forked from GoogleCloudPlatform/nodejs-docs-samples
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
DLP: Added sample for de-identify and re-identify with deteministic e…
…ncryption (GoogleCloudPlatform#3310) Added unit test cases for same
- Loading branch information
1 parent
cfc5c03
commit 1740047
Showing
4 changed files
with
482 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,128 @@ | ||
| // Copyright 2023 Google LLC | ||
| // | ||
| // Licensed under the Apache License, Version 2.0 (the "License"); | ||
| // you may not use this file except in compliance with the License. | ||
| // You may obtain a copy of the License at | ||
| // | ||
| // http://www.apache.org/licenses/LICENSE-2.0 | ||
| // | ||
| // Unless required by applicable law or agreed to in writing, software | ||
| // distributed under the License is distributed on an "AS IS" BASIS, | ||
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| // See the License for the specific language governing permissions and | ||
| // limitations under the License. | ||
|
|
||
| 'use strict'; | ||
|
|
||
| // sample-metadata: | ||
| // title: De-identify content through deterministic encryption | ||
| // description: De-identify sensitive data in a string using deterministic encryption, which is a reversible cryptographic method. | ||
| // usage: node deidentifyWithDeterministic.js my-project string infoTypes keyName wrappedKey surrogateType | ||
| async function main( | ||
| projectId, | ||
| string, | ||
| infoTypes, | ||
| keyName, | ||
| wrappedKey, | ||
| surrogateType | ||
| ) { | ||
| infoTypes = transformCLI(infoTypes); | ||
| // [START dlp_deidentify_deterministic] | ||
| // Imports the Google Cloud Data Loss Prevention library | ||
| const DLP = require('@google-cloud/dlp'); | ||
|
|
||
| // Instantiates a client | ||
| const dlp = new DLP.DlpServiceClient(); | ||
|
|
||
| // The project ID to run the API call under | ||
| // const projectId = 'my-project'; | ||
|
|
||
| // The string to deidentify | ||
| // const string = 'My name is Alicia Abernathy, and my email address is aabernathy@example.com.'; | ||
|
|
||
| // The infoTypes of information to match | ||
| // const infoTypes = [{ name: 'EMAIL_ADDRESS' }]; | ||
|
|
||
| // The name of the Cloud KMS key used to encrypt ('wrap') the AES-256 key | ||
| // const keyName = 'projects/YOUR_GCLOUD_PROJECT/locations/YOUR_LOCATION/keyRings/YOUR_KEYRING_NAME/cryptoKeys/YOUR_KEY_NAME'; | ||
|
|
||
| // The encrypted ('wrapped') AES-256 key to use | ||
| // This key should be encrypted using the Cloud KMS key specified above | ||
| // const wrappedKey = 'YOUR_ENCRYPTED_AES_256_KEY' | ||
|
|
||
| // The name of the surrogate custom info type to use | ||
| // Only necessary if you want to reverse the deidentification process | ||
| // Can be essentially any arbitrary string, as long as it doesn't appear | ||
| // in your dataset otherwise. | ||
| // const surrogateType = 'EMAIL_ADDRESS_TOKEN'; | ||
|
|
||
| async function deidentifyDeterministic() { | ||
| // Specify an encrypted AES-256 key and the name of the Cloud KMS key that encrypted it | ||
| const cryptoDeterministicEncryption = { | ||
| cryptoKey: { | ||
| kmsWrapped: { | ||
| wrappedKey: wrappedKey, | ||
| cryptoKeyName: keyName, | ||
| }, | ||
| }, | ||
| surrogateInfoType: {name: surrogateType}, | ||
| }; | ||
|
|
||
| // Construct inspect configuration to match information | ||
| const inspectConfig = { | ||
| infoTypes, | ||
| }; | ||
|
|
||
| // Associate the encryption with the infotype transformation. | ||
| const infoTypeTransformations = { | ||
| transformations: [ | ||
| { | ||
| infoTypes, | ||
| primitiveTransformation: { | ||
| cryptoDeterministicConfig: cryptoDeterministicEncryption, | ||
| }, | ||
| }, | ||
| ], | ||
| }; | ||
|
|
||
| // Construct item to inspect | ||
| const item = {value: string}; | ||
|
|
||
| // Combine configurations into a request for the service. | ||
| const request = { | ||
| parent: `projects/${projectId}/locations/global`, | ||
| deidentifyConfig: { | ||
| infoTypeTransformations: infoTypeTransformations, | ||
| }, | ||
| inspectConfig, | ||
| item: item, | ||
| }; | ||
|
|
||
| // Run de-identification request | ||
| const [response] = await dlp.deidentifyContent(request); | ||
| const deidentifiedItem = response.item; | ||
|
|
||
| // Print results | ||
| console.log(deidentifiedItem.value); | ||
| } | ||
| await deidentifyDeterministic(); | ||
| // [END dlp_deidentify_deterministic] | ||
| } | ||
|
|
||
| process.on('unhandledRejection', err => { | ||
| console.error(err.message); | ||
| process.exitCode = 1; | ||
| }); | ||
|
|
||
| // TODO(developer): Please uncomment below line before running sample | ||
| // main(...process.argv.slice(2)); | ||
|
|
||
| function transformCLI(infoTypes) { | ||
| return infoTypes | ||
| ? infoTypes.split(',').map(type => { | ||
| return {name: type}; | ||
| }) | ||
| : undefined; | ||
| } | ||
|
|
||
| module.exports = main; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,114 @@ | ||
| // Copyright 2023 Google LLC | ||
| // | ||
| // Licensed under the Apache License, Version 2.0 (the "License"); | ||
| // you may not use this file except in compliance with the License. | ||
| // You may obtain a copy of the License at | ||
| // | ||
| // http://www.apache.org/licenses/LICENSE-2.0 | ||
| // | ||
| // Unless required by applicable law or agreed to in writing, software | ||
| // distributed under the License is distributed on an "AS IS" BASIS, | ||
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| // See the License for the specific language governing permissions and | ||
| // limitations under the License. | ||
|
|
||
| 'use strict'; | ||
|
|
||
| // sample-metadata: | ||
| // title: Re-identify content through deterministic encryption | ||
| // description: Re-identify sensitive data in a string using deterministic encryption, which is a reversible cryptographic method. | ||
| // usage: node reidentifyWithFpe.js my-project string keyName wrappedKey surrogateType | ||
| async function main(projectId, string, keyName, wrappedKey, surrogateType) { | ||
| // [START dlp_reidentify_deterministic] | ||
| // Imports the Google Cloud Data Loss Prevention library | ||
| const DLP = require('@google-cloud/dlp'); | ||
|
|
||
| // Instantiates a client | ||
| const dlp = new DLP.DlpServiceClient(); | ||
|
|
||
| // The project ID to run the API call under | ||
| // const projectId = 'my-project'; | ||
|
|
||
| // The string to deidentify | ||
| // const string = 'My name is Alicia Abernathy, and my email address is EMAIL_ADDRESS_TOKEN(52):XXXXXX'; | ||
|
|
||
| // The name of the Cloud KMS key used to encrypt ('wrap') the AES-256 key | ||
| // const keyName = 'projects/YOUR_GCLOUD_PROJECT/locations/YOUR_LOCATION/keyRings/YOUR_KEYRING_NAME/cryptoKeys/YOUR_KEY_NAME'; | ||
|
|
||
| // The encrypted ('wrapped') AES-256 key to use | ||
| // This key should be encrypted using the Cloud KMS key specified above | ||
| // const wrappedKey = 'YOUR_ENCRYPTED_AES_256_KEY' | ||
|
|
||
| // The name of the surrogate custom info type to use | ||
| // Only necessary if you want to reverse the de-identification process | ||
| // Can be essentially any arbitrary string, as long as it doesn't appear | ||
| // in your dataset otherwise. | ||
| // const surrogateType = 'EMAIL_ADDRESS_TOKEN'; | ||
|
|
||
| async function reidentifyDeterministic() { | ||
| // Specify an encrypted AES-256 key and the name of the Cloud KMS key that encrypted it | ||
| const cryptoDeterministicEncryption = { | ||
| cryptoKey: { | ||
| kmsWrapped: { | ||
| wrappedKey: wrappedKey, | ||
| cryptoKeyName: keyName, | ||
| }, | ||
| }, | ||
| surrogateInfoType: {name: surrogateType}, | ||
| }; | ||
|
|
||
| // Construct custom infotype to match information | ||
| const customInfoTypes = [ | ||
| { | ||
| infoType: { | ||
| name: surrogateType, | ||
| }, | ||
| surrogateType: {}, | ||
| }, | ||
| ]; | ||
|
|
||
| // Associate the encryption with the infotype transformation. | ||
| const infoTypeTransformations = { | ||
| transformations: [ | ||
| { | ||
| infoTypes: [{name: surrogateType}], | ||
| primitiveTransformation: { | ||
| cryptoDeterministicConfig: cryptoDeterministicEncryption, | ||
| }, | ||
| }, | ||
| ], | ||
| }; | ||
|
|
||
| // Construct item to inspect | ||
| const item = {value: string}; | ||
|
|
||
| // Combine configurations into a request for the service. | ||
| const request = { | ||
| parent: `projects/${projectId}/locations/global`, | ||
| reidentifyConfig: { | ||
| infoTypeTransformations: infoTypeTransformations, | ||
| }, | ||
| inspectConfig: {customInfoTypes}, | ||
| item, | ||
| }; | ||
|
|
||
| // Run re-identification request | ||
| const [response] = await dlp.reidentifyContent(request); | ||
| const deidentifiedItem = response.item; | ||
|
|
||
| // Print results | ||
| console.log(deidentifiedItem.value); | ||
| } | ||
| await reidentifyDeterministic(); | ||
| // [END dlp_reidentify_deterministic] | ||
| } | ||
|
|
||
| process.on('unhandledRejection', err => { | ||
| console.error(err.message); | ||
| process.exitCode = 1; | ||
| }); | ||
|
|
||
| // TODO(developer): Please uncomment below line before running sample | ||
| // main(...process.argv.slice(2)); | ||
|
|
||
| module.exports = main; |
Oops, something went wrong.