is upgraded to LIKELY, while a value of -1 would downgrade it to UNLIKELY. Likelihood may never drop below VERY_UNLIKELY or exceed VERY_LIKELY, so applying an adjustment of 1 followed by an adjustment of -1 when base likelihood is VERY_LIKELY will result in a final likelihood of LIKELY.
proximity
Type: STRUCT
Provider name: proximity
Description: Range of characters within which the entire hotword must reside. The total length of the window cannot exceed 1000 characters. The finding itself will be included in the window, so that hotwords can be used to match substrings of the finding itself. Suppose you want Cloud DLP to promote the likelihood of the phone number regex “(\d{3}) \d{3}-\d{4}” if the area code is known to be the area code of a company’s office. In this case, use the hotword regex “(xxx)”, where “xxx” is the area code in question. For tabular data, if you want to modify the likelihood of an entire column of findngs, see [Hotword example: Set the match likelihood of a table column] (https://cloud.google.com/sensitive-data-protection/docs/creating-custom-infotypes-likelihood#match-column-values).
dictionary
Type: STRUCT
Provider name: dictionary
Description: A list of phrases to detect as a CustomInfoType.
cloud_storage_path
Type: STRUCT
Provider name: cloudStoragePath
Description: Newline-delimited file of words in Cloud Storage. Only a single file is accepted.
path
Type: STRING
Provider name: path
Description: A URL representing a file or path (no wildcards) in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt
word_list
Type: STRUCT
Provider name: wordList
Description: List of words or phrases to search for.
words
Type: UNORDERED_LIST_STRING
Provider name: words
Description: Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits. [required]
exclusion_type
Type: STRING
Provider name: exclusionType
Description: If set to EXCLUSION_TYPE_EXCLUDE this infoType will not cause a finding to be returned. It still can be used for rules matching.
Possible values:
EXCLUSION_TYPE_UNSPECIFIED - A finding of this custom info type will not be excluded from results.
EXCLUSION_TYPE_EXCLUDE - A finding of this custom info type will be excluded from final results, but can still affect rule execution.
info_type
Type: STRUCT
Provider name: infoType
Description: CustomInfoType can either be a new infoType, or an extension of built-in infoType, when the name matches one of existing infoTypes and that infoType is specified in InspectContent.info_types field. Specifying the latter adds findings to the one detected by the system. If built-in info type is not specified in InspectContent.info_types list then the name is treated as a custom info type.
name
Type: STRING
Provider name: name
Description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern [A-Za-z0-9$_-]{1,64}.
sensitivity_score
Type: STRUCT
Provider name: sensitivityScore
Description: Optional custom sensitivity for this InfoType. This only applies to data profiling.
score
Type: STRING
Provider name: score
Description: The sensitivity score applied to the resource.
Possible values:
SENSITIVITY_SCORE_UNSPECIFIED - Unused.
SENSITIVITY_LOW - No sensitive information detected. The resource isn’t publicly accessible.
SENSITIVITY_UNKNOWN - Unable to determine sensitivity.
SENSITIVITY_MODERATE - Medium risk. Contains personally identifiable information (PII), potentially sensitive data, or fields with free-text data that are at a higher risk of having intermittent sensitive data. Consider limiting access.
SENSITIVITY_HIGH - High risk. Sensitive personally identifiable information (SPII) can be present. Exfiltration of data can lead to user data loss. Re-identification of users might be possible. Consider limiting usage and or removing SPII.
version
Type: STRING
Provider name: version
Description: Optional version name for this InfoType.
likelihood
Type: STRING
Provider name: likelihood
Description: Likelihood to return for this CustomInfoType. This base value can be altered by a detection rule if the finding meets the criteria specified by the rule. Defaults to VERY_LIKELY if not specified.
Possible values:
LIKELIHOOD_UNSPECIFIED - Default value; same as POSSIBLE.
VERY_UNLIKELY - Highest chance of a false positive.
UNLIKELY - High chance of a false positive.
POSSIBLE - Some matching signals. The default value.
LIKELY - Low chance of a false positive.
VERY_LIKELY - Confidence level is high. Lowest chance of a false positive.
regex
Type: STRUCT
Provider name: regex
Description: Regular expression based CustomInfoType.
group_indexes
Type: UNORDERED_LIST_INT32
Provider name: groupIndexes
Description: The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.
pattern
Type: STRING
Provider name: pattern
Description: Pattern defining the regular expression. Its syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.
sensitivity_score
Type: STRUCT
Provider name: sensitivityScore
Description: Sensitivity for this CustomInfoType. If this CustomInfoType extends an existing InfoType, the sensitivity here will take precedence over that of the original InfoType. If unset for a CustomInfoType, it will default to HIGH. This only applies to data profiling.
score
Type: STRING
Provider name: score
Description: The sensitivity score applied to the resource.
Possible values:
SENSITIVITY_SCORE_UNSPECIFIED - Unused.
SENSITIVITY_LOW - No sensitive information detected. The resource isn’t publicly accessible.
SENSITIVITY_UNKNOWN - Unable to determine sensitivity.
SENSITIVITY_MODERATE - Medium risk. Contains personally identifiable information (PII), potentially sensitive data, or fields with free-text data that are at a higher risk of having intermittent sensitive data. Consider limiting access.
SENSITIVITY_HIGH - High risk. Sensitive personally identifiable information (SPII) can be present. Exfiltration of data can lead to user data loss. Re-identification of users might be possible. Consider limiting usage and or removing SPII.
stored_type
Type: STRUCT
Provider name: storedType
Description: Load an existing StoredInfoType resource for use in InspectDataSource. Not currently supported in InspectContent.
create_time
Type: TIMESTAMP
Provider name: createTime
Description: Timestamp indicating when the version of the StoredInfoType used for inspection was created. Output-only field, populated by the system.
name
Type: STRING
Provider name: name
Description: Resource name of the requested StoredInfoType, for example organizations/433245324/storedInfoTypes/432452342 or projects/project-id/storedInfoTypes/432452342.
surrogate_type
Type: STRUCT
Provider name: surrogateType
Description: Message for detecting output from deidentification transformations that support reversing.
exclude_info_types
Type: BOOLEAN
Provider name: excludeInfoTypes
Description: When true, excludes type information of the findings. This is not used for data profiling.
include_quote
Type: BOOLEAN
Provider name: includeQuote
Description: When true, a contextual quote from the data that triggered a finding is included in the response; see Finding.quote. This is not used for data profiling.
info_types
Type: UNORDERED_LIST_STRUCT
Provider name: infoTypes
Description: Restricts what info_types to look for. The values must correspond to InfoType values returned by ListInfoTypes or listed at https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference. When no InfoTypes or CustomInfoTypes are specified in a request, the system may automatically choose a default list of detectors to run, which may change over time. If you need precise control and predictability as to what detectors are run you should specify specific InfoTypes listed in the reference, otherwise a default list will be used, which may change over time.
name
Type: STRING
Provider name: name
Description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern [A-Za-z0-9$_-]{1,64}.
sensitivity_score
Type: STRUCT
Provider name: sensitivityScore
Description: Optional custom sensitivity for this InfoType. This only applies to data profiling.
score
Type: STRING
Provider name: score
Description: The sensitivity score applied to the resource.
Possible values:
SENSITIVITY_SCORE_UNSPECIFIED - Unused.
SENSITIVITY_LOW - No sensitive information detected. The resource isn’t publicly accessible.
SENSITIVITY_UNKNOWN - Unable to determine sensitivity.
SENSITIVITY_MODERATE - Medium risk. Contains personally identifiable information (PII), potentially sensitive data, or fields with free-text data that are at a higher risk of having intermittent sensitive data. Consider limiting access.
SENSITIVITY_HIGH - High risk. Sensitive personally identifiable information (SPII) can be present. Exfiltration of data can lead to user data loss. Re-identification of users might be possible. Consider limiting usage and or removing SPII.
version
Type: STRING
Provider name: version
Description: Optional version name for this InfoType.
limits
Type: STRUCT
Provider name: limits
Description: Configuration to control the number of findings returned. This is not used for data profiling. When redacting sensitive data from images, finding limits don’t apply. They can cause unexpected or inconsistent results, where only some data is redacted. Don’t include finding limits in RedactImage requests. Otherwise, Cloud DLP returns an error. When set within an InspectJobConfig, the specified maximum values aren’t hard limits. If an inspection job reaches these limits, the job ends gradually, not abruptly. Therefore, the actual number of findings that Cloud DLP returns can be multiple times higher than these maximum values.
max_findings_per_info_type
Type: UNORDERED_LIST_STRUCT
Provider name: maxFindingsPerInfoType
Description: Configuration of findings limit given for specified infoTypes.
info_type
Type: STRUCT
Provider name: infoType
Description: Type of information the findings limit applies to. Only one limit per info_type should be provided. If InfoTypeLimit does not have an info_type, the DLP API applies the limit against all info_types that are found but not specified in another InfoTypeLimit.
name
Type: STRING
Provider name: name
Description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern [A-Za-z0-9$_-]{1,64}.
sensitivity_score
Type: STRUCT
Provider name: sensitivityScore
Description: Optional custom sensitivity for this InfoType. This only applies to data profiling.
score
Type: STRING
Provider name: score
Description: The sensitivity score applied to the resource.
Possible values:
SENSITIVITY_SCORE_UNSPECIFIED - Unused.
SENSITIVITY_LOW - No sensitive information detected. The resource isn’t publicly accessible.
SENSITIVITY_UNKNOWN - Unable to determine sensitivity.
SENSITIVITY_MODERATE - Medium risk. Contains personally identifiable information (PII), potentially sensitive data, or fields with free-text data that are at a higher risk of having intermittent sensitive data. Consider limiting access.
SENSITIVITY_HIGH - High risk. Sensitive personally identifiable information (SPII) can be present. Exfiltration of data can lead to user data loss. Re-identification of users might be possible. Consider limiting usage and or removing SPII.
version
Type: STRING
Provider name: version
Description: Optional version name for this InfoType.
max_findings
Type: INT32
Provider name: maxFindings
Description: Max findings limit for the given infoType.
max_findings_per_item
Type: INT32
Provider name: maxFindingsPerItem
Description: Max number of findings that are returned for each item scanned. When set within an InspectContentRequest, this field is ignored. This value isn’t a hard limit. If the number of findings for an item reaches this limit, the inspection of that item ends gradually, not abruptly. Therefore, the actual number of findings that Cloud DLP returns for the item can be multiple times higher than this value.
max_findings_per_request
Type: INT32
Provider name: maxFindingsPerRequest
Description: Max number of findings that are returned per request or job. If you set this field in an InspectContentRequest, the resulting maximum value is the value that you set or 3,000, whichever is lower. This value isn’t a hard limit. If an inspection reaches this limit, the inspection ends gradually, not abruptly. Therefore, the actual number of findings that Cloud DLP returns can be multiple times higher than this value.
min_likelihood
Type: STRING
Provider name: minLikelihood
Description: Only returns findings equal to or above this threshold. The default is POSSIBLE. In general, the highest likelihood setting yields the fewest findings in results and the lowest chance of a false positive. For more information, see Match likelihood.
Possible values:
LIKELIHOOD_UNSPECIFIED - Default value; same as POSSIBLE.
VERY_UNLIKELY - Highest chance of a false positive.
UNLIKELY - High chance of a false positive.
POSSIBLE - Some matching signals. The default value.
LIKELY - Low chance of a false positive.
VERY_LIKELY - Confidence level is high. Lowest chance of a false positive.
min_likelihood_per_info_type
Type: UNORDERED_LIST_STRUCT
Provider name: minLikelihoodPerInfoType
Description: Minimum likelihood per infotype. For each infotype, a user can specify a minimum likelihood. The system only returns a finding if its likelihood is above this threshold. If this field is not set, the system uses the InspectConfig min_likelihood.
info_type
Type: STRUCT
Provider name: infoType
Description: Type of information the likelihood threshold applies to. Only one likelihood per info_type should be provided. If InfoTypeLikelihood does not have an info_type, the configuration fails.
name
Type: STRING
Provider name: name
Description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern [A-Za-z0-9$_-]{1,64}.
sensitivity_score
Type: STRUCT
Provider name: sensitivityScore
Description: Optional custom sensitivity for this InfoType. This only applies to data profiling.
score
Type: STRING
Provider name: score
Description: The sensitivity score applied to the resource.
Possible values:
SENSITIVITY_SCORE_UNSPECIFIED - Unused.
SENSITIVITY_LOW - No sensitive information detected. The resource isn’t publicly accessible.
SENSITIVITY_UNKNOWN - Unable to determine sensitivity.
SENSITIVITY_MODERATE - Medium risk. Contains personally identifiable information (PII), potentially sensitive data, or fields with free-text data that are at a higher risk of having intermittent sensitive data. Consider limiting access.
SENSITIVITY_HIGH - High risk. Sensitive personally identifiable information (SPII) can be present. Exfiltration of data can lead to user data loss. Re-identification of users might be possible. Consider limiting usage and or removing SPII.
version
Type: STRING
Provider name: version
Description: Optional version name for this InfoType.
min_likelihood
Type: STRING
Provider name: minLikelihood
Description: Only returns findings equal to or above this threshold. This field is required or else the configuration fails.
Possible values:
LIKELIHOOD_UNSPECIFIED - Default value; same as POSSIBLE.
VERY_UNLIKELY - Highest chance of a false positive.
UNLIKELY - High chance of a false positive.
POSSIBLE - Some matching signals. The default value.
LIKELY - Low chance of a false positive.
VERY_LIKELY - Confidence level is high. Lowest chance of a false positive.
rule_set
Type: UNORDERED_LIST_STRUCT
Provider name: ruleSet
Description: Set of rules to apply to the findings for this InspectConfig. Exclusion rules, contained in the set are executed in the end, other rules are executed in the order they are specified for each info type.
info_types
Type: UNORDERED_LIST_STRUCT
Provider name: infoTypes
Description: List of infoTypes this rule set is applied to.
name
Type: STRING
Provider name: name
Description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern [A-Za-z0-9$_-]{1,64}.
sensitivity_score
Type: STRUCT
Provider name: sensitivityScore
Description: Optional custom sensitivity for this InfoType. This only applies to data profiling.
score
Type: STRING
Provider name: score
Description: The sensitivity score applied to the resource.
Possible values:
SENSITIVITY_SCORE_UNSPECIFIED - Unused.
SENSITIVITY_LOW - No sensitive information detected. The resource isn’t publicly accessible.
SENSITIVITY_UNKNOWN - Unable to determine sensitivity.
SENSITIVITY_MODERATE - Medium risk. Contains personally identifiable information (PII), potentially sensitive data, or fields with free-text data that are at a higher risk of having intermittent sensitive data. Consider limiting access.
SENSITIVITY_HIGH - High risk. Sensitive personally identifiable information (SPII) can be present. Exfiltration of data can lead to user data loss. Re-identification of users might be possible. Consider limiting usage and or removing SPII.
version
Type: STRING
Provider name: version
Description: Optional version name for this InfoType.
rules
Type: UNORDERED_LIST_STRUCT
Provider name: rules
Description: Set of rules to be applied to infoTypes. The rules are applied in order.
exclusion_rule
Type: STRUCT
Provider name: exclusionRule
Description: Exclusion rule.
dictionary
Type: STRUCT
Provider name: dictionary
Description: Dictionary which defines the rule.
cloud_storage_path
Type: STRUCT
Provider name: cloudStoragePath
Description: Newline-delimited file of words in Cloud Storage. Only a single file is accepted.
path
Type: STRING
Provider name: path
Description: A URL representing a file or path (no wildcards) in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt
word_list
Type: STRUCT
Provider name: wordList
Description: List of words or phrases to search for.
words
Type: UNORDERED_LIST_STRING
Provider name: words
Description: Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits. [required]
exclude_by_hotword
Type: STRUCT
Provider name: excludeByHotword
Description: Drop if the hotword rule is contained in the proximate context. For tabular data, the context includes the column name.
hotword_regex
Type: STRUCT
Provider name: hotwordRegex
Description: Regular expression pattern defining what qualifies as a hotword.
group_indexes
Type: UNORDERED_LIST_INT32
Provider name: groupIndexes
Description: The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.
pattern
Type: STRING
Provider name: pattern
Description: Pattern defining the regular expression. Its syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.
proximity
Type: STRUCT
Provider name: proximity
Description: Range of characters within which the entire hotword must reside. The total length of the window cannot exceed 1000 characters. The windowBefore property in proximity should be set to 1 if the hotword needs to be included in a column header.
exclude_info_types
Type: STRUCT
Provider name: excludeInfoTypes
Description: Set of infoTypes for which findings would affect this rule.
info_types
Type: UNORDERED_LIST_STRUCT
Provider name: infoTypes
Description: InfoType list in ExclusionRule rule drops a finding when it overlaps or contained within with a finding of an infoType from this list. For example, for InspectionRuleSet.info_types containing “PHONE_NUMBER”andexclusion_rulecontainingexclude_info_types.info_types` with “EMAIL_ADDRESS” the phone number findings are dropped if they overlap with EMAIL_ADDRESS finding. That leads to “555-222-2222@example.org” to generate only a single finding, namely email address.
name
Type: STRING
Provider name: name
Description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern [A-Za-z0-9$_-]{1,64}.
sensitivity_score
Type: STRUCT
Provider name: sensitivityScore
Description: Optional custom sensitivity for this InfoType. This only applies to data profiling.
score
Type: STRING
Provider name: score
Description: The sensitivity score applied to the resource.
Possible values:
SENSITIVITY_SCORE_UNSPECIFIED - Unused.
SENSITIVITY_LOW - No sensitive information detected. The resource isn’t publicly accessible.
SENSITIVITY_UNKNOWN - Unable to determine sensitivity.
SENSITIVITY_MODERATE - Medium risk. Contains personally identifiable information (PII), potentially sensitive data, or fields with free-text data that are at a higher risk of having intermittent sensitive data. Consider limiting access.
SENSITIVITY_HIGH - High risk. Sensitive personally identifiable information (SPII) can be present. Exfiltration of data can lead to user data loss. Re-identification of users might be possible. Consider limiting usage and or removing SPII.
version
Type: STRING
Provider name: version
Description: Optional version name for this InfoType.
matching_type
Type: STRING
Provider name: matchingType
Description: How the rule is applied, see MatchingType documentation for details.
Possible values:
MATCHING_TYPE_UNSPECIFIED - Invalid.
MATCHING_TYPE_FULL_MATCH - Full match. - Dictionary: join of Dictionary results matched complete finding quote - Regex: all regex matches fill a finding quote start to end - Exclude info type: completely inside affecting info types findings
MATCHING_TYPE_PARTIAL_MATCH - Partial match. - Dictionary: at least one of the tokens in the finding matches - Regex: substring of the finding matches - Exclude info type: intersects with affecting info types findings
MATCHING_TYPE_INVERSE_MATCH - Inverse match. - Dictionary: no tokens in the finding match the dictionary - Regex: finding doesn’t match the regex - Exclude info type: no intersection with affecting info types findings
regex
Type: STRUCT
Provider name: regex
Description: Regular expression which defines the rule.
group_indexes
Type: UNORDERED_LIST_INT32
Provider name: groupIndexes
Description: The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.
pattern
Type: STRING
Provider name: pattern
Description: Pattern defining the regular expression. Its syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.
hotword_rule
Type: STRUCT
Provider name: hotwordRule
Description: Hotword-based detection rule.
hotword_regex
Type: STRUCT
Provider name: hotwordRegex
Description: Regular expression pattern defining what qualifies as a hotword.
group_indexes
Type: UNORDERED_LIST_INT32
Provider name: groupIndexes
Description: The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.
pattern
Type: STRING
Provider name: pattern
Description: Pattern defining the regular expression. Its syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.
likelihood_adjustment
Type: STRUCT
Provider name: likelihoodAdjustment
Description: Likelihood adjustment to apply to all matching findings.
fixed_likelihood
Type: STRING
Provider name: fixedLikelihood
Description: Set the likelihood of a finding to a fixed value.
Possible values:
LIKELIHOOD_UNSPECIFIED - Default value; same as POSSIBLE.
VERY_UNLIKELY - Highest chance of a false positive.
UNLIKELY - High chance of a false positive.
POSSIBLE - Some matching signals. The default value.
LIKELY - Low chance of a false positive.
VERY_LIKELY - Confidence level is high. Lowest chance of a false positive.
relative_likelihood
Type: INT32
Provider name: relativeLikelihood
Description: Increase or decrease the likelihood by the specified number of levels. For example, if a finding would be POSSIBLE without the detection rule and relative_likelihood is 1, then it is upgraded to LIKELY, while a value of -1 would downgrade it to UNLIKELY. Likelihood may never drop below VERY_UNLIKELY or exceed VERY_LIKELY, so applying an adjustment of 1 followed by an adjustment of -1 when base likelihood is VERY_LIKELY will result in a final likelihood of LIKELY.
proximity
Type: STRUCT
Provider name: proximity
Description: Range of characters within which the entire hotword must reside. The total length of the window cannot exceed 1000 characters. The finding itself will be included in the window, so that hotwords can be used to match substrings of the finding itself. Suppose you want Cloud DLP to promote the likelihood of the phone number regex “(\d{3}) \d{3}-\d{4}” if the area code is known to be the area code of a company’s office. In this case, use the hotword regex “(xxx)”, where “xxx” is the area code in question. For tabular data, if you want to modify the likelihood of an entire column of findngs, see [Hotword example: Set the match likelihood of a table column] (https://cloud.google.com/sensitive-data-protection/docs/creating-custom-infotypes-likelihood#match-column-values).
name
Type: STRING
Provider name: name
Description: Output only. The template name. The template will have one of the following formats: projects/PROJECT_ID/inspectTemplates/TEMPLATE_ID OR organizations/ORGANIZATION_ID/inspectTemplates/TEMPLATE_ID;
update_time
Type: TIMESTAMP
Provider name: updateTime
Description: Output only. The last update timestamp of an inspectTemplate.
result
Type: STRUCT
Provider name: result
Description: A summary of the outcome of this inspection job.
hybrid_stats
Type: STRUCT
Provider name: hybridStats
Description: Statistics related to the processing of hybrid inspect.
aborted_count
Type: INT64
Provider name: abortedCount
Description: The number of hybrid inspection requests aborted because the job ran out of quota or was ended before they could be processed.
pending_count
Type: INT64
Provider name: pendingCount
Description: The number of hybrid requests currently being processed. Only populated when called via method getDlpJob. A burst of traffic may cause hybrid inspect requests to be enqueued. Processing will take place as quickly as possible, but resource limitations may impact how long a request is enqueued for.
processed_count
Type: INT64
Provider name: processedCount
Description: The number of hybrid inspection requests processed within this job.
info_type_stats
Type: UNORDERED_LIST_STRUCT
Provider name: infoTypeStats
Description: Statistics of how many instances of each info type were found during inspect job.
count
Type: INT64
Provider name: count
Description: Number of findings for this infoType.
info_type
Type: STRUCT
Provider name: infoType
Description: The type of finding this stat is for.
name
Type: STRING
Provider name: name
Description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern [A-Za-z0-9$_-]{1,64}.
sensitivity_score
Type: STRUCT
Provider name: sensitivityScore
Description: Optional custom sensitivity for this InfoType. This only applies to data profiling.
score
Type: STRING
Provider name: score
Description: The sensitivity score applied to the resource.
Possible values:
SENSITIVITY_SCORE_UNSPECIFIED - Unused.
SENSITIVITY_LOW - No sensitive information detected. The resource isn’t publicly accessible.
SENSITIVITY_UNKNOWN - Unable to determine sensitivity.
SENSITIVITY_MODERATE - Medium risk. Contains personally identifiable information (PII), potentially sensitive data, or fields with free-text data that are at a higher risk of having intermittent sensitive data. Consider limiting access.
SENSITIVITY_HIGH - High risk. Sensitive personally identifiable information (SPII) can be present. Exfiltration of data can lead to user data loss. Re-identification of users might be possible. Consider limiting usage and or removing SPII.
version
Type: STRING
Provider name: version
Description: Optional version name for this InfoType.
num_rows_processed
Type: INT64
Provider name: numRowsProcessed
Description: Number of rows scanned after sampling and time filtering (applicable for row based stores such as BigQuery).
processed_bytes
Type: INT64
Provider name: processedBytes
Description: Total size in bytes that were processed.
total_estimated_bytes
Type: INT64
Provider name: totalEstimatedBytes
Description: Estimate of the number of bytes to process.
job_trigger_name
Type: STRING
Provider name: jobTriggerName
Description: If created by a job trigger, the resource name of the trigger that instantiated the job.
labels
Type: UNORDERED_LIST_STRING
last_modified
Type: TIMESTAMP
Provider name: lastModified
Description: Time when the job was last modified by the system.
name
Type: STRING
Provider name: name
Description: The server-assigned name.
organization_id
Type: STRING
parent
Type: STRING
project_id
Type: STRING
project_number
Type: STRING
resource_name
Type: STRING
risk_details
Type: STRUCT
Provider name: riskDetails
Description: Results from analyzing risk of a data source.
categorical_stats_result
Type: STRUCT
Provider name: categoricalStatsResult
Description: Categorical stats result
value_frequency_histogram_buckets
Type: UNORDERED_LIST_STRUCT
Provider name: valueFrequencyHistogramBuckets
Description: Histogram of value frequencies in the column.
bucket_size
Type: INT64
Provider name: bucketSize
Description: Total number of values in this bucket.
bucket_value_count
Type: INT64
Provider name: bucketValueCount
Description: Total number of distinct values in this bucket.
bucket_values
Type: UNORDERED_LIST_STRUCT
Provider name: bucketValues
Description: Sample of value frequencies in this bucket. The total number of values returned per bucket is capped at 20.
count
Type: INT64
Provider name: count
Description: How many times the value is contained in the field.
value
Type: STRUCT
Provider name: value
Description: A value contained in the field in question.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
value_frequency_lower_bound
Type: INT64
Provider name: valueFrequencyLowerBound
Description: Lower bound on the value frequency of the values in this bucket.
value_frequency_upper_bound
Type: INT64
Provider name: valueFrequencyUpperBound
Description: Upper bound on the value frequency of the values in this bucket.
delta_presence_estimation_result
Type: STRUCT
Provider name: deltaPresenceEstimationResult
Description: Delta-presence result
delta_presence_estimation_histogram
Type: UNORDERED_LIST_STRUCT
Provider name: deltaPresenceEstimationHistogram
Description: The intervals [min_probability, max_probability) do not overlap. If a value doesn’t correspond to any such interval, the associated frequency is zero. For example, the following records: {min_probability: 0, max_probability: 0.1, frequency: 17} {min_probability: 0.2, max_probability: 0.3, frequency: 42} {min_probability: 0.3, max_probability: 0.4, frequency: 99} mean that there are no record with an estimated probability in [0.1, 0.2) nor larger or equal to 0.4.
bucket_size
Type: INT64
Provider name: bucketSize
Description: Number of records within these probability bounds.
bucket_value_count
Type: INT64
Provider name: bucketValueCount
Description: Total number of distinct quasi-identifier tuple values in this bucket.
bucket_values
Type: UNORDERED_LIST_STRUCT
Provider name: bucketValues
Description: Sample of quasi-identifier tuple values in this bucket. The total number of classes returned per bucket is capped at 20.
estimated_probability
Type: DOUBLE
Provider name: estimatedProbability
Description: The estimated probability that a given individual sharing these quasi-identifier values is in the dataset. This value, typically called δ, is the ratio between the number of records in the dataset with these quasi-identifier values, and the total number of individuals (inside and outside the dataset) with these quasi-identifier values. For example, if there are 15 individuals in the dataset who share the same quasi-identifier values, and an estimated 100 people in the entire population with these values, then δ is 0.15.
quasi_ids_values
Type: UNORDERED_LIST_STRUCT
Provider name: quasiIdsValues
Description: The quasi-identifier values.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
max_probability
Type: DOUBLE
Provider name: maxProbability
Description: Always greater than or equal to min_probability.
min_probability
Type: DOUBLE
Provider name: minProbability
Description: Between 0 and 1.
k_anonymity_result
Type: STRUCT
Provider name: kAnonymityResult
Description: K-anonymity result
equivalence_class_histogram_buckets
Type: UNORDERED_LIST_STRUCT
Provider name: equivalenceClassHistogramBuckets
Description: Histogram of k-anonymity equivalence classes.
bucket_size
Type: INT64
Provider name: bucketSize
Description: Total number of equivalence classes in this bucket.
bucket_value_count
Type: INT64
Provider name: bucketValueCount
Description: Total number of distinct equivalence classes in this bucket.
bucket_values
Type: UNORDERED_LIST_STRUCT
Provider name: bucketValues
Description: Sample of equivalence classes in this bucket. The total number of classes returned per bucket is capped at 20.
equivalence_class_size
Type: INT64
Provider name: equivalenceClassSize
Description: Size of the equivalence class, for example number of rows with the above set of values.
quasi_ids_values
Type: UNORDERED_LIST_STRUCT
Provider name: quasiIdsValues
Description: Set of values defining the equivalence class. One value per quasi-identifier column in the original KAnonymity metric message. The order is always the same as the original request.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
equivalence_class_size_lower_bound
Type: INT64
Provider name: equivalenceClassSizeLowerBound
Description: Lower bound on the size of the equivalence classes in this bucket.
equivalence_class_size_upper_bound
Type: INT64
Provider name: equivalenceClassSizeUpperBound
Description: Upper bound on the size of the equivalence classes in this bucket.
k_map_estimation_result
Type: STRUCT
Provider name: kMapEstimationResult
Description: K-map result
k_map_estimation_histogram
Type: UNORDERED_LIST_STRUCT
Provider name: kMapEstimationHistogram
Description: The intervals [min_anonymity, max_anonymity] do not overlap. If a value doesn’t correspond to any such interval, the associated frequency is zero. For example, the following records: {min_anonymity: 1, max_anonymity: 1, frequency: 17} {min_anonymity: 2, max_anonymity: 3, frequency: 42} {min_anonymity: 5, max_anonymity: 10, frequency: 99} mean that there are no record with an estimated anonymity of 4, 5, or larger than 10.
bucket_size
Type: INT64
Provider name: bucketSize
Description: Number of records within these anonymity bounds.
bucket_value_count
Type: INT64
Provider name: bucketValueCount
Description: Total number of distinct quasi-identifier tuple values in this bucket.
bucket_values
Type: UNORDERED_LIST_STRUCT
Provider name: bucketValues
Description: Sample of quasi-identifier tuple values in this bucket. The total number of classes returned per bucket is capped at 20.
estimated_anonymity
Type: INT64
Provider name: estimatedAnonymity
Description: The estimated anonymity for these quasi-identifier values.
quasi_ids_values
Type: UNORDERED_LIST_STRUCT
Provider name: quasiIdsValues
Description: The quasi-identifier values.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
max_anonymity
Type: INT64
Provider name: maxAnonymity
Description: Always greater than or equal to min_anonymity.
min_anonymity
Type: INT64
Provider name: minAnonymity
Description: Always positive.
l_diversity_result
Type: STRUCT
Provider name: lDiversityResult
Description: L-divesity result
sensitive_value_frequency_histogram_buckets
Type: UNORDERED_LIST_STRUCT
Provider name: sensitiveValueFrequencyHistogramBuckets
Description: Histogram of l-diversity equivalence class sensitive value frequencies.
bucket_size
Type: INT64
Provider name: bucketSize
Description: Total number of equivalence classes in this bucket.
bucket_value_count
Type: INT64
Provider name: bucketValueCount
Description: Total number of distinct equivalence classes in this bucket.
bucket_values
Type: UNORDERED_LIST_STRUCT
Provider name: bucketValues
Description: Sample of equivalence classes in this bucket. The total number of classes returned per bucket is capped at 20.
equivalence_class_size
Type: INT64
Provider name: equivalenceClassSize
Description: Size of the k-anonymity equivalence class.
num_distinct_sensitive_values
Type: INT64
Provider name: numDistinctSensitiveValues
Description: Number of distinct sensitive values in this equivalence class.
quasi_ids_values
Type: UNORDERED_LIST_STRUCT
Provider name: quasiIdsValues
Description: Quasi-identifier values defining the k-anonymity equivalence class. The order is always the same as the original request.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
top_sensitive_values
Type: UNORDERED_LIST_STRUCT
Provider name: topSensitiveValues
Description: Estimated frequencies of top sensitive values.
count
Type: INT64
Provider name: count
Description: How many times the value is contained in the field.
value
Type: STRUCT
Provider name: value
Description: A value contained in the field in question.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
sensitive_value_frequency_lower_bound
Type: INT64
Provider name: sensitiveValueFrequencyLowerBound
Description: Lower bound on the sensitive value frequencies of the equivalence classes in this bucket.
sensitive_value_frequency_upper_bound
Type: INT64
Provider name: sensitiveValueFrequencyUpperBound
Description: Upper bound on the sensitive value frequencies of the equivalence classes in this bucket.
numerical_stats_result
Type: STRUCT
Provider name: numericalStatsResult
Description: Numerical stats result
max_value
Type: STRUCT
Provider name: maxValue
Description: Maximum value appearing in the column.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
min_value
Type: STRUCT
Provider name: minValue
Description: Minimum value appearing in the column.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
quantile_values
Type: UNORDERED_LIST_STRUCT
Provider name: quantileValues
Description: List of 99 values that partition the set of field values into 100 equal sized buckets.
boolean_value
Type: BOOLEAN
Provider name: booleanValue
Description: boolean
date_value
Type: STRUCT
Provider name: dateValue
Description: date
day
Type: INT32
Provider name: day
Description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn’t significant.
month
Type: INT32
Provider name: month
Description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
year
Type: INT32
Provider name: year
Description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
day_of_week_value
Type: STRING
Provider name: dayOfWeekValue
Description: day of week
Possible values:
DAY_OF_WEEK_UNSPECIFIED - The day of the week is unspecified.
MONDAY - Monday
TUESDAY - Tuesday
WEDNESDAY - Wednesday
THURSDAY - Thursday
FRIDAY - Friday
SATURDAY - Saturday
SUNDAY - Sunday
float_value
Type: DOUBLE
Provider name: floatValue
Description: float
integer_value
Type: INT64
Provider name: integerValue
Description: integer
string_value
Type: STRING
Provider name: stringValue
Description: string
time_value
Type: STRUCT
Provider name: timeValue
Description: time of day
hours
Type: INT32
Provider name: hours
Description: Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
minutes
Type: INT32
Provider name: minutes
Description: Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
nanos
Type: INT32
Provider name: nanos
Description: Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
seconds
Type: INT32
Provider name: seconds
Description: Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
timestamp_value
Type: TIMESTAMP
Provider name: timestampValue
Description: timestamp
requested_options
Type: STRUCT
Provider name: requestedOptions
Description: The configuration used for this job.
job_config
Type: STRUCT
Provider name: jobConfig
Description: The job config for the risk job.
actions
Type: UNORDERED_LIST_STRUCT
Provider name: actions
Description: Actions to execute at the completion of the job. Are executed in the order provided.
deidentify
Type: STRUCT
Provider name: deidentify
Description: Create a de-identified copy of the input data.
cloud_storage_output
Type: STRING
Provider name: cloudStorageOutput
Description: Required. User settable Cloud Storage bucket and folders to store de-identified files. This field must be set for Cloud Storage deidentification. The output Cloud Storage bucket must be different from the input bucket. De-identified files will overwrite files in the output path. Form of: gs://bucket/folder/ or gs://bucket
file_types_to_transform
Type: UNORDERED_LIST_STRING
Provider name: fileTypesToTransform
Description: List of user-specified file type groups to transform. If specified, only the files with these file types are transformed. If empty, all supported files are transformed. Supported types may be automatically added over time. Any unsupported file types that are set in this field are excluded from de-identification. An error is recorded for each unsupported file in the TransformationDetails output table. Currently the only file types supported are: IMAGES, TEXT_FILES, CSV, TSV.
transformation_config
Type: STRUCT
Provider name: transformationConfig
Description: User specified deidentify templates and configs for structured, unstructured, and image files.
deidentify_template
Type: STRING
Provider name: deidentifyTemplate
Description: De-identify template. If this template is specified, it will serve as the default de-identify template. This template cannot contain record_transformations since it can be used for unstructured content such as free-form text files. If this template is not set, a default ReplaceWithInfoTypeConfig will be used to de-identify unstructured content.
image_redact_template
Type: STRING
Provider name: imageRedactTemplate
Description: Image redact template. If this template is specified, it will serve as the de-identify template for images. If this template is not set, all findings in the image will be redacted with a black box.
structured_deidentify_template
Type: STRING
Provider name: structuredDeidentifyTemplate
Description: Structured de-identify template. If this template is specified, it will serve as the de-identify template for structured content such as delimited files and tables. If this template is not set but the deidentify_template is set, then deidentify_template will also apply to the structured content. If neither template is set, a default ReplaceWithInfoTypeConfig will be used to de-identify structured content.
transformation_details_storage_config
Type: STRUCT
Provider name: transformationDetailsStorageConfig
Description: Config for storing transformation details. This field specifies the configuration for storing detailed metadata about each transformation performed during a de-identification process. The metadata is stored separately from the de-identified content itself and provides a granular record of both successful transformations and any failures that occurred. Enabling this configuration is essential for users who need to access comprehensive information about the status, outcome, and specifics of each transformation. The details are captured in the TransformationDetails message for each operation. Key use cases: * Auditing and compliance * Provides a verifiable audit trail of de-identification activities, which is crucial for meeting regulatory requirements and internal data governance policies. * Logs what data was transformed, what transformations were applied, when they occurred, and their success status. This helps demonstrate accountability and due diligence in protecting sensitive data. * Troubleshooting and debugging * Offers detailed error messages and context if a transformation fails. This information is useful for diagnosing and resolving issues in the de-identification pipeline. * Helps pinpoint the exact location and nature of failures, speeding up the debugging process. * Process verification and quality assurance * Allows users to confirm that de-identification rules and transformations were applied correctly and consistently across the dataset as intended. * Helps in verifying the effectiveness of the chosen de-identification strategies. * Data lineage and impact analysis * Creates a record of how data elements were modified, contributing to data lineage. This is useful for understanding the provenance of de-identified data. * Aids in assessing the potential impact of de-identification choices on downstream analytical processes or data usability. * Reporting and operational insights * You can analyze the metadata stored in a queryable BigQuery table to generate reports on transformation success rates, common error types, processing volumes (e.g., transformedBytes), and the types of transformations applied. * These insights can inform optimization of de-identification configurations and resource planning. To take advantage of these benefits, set this configuration. The stored details include a description of the transformation, success or error codes, error messages, the number of bytes transformed, the location of the transformed content, and identifiers for the job and source data.
table
Type: STRUCT
Provider name: table
Description: The BigQuery table in which to store the output. This may be an existing table or in a new table in an existing dataset. If table_id is not set a new one will be generated for you with the following format: dlp_googleapis_transformation_details_yyyy_mm_dd_[dlp_job_id]. Pacific time zone will be used for generating the date details.
dataset_id
Type: STRING
Provider name: datasetId
Description: Dataset ID of the table.
project_id
Type: STRING
Provider name: projectId
Description: The Google Cloud project ID of the project containing the table. If omitted, project ID is inferred from the API call.
table_id
Type: STRING
Provider name: tableId
Description: Name of the table.
job_notification_emails
Type: STRUCT
Provider name: jobNotificationEmails
Description: Sends an email when the job completes. The email goes to IAM project owners and technical Essential Contacts.
pub_sub
Type: STRUCT
Provider name: pubSub
Description: Publish a notification to a Pub/Sub topic.
topic
Type: STRING
Provider name: topic
Description: Cloud Pub/Sub topic to send notifications to. The topic must have given publishing access rights to the DLP API service account executing the long running DlpJob sending the notifications. Format is projects/{project}/topics/{topic}.
publish_findings_to_cloud_data_catalog
Type: STRUCT
Provider name: publishFindingsToCloudDataCatalog
Description: Publish findings to Cloud Datahub.
publish_summary_to_cscc
Type: STRUCT
Provider name: publishSummaryToCscc
Description: Publish summary to Cloud Security Command Center (Alpha).
publish_to_stackdriver
Type: STRUCT
Provider name: publishToStackdriver
Description: Enable Stackdriver metric dlp.googleapis.com/finding_count.
save_findings
Type: STRUCT
Provider name: saveFindings
Description: Save resulting findings in a provided location.
output_config
Type: STRUCT
Provider name: outputConfig
Description: Location to store findings outside of DLP.
output_schema
Type: STRING
Provider name: outputSchema
Description: Schema used for writing the findings for Inspect jobs. This field is only used for Inspect and must be unspecified for Risk jobs. Columns are derived from the Finding object. If appending to an existing table, any columns from the predefined schema that are missing will be added. No columns in the existing table will be deleted. If unspecified, then all available columns will be used for a new table or an (existing) table with no schema, and no changes will be made to an existing table that has a schema. Only for use with external storage.
Possible values:
OUTPUT_SCHEMA_UNSPECIFIED - Unused.
BASIC_COLUMNS - Basic schema including only info_type, quote, certainty, and timestamp.
GCS_COLUMNS - Schema tailored to findings from scanning Cloud Storage.
DATASTORE_COLUMNS - Schema tailored to findings from scanning Google Datastore.
BIG_QUERY_COLUMNS - Schema tailored to findings from scanning Google BigQuery.
ALL_COLUMNS - Schema containing all columns.
table
Type: STRUCT
Provider name: table
Description: Store findings in an existing table or a new table in an existing dataset. If table_id is not set a new one will be generated for you with the following format: dlp_googleapis_yyyy_mm_dd_[dlp_job_id]. Pacific time zone will be used for generating the date details. For Inspect, each column in an existing output table must have the same name, type, and mode of a field in the Finding object. For Risk, an existing output table should be the output of a previous Risk analysis job run on the same source table, with the same privacy metric and quasi-identifiers. Risk jobs that analyze the same table but compute a different privacy metric, or use different sets of quasi-identifiers, cannot store their results in the same table.
dataset_id
Type: STRING
Provider name: datasetId
Description: Dataset ID of the table.
project_id
Type: STRING
Provider name: projectId
Description: The Google Cloud project ID of the project containing the table. If omitted, project ID is inferred from the API call.
table_id
Type: STRING
Provider name: tableId
Description: Name of the table.
privacy_metric
Type: STRUCT
Provider name: privacyMetric
Description: Privacy metric to compute.
categorical_stats_config
Type: STRUCT
Provider name: categoricalStatsConfig
Description: Categorical stats
field
Type: STRUCT
Provider name: field
Description: Field to compute categorical stats on. All column types are supported except for arrays and structs. However, it may be more informative to use NumericalStats when the field type is supported, depending on the data.
name
Type: STRING
Provider name: name
Description: Name describing the field.
delta_presence_estimation_config
Type: STRUCT
Provider name: deltaPresenceEstimationConfig
Description: delta-presence
auxiliary_tables
Type: UNORDERED_LIST_STRUCT
Provider name: auxiliaryTables
Description: Several auxiliary tables can be used in the analysis. Each custom_tag used to tag a quasi-identifiers field must appear in exactly one field of one auxiliary table.
quasi_ids
Type: UNORDERED_LIST_STRUCT
Provider name: quasiIds
Description: Required. Quasi-identifier columns.
custom_tag
Type: STRING
Provider name: customTag
Description: A column can be tagged with a custom tag. In this case, the user must indicate an auxiliary table that contains statistical information on the possible values of this column.
field
Type: STRUCT
Provider name: field
Description: Identifies the column.
name
Type: STRING
Provider name: name
Description: Name describing the field.
relative_frequency
Type: STRUCT
Provider name: relativeFrequency
Description: Required. The relative frequency column must contain a floating-point number between 0 and 1 (inclusive). Null values are assumed to be zero.
name
Type: STRING
Provider name: name
Description: Name describing the field.
table
Type: STRUCT
Provider name: table
Description: Required. Auxiliary table location.
dataset_id
Type: STRING
Provider name: datasetId
Description: Dataset ID of the table.
project_id
Type: STRING
Provider name: projectId
Description: The Google Cloud project ID of the project containing the table. If omitted, project ID is inferred from the API call.
table_id
Type: STRING
Provider name: tableId
Description: Name of the table.
quasi_ids
Type: UNORDERED_LIST_STRUCT
Provider name: quasiIds
Description: Required. Fields considered to be quasi-identifiers. No two fields can have the same tag.
custom_tag
Type: STRING
Provider name: customTag
Description: A column can be tagged with a custom tag. In this case, the user must indicate an auxiliary table that contains statistical information on the possible values of this column.
field
Type: STRUCT
Provider name: field
Description: Required. Identifies the column.
name
Type: STRING
Provider name: name
Description: Name describing the field.
inferred
Type: STRUCT
Provider name: inferred
Description: If no semantic tag is indicated, we infer the statistical model from the distribution of values in the input data
info_type
Type: STRUCT
Provider name: infoType
Description: A column can be tagged with a InfoType to use the relevant public dataset as a statistical model of population, if available. We currently support US ZIP codes, region codes, ages and genders. To programmatically obtain the list of supported InfoTypes, use ListInfoTypes with the supported_by=RISK_ANALYSIS filter.
name
Type: STRING
Provider name: name
Description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern [A-Za-z0-9$_-]{1,64}.
sensitivity_score
Type: STRUCT
Provider name: sensitivityScore
Description: Optional custom sensitivity for this InfoType. This only applies to data profiling.
score
Type: STRING
Provider name: score
Description: The sensitivity score applied to the resource.
Possible values:
SENSITIVITY_SCORE_UNSPECIFIED - Unused.
SENSITIVITY_LOW - No sensitive information detected. The resource isn’t publicly accessible.
SENSITIVITY_UNKNOWN - Unable to determine sensitivity.
SENSITIVITY_MODERATE - Medium risk. Contains personally identifiable information (PII), potentially sensitive data, or fields with free-text data that are at a higher risk of having intermittent sensitive data. Consider limiting access.
SENSITIVITY_HIGH - High risk. Sensitive personally identifiable information (SPII) can be present. Exfiltration of data can lead to user data loss. Re-identification of users might be possible. Consider limiting usage and or removing SPII.
version
Type: STRING
Provider name: version
Description: Optional version name for this InfoType.
region_code
Type: STRING
Provider name: regionCode
Description: ISO 3166-1 alpha-2 region code to use in the statistical modeling. Set if no column is tagged with a region-specific InfoType (like US_ZIP_5) or a region code.
k_anonymity_config
Type: STRUCT
Provider name: kAnonymityConfig
Description: K-anonymity
entity_id
Type: STRUCT
Provider name: entityId
Description: Message indicating that multiple rows might be associated to a single individual. If the same entity_id is associated to multiple quasi-identifier tuples over distinct rows, we consider the entire collection of tuples as the composite quasi-identifier. This collection is a multiset: the order in which the different tuples appear in the dataset is ignored, but their frequency is taken into account. Important note: a maximum of 1000 rows can be associated to a single entity ID. If more rows are associated with the same entity ID, some might be ignored.
field
Type: STRUCT
Provider name: field
Description: Composite key indicating which field contains the entity identifier.
name
Type: STRING
Provider name: name
Description: Name describing the field.
quasi_ids
Type: UNORDERED_LIST_STRUCT
Provider name: quasiIds
Description: Set of fields to compute k-anonymity over. When multiple fields are specified, they are considered a single composite key. Structs and repeated data types are not supported; however, nested fields are supported so long as they are not structs themselves or nested within a repeated field.
name
Type: STRING
Provider name: name
Description: Name describing the field.
k_map_estimation_config
Type: STRUCT
Provider name: kMapEstimationConfig
Description: k-map
auxiliary_tables
Type: UNORDERED_LIST_STRUCT
Provider name: auxiliaryTables
Description: Several auxiliary tables can be used in the analysis. Each custom_tag used to tag a quasi-identifiers column must appear in exactly one column of one auxiliary table.
quasi_ids
Type: UNORDERED_LIST_STRUCT
Provider name: quasiIds
Description: Required. Quasi-identifier columns.
custom_tag
Type: STRING
Provider name: customTag
Description: A auxiliary field.
field
Type: STRUCT
Provider name: field
Description: Identifies the column.
name
Type: STRING
Provider name: name
Description: Name describing the field.
relative_frequency
Type: STRUCT
Provider name: relativeFrequency
Description: Required. The relative frequency column must contain a floating-point number between 0 and 1 (inclusive). Null values are assumed to be zero.
name
Type: STRING
Provider name: name
Description: Name describing the field.
table
Type: STRUCT
Provider name: table
Description: Required. Auxiliary table location.
dataset_id
Type: STRING
Provider name: datasetId
Description: Dataset ID of the table.
project_id
Type: STRING
Provider name: projectId
Description: The Google Cloud project ID of the project containing the table. If omitted, project ID is inferred from the API call.
table_id
Type: STRING
Provider name: tableId
Description: Name of the table.
quasi_ids
Type: UNORDERED_LIST_STRUCT
Provider name: quasiIds
Description: Required. Fields considered to be quasi-identifiers. No two columns can have the same tag.
custom_tag
Type: STRING
Provider name: customTag
Description: A column can be tagged with a custom tag. In this case, the user must indicate an auxiliary table that contains statistical information on the possible values of this column.
field
Type: STRUCT
Provider name: field
Description: Required. Identifies the column.
name
Type: STRING
Provider name: name
Description: Name describing the field.
inferred
Type: STRUCT
Provider name: inferred
Description: If no semantic tag is indicated, we infer the statistical model from the distribution of values in the input data
info_type
Type: STRUCT
Provider name: infoType
Description: A column can be tagged with a InfoType to use the relevant public dataset as a statistical model of population, if available. We currently support US ZIP codes, region codes, ages and genders. To programmatically obtain the list of supported InfoTypes, use ListInfoTypes with the supported_by=RISK_ANALYSIS filter.
name
Type: STRING
Provider name: name
Description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern [A-Za-z0-9$_-]{1,64}.
sensitivity_score
Type: STRUCT
Provider name: sensitivityScore
Description: Optional custom sensitivity for this InfoType. This only applies to data profiling.
score
Type: STRING
Provider name: score
Description: The sensitivity score applied to the resource.
Possible values:
SENSITIVITY_SCORE_UNSPECIFIED - Unused.
SENSITIVITY_LOW - No sensitive information detected. The resource isn’t publicly accessible.
SENSITIVITY_UNKNOWN - Unable to determine sensitivity.
SENSITIVITY_MODERATE - Medium risk. Contains personally identifiable information (PII), potentially sensitive data, or fields with free-text data that are at a higher risk of having intermittent sensitive data. Consider limiting access.
SENSITIVITY_HIGH - High risk. Sensitive personally identifiable information (SPII) can be present. Exfiltration of data can lead to user data loss. Re-identification of users might be possible. Consider limiting usage and or removing SPII.
version
Type: STRING
Provider name: version
Description: Optional version name for this InfoType.
region_code
Type: STRING
Provider name: regionCode
Description: ISO 3166-1 alpha-2 region code to use in the statistical modeling. Set if no column is tagged with a region-specific InfoType (like US_ZIP_5) or a region code.
l_diversity_config
Type: STRUCT
Provider name: lDiversityConfig
Description: l-diversity
quasi_ids
Type: UNORDERED_LIST_STRUCT
Provider name: quasiIds
Description: Set of quasi-identifiers indicating how equivalence classes are defined for the l-diversity computation. When multiple fields are specified, they are considered a single composite key.
name
Type: STRING
Provider name: name
Description: Name describing the field.
sensitive_attribute
Type: STRUCT
Provider name: sensitiveAttribute
Description: Sensitive field for computing the l-value.
name
Type: STRING
Provider name: name
Description: Name describing the field.
numerical_stats_config
Type: STRUCT
Provider name: numericalStatsConfig
Description: Numerical stats
field
Type: STRUCT
Provider name: field
Description: Field to compute numerical stats on. Supported types are integer, float, date, datetime, timestamp, time.
name
Type: STRING
Provider name: name
Description: Name describing the field.
source_table
Type: STRUCT
Provider name: sourceTable
Description: Input dataset to compute metrics over.
dataset_id
Type: STRING
Provider name: datasetId
Description: Dataset ID of the table.
project_id
Type: STRING
Provider name: projectId
Description: The Google Cloud project ID of the project containing the table. If omitted, project ID is inferred from the API call.
table_id
Type: STRING
Provider name: tableId
Description: Name of the table.
requested_privacy_metric
Type: STRUCT
Provider name: requestedPrivacyMetric
Description: Privacy metric to compute.
categorical_stats_config
Type: STRUCT
Provider name: categoricalStatsConfig
Description: Categorical stats
field
Type: STRUCT
Provider name: field
Description: Field to compute categorical stats on. All column types are supported except for arrays and structs. However, it may be more informative to use NumericalStats when the field type is supported, depending on the data.
name
Type: STRING
Provider name: name
Description: Name describing the field.
delta_presence_estimation_config
Type: STRUCT
Provider name: deltaPresenceEstimationConfig
Description: delta-presence
auxiliary_tables
Type: UNORDERED_LIST_STRUCT
Provider name: auxiliaryTables
Description: Several auxiliary tables can be used in the analysis. Each custom_tag used to tag a quasi-identifiers field must appear in exactly one field of one auxiliary table.
quasi_ids
Type: UNORDERED_LIST_STRUCT
Provider name: quasiIds
Description: Required. Quasi-identifier columns.
custom_tag
Type: STRING
Provider name: customTag
Description: A column can be tagged with a custom tag. In this case, the user must indicate an auxiliary table that contains statistical information on the possible values of this column.
field
Type: STRUCT
Provider name: field
Description: Identifies the column.
name
Type: STRING
Provider name: name
Description: Name describing the field.
relative_frequency
Type: STRUCT
Provider name: relativeFrequency
Description: Required. The relative frequency column must contain a floating-point number between 0 and 1 (inclusive). Null values are assumed to be zero.
name
Type: STRING
Provider name: name
Description: Name describing the field.
table
Type: STRUCT
Provider name: table
Description: Required. Auxiliary table location.
dataset_id
Type: STRING
Provider name: datasetId
Description: Dataset ID of the table.
project_id
Type: STRING
Provider name: projectId
Description: The Google Cloud project ID of the project containing the table. If omitted, project ID is inferred from the API call.
table_id
Type: STRING
Provider name: tableId
Description: Name of the table.
quasi_ids
Type: UNORDERED_LIST_STRUCT
Provider name: quasiIds
Description: Required. Fields considered to be quasi-identifiers. No two fields can have the same tag.
custom_tag
Type: STRING
Provider name: customTag
Description: A column can be tagged with a custom tag. In this case, the user must indicate an auxiliary table that contains statistical information on the possible values of this column.
field
Type: STRUCT
Provider name: field
Description: Required. Identifies the column.
name
Type: STRING
Provider name: name
Description: Name describing the field.
inferred
Type: STRUCT
Provider name: inferred
Description: If no semantic tag is indicated, we infer the statistical model from the distribution of values in the input data
info_type
Type: STRUCT
Provider name: infoType
Description: A column can be tagged with a InfoType to use the relevant public dataset as a statistical model of population, if available. We currently support US ZIP codes, region codes, ages and genders. To programmatically obtain the list of supported InfoTypes, use ListInfoTypes with the supported_by=RISK_ANALYSIS filter.
name
Type: STRING
Provider name: name
Description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern [A-Za-z0-9$_-]{1,64}.
sensitivity_score
Type: STRUCT
Provider name: sensitivityScore
Description: Optional custom sensitivity for this InfoType. This only applies to data profiling.
score
Type: STRING
Provider name: score
Description: The sensitivity score applied to the resource.
Possible values:
SENSITIVITY_SCORE_UNSPECIFIED - Unused.
SENSITIVITY_LOW - No sensitive information detected. The resource isn’t publicly accessible.
SENSITIVITY_UNKNOWN - Unable to determine sensitivity.
SENSITIVITY_MODERATE - Medium risk. Contains personally identifiable information (PII), potentially sensitive data, or fields with free-text data that are at a higher risk of having intermittent sensitive data. Consider limiting access.
SENSITIVITY_HIGH - High risk. Sensitive personally identifiable information (SPII) can be present. Exfiltration of data can lead to user data loss. Re-identification of users might be possible. Consider limiting usage and or removing SPII.
version
Type: STRING
Provider name: version
Description: Optional version name for this InfoType.
region_code
Type: STRING
Provider name: regionCode
Description: ISO 3166-1 alpha-2 region code to use in the statistical modeling. Set if no column is tagged with a region-specific InfoType (like US_ZIP_5) or a region code.
k_anonymity_config
Type: STRUCT
Provider name: kAnonymityConfig
Description: K-anonymity
entity_id
Type: STRUCT
Provider name: entityId
Description: Message indicating that multiple rows might be associated to a single individual. If the same entity_id is associated to multiple quasi-identifier tuples over distinct rows, we consider the entire collection of tuples as the composite quasi-identifier. This collection is a multiset: the order in which the different tuples appear in the dataset is ignored, but their frequency is taken into account. Important note: a maximum of 1000 rows can be associated to a single entity ID. If more rows are associated with the same entity ID, some might be ignored.
field
Type: STRUCT
Provider name: field
Description: Composite key indicating which field contains the entity identifier.
name
Type: STRING
Provider name: name
Description: Name describing the field.
quasi_ids
Type: UNORDERED_LIST_STRUCT
Provider name: quasiIds
Description: Set of fields to compute k-anonymity over. When multiple fields are specified, they are considered a single composite key. Structs and repeated data types are not supported; however, nested fields are supported so long as they are not structs themselves or nested within a repeated field.
name
Type: STRING
Provider name: name
Description: Name describing the field.
k_map_estimation_config
Type: STRUCT
Provider name: kMapEstimationConfig
Description: k-map
auxiliary_tables
Type: UNORDERED_LIST_STRUCT
Provider name: auxiliaryTables
Description: Several auxiliary tables can be used in the analysis. Each custom_tag used to tag a quasi-identifiers column must appear in exactly one column of one auxiliary table.
quasi_ids
Type: UNORDERED_LIST_STRUCT
Provider name: quasiIds
Description: Required. Quasi-identifier columns.
custom_tag
Type: STRING
Provider name: customTag
Description: A auxiliary field.
field
Type: STRUCT
Provider name: field
Description: Identifies the column.
name
Type: STRING
Provider name: name
Description: Name describing the field.
relative_frequency
Type: STRUCT
Provider name: relativeFrequency
Description: Required. The relative frequency column must contain a floating-point number between 0 and 1 (inclusive). Null values are assumed to be zero.
name
Type: STRING
Provider name: name
Description: Name describing the field.
table
Type: STRUCT
Provider name: table
Description: Required. Auxiliary table location.
dataset_id
Type: STRING
Provider name: datasetId
Description: Dataset ID of the table.
project_id
Type: STRING
Provider name: projectId
Description: The Google Cloud project ID of the project containing the table. If omitted, project ID is inferred from the API call.
table_id
Type: STRING
Provider name: tableId
Description: Name of the table.
quasi_ids
Type: UNORDERED_LIST_STRUCT
Provider name: quasiIds
Description: Required. Fields considered to be quasi-identifiers. No two columns can have the same tag.
custom_tag
Type: STRING
Provider name: customTag
Description: A column can be tagged with a custom tag. In this case, the user must indicate an auxiliary table that contains statistical information on the possible values of this column.
field
Type: STRUCT
Provider name: field
Description: Required. Identifies the column.
name
Type: STRING
Provider name: name
Description: Name describing the field.
inferred
Type: STRUCT
Provider name: inferred
Description: If no semantic tag is indicated, we infer the statistical model from the distribution of values in the input data
info_type
Type: STRUCT
Provider name: infoType
Description: A column can be tagged with a InfoType to use the relevant public dataset as a statistical model of population, if available. We currently support US ZIP codes, region codes, ages and genders. To programmatically obtain the list of supported InfoTypes, use ListInfoTypes with the supported_by=RISK_ANALYSIS filter.
name
Type: STRING
Provider name: name
Description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern [A-Za-z0-9$_-]{1,64}.
sensitivity_score
Type: STRUCT
Provider name: sensitivityScore
Description: Optional custom sensitivity for this InfoType. This only applies to data profiling.
score
Type: STRING
Provider name: score
Description: The sensitivity score applied to the resource.
Possible values:
SENSITIVITY_SCORE_UNSPECIFIED - Unused.
SENSITIVITY_LOW - No sensitive information detected. The resource isn’t publicly accessible.
SENSITIVITY_UNKNOWN - Unable to determine sensitivity.
SENSITIVITY_MODERATE - Medium risk. Contains personally identifiable information (PII), potentially sensitive data, or fields with free-text data that are at a higher risk of having intermittent sensitive data. Consider limiting access.
SENSITIVITY_HIGH - High risk. Sensitive personally identifiable information (SPII) can be present. Exfiltration of data can lead to user data loss. Re-identification of users might be possible. Consider limiting usage and or removing SPII.
version
Type: STRING
Provider name: version
Description: Optional version name for this InfoType.
region_code
Type: STRING
Provider name: regionCode
Description: ISO 3166-1 alpha-2 region code to use in the statistical modeling. Set if no column is tagged with a region-specific InfoType (like US_ZIP_5) or a region code.
l_diversity_config
Type: STRUCT
Provider name: lDiversityConfig
Description: l-diversity
quasi_ids
Type: UNORDERED_LIST_STRUCT
Provider name: quasiIds
Description: Set of quasi-identifiers indicating how equivalence classes are defined for the l-diversity computation. When multiple fields are specified, they are considered a single composite key.
name
Type: STRING
Provider name: name
Description: Name describing the field.
sensitive_attribute
Type: STRUCT
Provider name: sensitiveAttribute
Description: Sensitive field for computing the l-value.
name
Type: STRING
Provider name: name
Description: Name describing the field.
numerical_stats_config
Type: STRUCT
Provider name: numericalStatsConfig
Description: Numerical stats
field
Type: STRUCT
Provider name: field
Description: Field to compute numerical stats on. Supported types are integer, float, date, datetime, timestamp, time.
name
Type: STRING
Provider name: name
Description: Name describing the field.
requested_source_table
Type: STRUCT
Provider name: requestedSourceTable
Description: Input dataset to compute metrics over.
dataset_id
Type: STRING
Provider name: datasetId
Description: Dataset ID of the table.
project_id
Type: STRING
Provider name: projectId
Description: The Google Cloud project ID of the project containing the table. If omitted, project ID is inferred from the API call.
table_id
Type: STRING
Provider name: tableId
Description: Name of the table.
start_time
Type: TIMESTAMP
Provider name: startTime
Description: Time when the job started.
state
Type: STRING
Provider name: state
Description: State of a job.
Possible values:
JOB_STATE_UNSPECIFIED - Unused.
PENDING - The job has not yet started.
RUNNING - The job is currently running. Once a job has finished it will transition to FAILED or DONE.
DONE - The job is no longer running.
CANCELED - The job was canceled before it could be completed.
FAILED - The job had an error and did not complete.
ACTIVE - The job is currently accepting findings via hybridInspect. A hybrid job in ACTIVE state may continue to have findings added to it through the calling of hybridInspect. After the job has finished no more calls to hybridInspect may be made. ACTIVE jobs can transition to DONE.
Type: UNORDERED_LIST_STRING
type
Type: STRING
Provider name: type
Description: The type of job.
Possible values:
DLP_JOB_TYPE_UNSPECIFIED - Defaults to INSPECT_JOB.
INSPECT_JOB - The job inspected Google Cloud for sensitive data.
RISK_ANALYSIS_JOB - The job executed a Risk Analysis computation.
