1<html><body> 2<style> 3 4body, h1, h2, h3, div, span, p, pre, a { 5 margin: 0; 6 padding: 0; 7 border: 0; 8 font-weight: inherit; 9 font-style: inherit; 10 font-size: 100%; 11 font-family: inherit; 12 vertical-align: baseline; 13} 14 15body { 16 font-size: 13px; 17 padding: 1em; 18} 19 20h1 { 21 font-size: 26px; 22 margin-bottom: 1em; 23} 24 25h2 { 26 font-size: 24px; 27 margin-bottom: 1em; 28} 29 30h3 { 31 font-size: 20px; 32 margin-bottom: 1em; 33 margin-top: 1em; 34} 35 36pre, code { 37 line-height: 1.5; 38 font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace; 39} 40 41pre { 42 margin-top: 0.5em; 43} 44 45h1, h2, h3, p { 46 font-family: Arial, sans serif; 47} 48 49h1, h2, h3 { 50 border-bottom: solid #CCC 1px; 51} 52 53.toc_element { 54 margin-top: 0.5em; 55} 56 57.firstline { 58 margin-left: 2 em; 59} 60 61.method { 62 margin-top: 1em; 63 border: solid 1px #CCC; 64 padding: 1em; 65 background: #EEE; 66} 67 68.details { 69 font-weight: bold; 70 font-size: 14px; 71} 72 73</style> 74 75<h1><a href="dlp_v2.html">Cloud Data Loss Prevention (DLP) API</a> . <a href="dlp_v2.projects.html">projects</a> . <a href="dlp_v2.projects.deidentifyTemplates.html">deidentifyTemplates</a></h1> 76<h2>Instance Methods</h2> 77<p class="toc_element"> 78 <code><a href="#create">create(parent, body, x__xgafv=None)</a></code></p> 79<p class="firstline">Creates a DeidentifyTemplate for re-using frequently used configuration</p> 80<p class="toc_element"> 81 <code><a href="#delete">delete(name, x__xgafv=None)</a></code></p> 82<p class="firstline">Deletes a DeidentifyTemplate.</p> 83<p class="toc_element"> 84 <code><a href="#get">get(name, x__xgafv=None)</a></code></p> 85<p class="firstline">Gets a DeidentifyTemplate.</p> 86<p class="toc_element"> 87 <code><a href="#list">list(parent, orderBy=None, pageToken=None, x__xgafv=None, pageSize=None)</a></code></p> 88<p class="firstline">Lists DeidentifyTemplates.</p> 89<p class="toc_element"> 90 <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p> 91<p class="firstline">Retrieves the next page of results.</p> 92<p class="toc_element"> 93 <code><a href="#patch">patch(name, body, x__xgafv=None)</a></code></p> 94<p class="firstline">Updates the DeidentifyTemplate.</p> 95<h3>Method Details</h3> 96<div class="method"> 97 <code class="details" id="create">create(parent, body, x__xgafv=None)</code> 98 <pre>Creates a DeidentifyTemplate for re-using frequently used configuration 99for de-identifying content, images, and storage. 100See https://cloud.google.com/dlp/docs/creating-templates-deid to learn 101more. 102 103Args: 104 parent: string, The parent resource name, for example projects/my-project-id or 105organizations/my-org-id. (required) 106 body: object, The request body. (required) 107 The object takes the form of: 108 109{ # Request message for CreateDeidentifyTemplate. 110 "deidentifyTemplate": { # The DeidentifyTemplates contains instructions on how to deidentify content. # The DeidentifyTemplate to create. 111 # See https://cloud.google.com/dlp/docs/concepts-templates to learn more. 112 "updateTime": "A String", # The last update timestamp of a inspectTemplate, output only field. 113 "displayName": "A String", # Display name (max 256 chars). 114 "description": "A String", # Short description (max 256 chars). 115 "deidentifyConfig": { # The configuration that controls how the data will change. # ///////////// // The core content of the template // /////////////// 116 "infoTypeTransformations": { # A type of transformation that will scan unstructured text and # Treat the dataset as free-form text and apply the same free text 117 # transformation everywhere. 118 # apply various `PrimitiveTransformation`s to each finding, where the 119 # transformation is applied to only values that were identified as a specific 120 # info_type. 121 "transformations": [ # Transformation for each infoType. Cannot specify more than one 122 # for a given infoType. [required] 123 { # A transformation to apply to text that is identified as a specific 124 # info_type. 125 "primitiveTransformation": { # A rule for transforming a value. # Primitive transformation to apply to the infoType. [required] 126 "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a 127 # fixed character. Masking can start from the beginning or end of the string. 128 # This can be used on data of any type (numbers, longs, and so on) and when 129 # de-identifying structured data we'll attempt to preserve the original data's 130 # type. (This allows you to take a long like 123 and modify it to a string like 131 # **3. 132 "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing. 133 # For example, if your string is 555-555-5555 and you ask us to skip `-` and 134 # mask 5 chars with * we would produce ***-*55-5555. 135 { # Characters to skip when doing deidentification of a value. These will be left 136 # alone and skipped. 137 "commonCharactersToIgnore": "A String", 138 "charactersToSkip": "A String", 139 }, 140 ], 141 "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be 142 # masked. Skipped characters do not count towards this tally. 143 "maskingCharacter": "A String", # Character to mask the sensitive values—for example, "*" for an 144 # alphabetic string such as name, or "0" for a numeric string such as ZIP 145 # code or credit card number. String must have length 1. If not supplied, we 146 # will default to "*" for strings, 0 for digits. 147 "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is 148 # '0', number_to_mask is 14, and `reverse_order` is false, then 149 # 1234-5678-9012-3456 -> 00000000000000-3456 150 # If `masking_character` is '*', `number_to_mask` is 3, and `reverse_order` 151 # is true, then 12345 -> 12*** 152 }, 153 "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` 154 # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the 155 # output would be 'My phone number is '. 156 }, 157 "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given 158 # input. Outputs a base64 encoded representation of the encrypted output. 159 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. 160 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function. 161 # a key encryption key (KEK) stored by KMS). 162 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 163 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 164 # unwrap the data crypto key. 165 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 166 # The wrapped key must be a 128/192/256 bit key. 167 # Authorization requires the following IAM permissions when sending a request 168 # to perform a crypto transformation using a kms-wrapped crypto key: 169 # dlp.kms.encrypt 170 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 171 "wrappedKey": "A String", # The wrapped data crypto key. [required] 172 }, 173 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 174 # leaking the key. Choose another type of key if possible. 175 "key": "A String", # A 128/192/256 bit key. [required] 176 }, 177 "transient": { # Use this to have a random data crypto key generated. 178 # It will be discarded after the request finishes. 179 "name": "A String", # Name of the key. [required] 180 # This is an arbitrary string used to differentiate different keys. 181 # A unique key is generated per name: two separate `TransientCryptoKey` 182 # protos share the same generated key if their names are the same. 183 # When the data crypto key is generated, this name is not used in any way 184 # (repeating the api call will result in a different key being generated). 185 }, 186 }, 187 "context": { # General identifier of a data field in a storage service. # Optional. A context may be used for higher security and maintaining 188 # referential integrity such that the same identifier in two different 189 # contexts will be given a distinct surrogate. The context is appended to 190 # plaintext value being encrypted. On decryption the provided context is 191 # validated against the value used during encryption. If a context was 192 # provided during encryption, same context must be provided during decryption 193 # as well. 194 # 195 # If the context is not set, plaintext would be used as is for encryption. 196 # If the context is set but: 197 # 198 # 1. there is no record present when transforming a given value or 199 # 2. the field is not present when transforming a given value, 200 # 201 # plaintext would be used as is for encryption. 202 # 203 # Note that case (1) is expected when an `InfoTypeTransformation` is 204 # applied to both structured and non-structured `ContentItem`s. 205 "name": "A String", # Name describing the field. 206 }, 207 "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. 208 # This annotation will be applied to the surrogate by prefixing it with 209 # the name of the custom info type followed by the number of 210 # characters comprising the surrogate. The following scheme defines the 211 # format: <info type name>(<surrogate character count>):<surrogate> 212 # 213 # For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and 214 # the surrogate is 'abc', the full replacement value 215 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 216 # 217 # This annotation identifies the surrogate when inspecting content using the 218 # custom info type 'Surrogate'. This facilitates reversal of the 219 # surrogate when it occurs in free text. 220 # 221 # In order for inspection to work properly, the name of this info type must 222 # not occur naturally anywhere in your data; otherwise, inspection may either 223 # 224 # - reverse a surrogate that does not correspond to an actual identifier 225 # - be unable to parse the surrogate and result in an error 226 # 227 # Therefore, choose your custom info type name carefully after considering 228 # what your data looks like. One way to select a name that has a high chance 229 # of yielding reliable detection is to include one or more unicode characters 230 # that are highly improbable to exist in your data. 231 # For example, assuming your data is entered from a regular ASCII keyboard, 232 # the symbol with the hex code point 29DD might be used like so: 233 # ⧝MY_TOKEN_TYPE 234 "name": "A String", # Name of the information type. Either a name of your choosing when 235 # creating a CustomInfoType, or one of the names listed 236 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 237 # a built-in type. InfoType names should conform to the pattern 238 # [a-zA-Z0-9_]{1,64}. 239 }, 240 }, 241 "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The 242 # Bucketing transformation can provide all of this functionality, 243 # but requires more configuration. This message is provided as a convenience to 244 # the user for simple bucketing strategies. 245 # 246 # The transformed value will be a hyphenated string of 247 # <lower_bound>-<upper_bound>, i.e if lower_bound = 10 and upper_bound = 20 248 # all values that are within this bucket will be replaced with "10-20". 249 # 250 # This can be used on data of type: double, long. 251 # 252 # If the bound Value type differs from the type of data 253 # being transformed, we will first attempt converting the type of the data to 254 # be transformed to match the type of the bound before comparing. 255 # 256 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 257 "lowerBound": { # Set of primitive values supported by the system. # Lower bound value of buckets. All values less than `lower_bound` are 258 # grouped together into a single bucket; for example if `lower_bound` = 10, 259 # then all values less than 10 are replaced with the value “-10”. [Required]. 260 # Note that for the purposes of inspection or transformation, the number 261 # of bytes considered to comprise a 'Value' is based on its representation 262 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 263 # 123456789, the number of bytes would be counted as 9, even though an 264 # int64 only holds up to 8 bytes of data. 265 "floatValue": 3.14, 266 "timestampValue": "A String", 267 "dayOfWeekValue": "A String", 268 "timeValue": { # Represents a time of day. The date and time zone are either not significant 269 # or are specified elsewhere. An API may choose to allow leap seconds. Related 270 # types are google.type.Date and `google.protobuf.Timestamp`. 271 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 272 # to allow the value "24:00:00" for scenarios like business closing time. 273 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 274 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 275 # allow the value 60 if it allows leap-seconds. 276 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 277 }, 278 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 279 # and time zone are either specified elsewhere or are not significant. The date 280 # is relative to the Proleptic Gregorian Calendar. This can represent: 281 # 282 # * A full date, with non-zero year, month and day values 283 # * A month and day value, with a zero year, e.g. an anniversary 284 # * A year on its own, with zero month and day values 285 # * A year and month value, with a zero day, e.g. a credit card expiration date 286 # 287 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 288 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 289 # a year. 290 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 291 # if specifying a year by itself or a year and month where the day is not 292 # significant. 293 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 294 # month and day. 295 }, 296 "stringValue": "A String", 297 "booleanValue": True or False, 298 "integerValue": "A String", 299 }, 300 "upperBound": { # Set of primitive values supported by the system. # Upper bound value of buckets. All values greater than upper_bound are 301 # grouped together into a single bucket; for example if `upper_bound` = 89, 302 # then all values greater than 89 are replaced with the value “89+”. 303 # [Required]. 304 # Note that for the purposes of inspection or transformation, the number 305 # of bytes considered to comprise a 'Value' is based on its representation 306 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 307 # 123456789, the number of bytes would be counted as 9, even though an 308 # int64 only holds up to 8 bytes of data. 309 "floatValue": 3.14, 310 "timestampValue": "A String", 311 "dayOfWeekValue": "A String", 312 "timeValue": { # Represents a time of day. The date and time zone are either not significant 313 # or are specified elsewhere. An API may choose to allow leap seconds. Related 314 # types are google.type.Date and `google.protobuf.Timestamp`. 315 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 316 # to allow the value "24:00:00" for scenarios like business closing time. 317 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 318 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 319 # allow the value 60 if it allows leap-seconds. 320 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 321 }, 322 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 323 # and time zone are either specified elsewhere or are not significant. The date 324 # is relative to the Proleptic Gregorian Calendar. This can represent: 325 # 326 # * A full date, with non-zero year, month and day values 327 # * A month and day value, with a zero year, e.g. an anniversary 328 # * A year on its own, with zero month and day values 329 # * A year and month value, with a zero day, e.g. a credit card expiration date 330 # 331 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 332 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 333 # a year. 334 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 335 # if specifying a year by itself or a year and month where the day is not 336 # significant. 337 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 338 # month and day. 339 }, 340 "stringValue": "A String", 341 "booleanValue": True or False, 342 "integerValue": "A String", 343 }, 344 "bucketSize": 3.14, # Size of each bucket (except for minimum and maximum buckets). So if 345 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the 346 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 347 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. [Required]. 348 }, 349 "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. 350 }, 351 "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a 352 # portion of the value. 353 "partToExtract": "A String", 354 }, 355 "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. 356 # Uses SHA-256. 357 # The key size must be either 32 or 64 bytes. 358 # Outputs a base64 encoded representation of the hashed output 359 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). 360 # Currently, only string and integer values can be hashed. 361 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more. 362 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function. 363 # a key encryption key (KEK) stored by KMS). 364 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 365 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 366 # unwrap the data crypto key. 367 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 368 # The wrapped key must be a 128/192/256 bit key. 369 # Authorization requires the following IAM permissions when sending a request 370 # to perform a crypto transformation using a kms-wrapped crypto key: 371 # dlp.kms.encrypt 372 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 373 "wrappedKey": "A String", # The wrapped data crypto key. [required] 374 }, 375 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 376 # leaking the key. Choose another type of key if possible. 377 "key": "A String", # A 128/192/256 bit key. [required] 378 }, 379 "transient": { # Use this to have a random data crypto key generated. 380 # It will be discarded after the request finishes. 381 "name": "A String", # Name of the key. [required] 382 # This is an arbitrary string used to differentiate different keys. 383 # A unique key is generated per name: two separate `TransientCryptoKey` 384 # protos share the same generated key if their names are the same. 385 # When the data crypto key is generated, this name is not used in any way 386 # (repeating the api call will result in a different key being generated). 387 }, 388 }, 389 }, 390 "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the 391 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting 392 # to learn more. 393 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This 394 # results in the same shift for the same context and crypto_key. 395 # a key encryption key (KEK) stored by KMS). 396 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 397 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 398 # unwrap the data crypto key. 399 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 400 # The wrapped key must be a 128/192/256 bit key. 401 # Authorization requires the following IAM permissions when sending a request 402 # to perform a crypto transformation using a kms-wrapped crypto key: 403 # dlp.kms.encrypt 404 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 405 "wrappedKey": "A String", # The wrapped data crypto key. [required] 406 }, 407 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 408 # leaking the key. Choose another type of key if possible. 409 "key": "A String", # A 128/192/256 bit key. [required] 410 }, 411 "transient": { # Use this to have a random data crypto key generated. 412 # It will be discarded after the request finishes. 413 "name": "A String", # Name of the key. [required] 414 # This is an arbitrary string used to differentiate different keys. 415 # A unique key is generated per name: two separate `TransientCryptoKey` 416 # protos share the same generated key if their names are the same. 417 # When the data crypto key is generated, this name is not used in any way 418 # (repeating the api call will result in a different key being generated). 419 }, 420 }, 421 "lowerBoundDays": 42, # For example, -5 means shift date to at most 5 days back in the past. 422 # [Required] 423 "upperBoundDays": 42, # Range of shift in days. Actual shift will be selected at random within this 424 # range (inclusive ends). Negative means shift to earlier in time. Must not 425 # be more than 365250 days (1000 years) each direction. 426 # 427 # For example, 3 means shift date to at most 3 days into the future. 428 # [Required] 429 "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. 430 # If set, must also set method. If set, shift will be consistent for the 431 # given context. 432 "name": "A String", # Name describing the field. 433 }, 434 }, 435 "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and 436 # replacement values are dynamically provided by the user for custom behavior, 437 # such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH 438 # This can be used on 439 # data of type: number, long, string, timestamp. 440 # If the bound `Value` type differs from the type of data being transformed, we 441 # will first attempt converting the type of the data to be transformed to match 442 # the type of the bound before comparing. 443 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 444 "buckets": [ # Set of buckets. Ranges must be non-overlapping. 445 { # Bucket is represented as a range, along with replacement values. 446 "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min. 447 # Note that for the purposes of inspection or transformation, the number 448 # of bytes considered to comprise a 'Value' is based on its representation 449 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 450 # 123456789, the number of bytes would be counted as 9, even though an 451 # int64 only holds up to 8 bytes of data. 452 "floatValue": 3.14, 453 "timestampValue": "A String", 454 "dayOfWeekValue": "A String", 455 "timeValue": { # Represents a time of day. The date and time zone are either not significant 456 # or are specified elsewhere. An API may choose to allow leap seconds. Related 457 # types are google.type.Date and `google.protobuf.Timestamp`. 458 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 459 # to allow the value "24:00:00" for scenarios like business closing time. 460 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 461 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 462 # allow the value 60 if it allows leap-seconds. 463 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 464 }, 465 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 466 # and time zone are either specified elsewhere or are not significant. The date 467 # is relative to the Proleptic Gregorian Calendar. This can represent: 468 # 469 # * A full date, with non-zero year, month and day values 470 # * A month and day value, with a zero year, e.g. an anniversary 471 # * A year on its own, with zero month and day values 472 # * A year and month value, with a zero day, e.g. a credit card expiration date 473 # 474 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 475 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 476 # a year. 477 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 478 # if specifying a year by itself or a year and month where the day is not 479 # significant. 480 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 481 # month and day. 482 }, 483 "stringValue": "A String", 484 "booleanValue": True or False, 485 "integerValue": "A String", 486 }, 487 "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided 488 # the default behavior will be to hyphenate the min-max range. 489 # Note that for the purposes of inspection or transformation, the number 490 # of bytes considered to comprise a 'Value' is based on its representation 491 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 492 # 123456789, the number of bytes would be counted as 9, even though an 493 # int64 only holds up to 8 bytes of data. 494 "floatValue": 3.14, 495 "timestampValue": "A String", 496 "dayOfWeekValue": "A String", 497 "timeValue": { # Represents a time of day. The date and time zone are either not significant 498 # or are specified elsewhere. An API may choose to allow leap seconds. Related 499 # types are google.type.Date and `google.protobuf.Timestamp`. 500 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 501 # to allow the value "24:00:00" for scenarios like business closing time. 502 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 503 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 504 # allow the value 60 if it allows leap-seconds. 505 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 506 }, 507 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 508 # and time zone are either specified elsewhere or are not significant. The date 509 # is relative to the Proleptic Gregorian Calendar. This can represent: 510 # 511 # * A full date, with non-zero year, month and day values 512 # * A month and day value, with a zero year, e.g. an anniversary 513 # * A year on its own, with zero month and day values 514 # * A year and month value, with a zero day, e.g. a credit card expiration date 515 # 516 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 517 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 518 # a year. 519 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 520 # if specifying a year by itself or a year and month where the day is not 521 # significant. 522 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 523 # month and day. 524 }, 525 "stringValue": "A String", 526 "booleanValue": True or False, 527 "integerValue": "A String", 528 }, 529 "min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if 530 # used. 531 # Note that for the purposes of inspection or transformation, the number 532 # of bytes considered to comprise a 'Value' is based on its representation 533 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 534 # 123456789, the number of bytes would be counted as 9, even though an 535 # int64 only holds up to 8 bytes of data. 536 "floatValue": 3.14, 537 "timestampValue": "A String", 538 "dayOfWeekValue": "A String", 539 "timeValue": { # Represents a time of day. The date and time zone are either not significant 540 # or are specified elsewhere. An API may choose to allow leap seconds. Related 541 # types are google.type.Date and `google.protobuf.Timestamp`. 542 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 543 # to allow the value "24:00:00" for scenarios like business closing time. 544 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 545 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 546 # allow the value 60 if it allows leap-seconds. 547 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 548 }, 549 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 550 # and time zone are either specified elsewhere or are not significant. The date 551 # is relative to the Proleptic Gregorian Calendar. This can represent: 552 # 553 # * A full date, with non-zero year, month and day values 554 # * A month and day value, with a zero year, e.g. an anniversary 555 # * A year on its own, with zero month and day values 556 # * A year and month value, with a zero day, e.g. a credit card expiration date 557 # 558 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 559 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 560 # a year. 561 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 562 # if specifying a year by itself or a year and month where the day is not 563 # significant. 564 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 565 # month and day. 566 }, 567 "stringValue": "A String", 568 "booleanValue": True or False, 569 "integerValue": "A String", 570 }, 571 }, 572 ], 573 }, 574 "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption 575 # (FPE) with the FFX mode of operation; however when used in the 576 # `ReidentifyContent` API method, it serves the opposite function by reversing 577 # the surrogate back into the original identifier. The identifier must be 578 # encoded as ASCII. For a given crypto key and context, the same identifier 579 # will be replaced with the same surrogate. Identifiers must be at least two 580 # characters long. In the case that the identifier is the empty string, it will 581 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn 582 # more. 583 # 584 # Note: We recommend using CryptoDeterministicConfig for all use cases which 585 # do not require preserving the input alphabet space and size, plus warrant 586 # referential integrity. 587 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption algorithm. [required] 588 # a key encryption key (KEK) stored by KMS). 589 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 590 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 591 # unwrap the data crypto key. 592 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 593 # The wrapped key must be a 128/192/256 bit key. 594 # Authorization requires the following IAM permissions when sending a request 595 # to perform a crypto transformation using a kms-wrapped crypto key: 596 # dlp.kms.encrypt 597 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 598 "wrappedKey": "A String", # The wrapped data crypto key. [required] 599 }, 600 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 601 # leaking the key. Choose another type of key if possible. 602 "key": "A String", # A 128/192/256 bit key. [required] 603 }, 604 "transient": { # Use this to have a random data crypto key generated. 605 # It will be discarded after the request finishes. 606 "name": "A String", # Name of the key. [required] 607 # This is an arbitrary string used to differentiate different keys. 608 # A unique key is generated per name: two separate `TransientCryptoKey` 609 # protos share the same generated key if their names are the same. 610 # When the data crypto key is generated, this name is not used in any way 611 # (repeating the api call will result in a different key being generated). 612 }, 613 }, 614 "radix": 42, # The native way to select the alphabet. Must be in the range [2, 62]. 615 "commonAlphabet": "A String", 616 "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters 617 # that the FFX mode natively supports. This happens before/after 618 # encryption/decryption. 619 # Each character listed must appear only once. 620 # Number of characters must be in the range [2, 62]. 621 # This must be encoded as ASCII. 622 # The order of characters does not matter. 623 "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same 624 # identifier in two different contexts won't be given the same surrogate. If 625 # the context is not set, a default tweak will be used. 626 # 627 # If the context is set but: 628 # 629 # 1. there is no record present when transforming a given value or 630 # 1. the field is not present when transforming a given value, 631 # 632 # a default tweak will be used. 633 # 634 # Note that case (1) is expected when an `InfoTypeTransformation` is 635 # applied to both structured and non-structured `ContentItem`s. 636 # Currently, the referenced field may be of value type integer or string. 637 # 638 # The tweak is constructed as a sequence of bytes in big endian byte order 639 # such that: 640 # 641 # - a 64 bit integer is encoded followed by a single byte of value 1 642 # - a string is encoded in UTF-8 format followed by a single byte of value 2 643 "name": "A String", # Name describing the field. 644 }, 645 "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. 646 # This annotation will be applied to the surrogate by prefixing it with 647 # the name of the custom infoType followed by the number of 648 # characters comprising the surrogate. The following scheme defines the 649 # format: info_type_name(surrogate_character_count):surrogate 650 # 651 # For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and 652 # the surrogate is 'abc', the full replacement value 653 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 654 # 655 # This annotation identifies the surrogate when inspecting content using the 656 # custom infoType 657 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). 658 # This facilitates reversal of the surrogate when it occurs in free text. 659 # 660 # In order for inspection to work properly, the name of this infoType must 661 # not occur naturally anywhere in your data; otherwise, inspection may 662 # find a surrogate that does not correspond to an actual identifier. 663 # Therefore, choose your custom infoType name carefully after considering 664 # what your data looks like. One way to select a name that has a high chance 665 # of yielding reliable detection is to include one or more unicode characters 666 # that are highly improbable to exist in your data. 667 # For example, assuming your data is entered from a regular ASCII keyboard, 668 # the symbol with the hex code point 29DD might be used like so: 669 # ⧝MY_TOKEN_TYPE 670 "name": "A String", # Name of the information type. Either a name of your choosing when 671 # creating a CustomInfoType, or one of the names listed 672 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 673 # a built-in type. InfoType names should conform to the pattern 674 # [a-zA-Z0-9_]{1,64}. 675 }, 676 }, 677 "replaceConfig": { # Replace each input value with a given `Value`. 678 "newValue": { # Set of primitive values supported by the system. # Value to replace it with. 679 # Note that for the purposes of inspection or transformation, the number 680 # of bytes considered to comprise a 'Value' is based on its representation 681 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 682 # 123456789, the number of bytes would be counted as 9, even though an 683 # int64 only holds up to 8 bytes of data. 684 "floatValue": 3.14, 685 "timestampValue": "A String", 686 "dayOfWeekValue": "A String", 687 "timeValue": { # Represents a time of day. The date and time zone are either not significant 688 # or are specified elsewhere. An API may choose to allow leap seconds. Related 689 # types are google.type.Date and `google.protobuf.Timestamp`. 690 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 691 # to allow the value "24:00:00" for scenarios like business closing time. 692 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 693 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 694 # allow the value 60 if it allows leap-seconds. 695 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 696 }, 697 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 698 # and time zone are either specified elsewhere or are not significant. The date 699 # is relative to the Proleptic Gregorian Calendar. This can represent: 700 # 701 # * A full date, with non-zero year, month and day values 702 # * A month and day value, with a zero year, e.g. an anniversary 703 # * A year on its own, with zero month and day values 704 # * A year and month value, with a zero day, e.g. a credit card expiration date 705 # 706 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 707 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 708 # a year. 709 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 710 # if specifying a year by itself or a year and month where the day is not 711 # significant. 712 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 713 # month and day. 714 }, 715 "stringValue": "A String", 716 "booleanValue": True or False, 717 "integerValue": "A String", 718 }, 719 }, 720 }, 721 "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause 722 # this transformation to apply to all findings that correspond to 723 # infoTypes that were requested in `InspectConfig`. 724 { # Type of information detected by the API. 725 "name": "A String", # Name of the information type. Either a name of your choosing when 726 # creating a CustomInfoType, or one of the names listed 727 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 728 # a built-in type. InfoType names should conform to the pattern 729 # [a-zA-Z0-9_]{1,64}. 730 }, 731 ], 732 }, 733 ], 734 }, 735 "recordTransformations": { # A type of transformation that is applied over structured data such as a # Treat the dataset as structured. Transformations can be applied to 736 # specific locations within structured datasets, such as transforming 737 # a column within a table. 738 # table. 739 "recordSuppressions": [ # Configuration defining which records get suppressed entirely. Records that 740 # match any suppression rule are omitted from the output [optional]. 741 { # Configuration to suppress records whose suppression conditions evaluate to 742 # true. 743 "condition": { # A condition for determining whether a transformation should be applied to # A condition that when it evaluates to true will result in the record being 744 # evaluated to be suppressed from the transformed content. 745 # a field. 746 "expressions": { # An expression, consisting or an operator and conditions. # An expression. 747 "conditions": { # A collection of conditions. 748 "conditions": [ 749 { # The field type of `value` and `field` do not need to match to be 750 # considered equal, but not all comparisons are possible. 751 # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, 752 # but all other comparisons are invalid with incompatible types. 753 # A `value` of type: 754 # 755 # - `string` can be compared against all other types 756 # - `boolean` can only be compared against other booleans 757 # - `integer` can be compared against doubles or a string if the string value 758 # can be parsed as an integer. 759 # - `double` can be compared against integers or a string if the string can 760 # be parsed as a double. 761 # - `Timestamp` can be compared against strings in RFC 3339 date string 762 # format. 763 # - `TimeOfDay` can be compared against timestamps and strings in the format 764 # of 'HH:mm:ss'. 765 # 766 # If we fail to compare do to type mismatch, a warning will be given and 767 # the condition will evaluate to false. 768 "operator": "A String", # Operator used to compare the field or infoType to the value. [required] 769 "field": { # General identifier of a data field in a storage service. # Field within the record this condition is evaluated against. [required] 770 "name": "A String", # Name describing the field. 771 }, 772 "value": { # Set of primitive values supported by the system. # Value to compare against. [Required, except for `EXISTS` tests.] 773 # Note that for the purposes of inspection or transformation, the number 774 # of bytes considered to comprise a 'Value' is based on its representation 775 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 776 # 123456789, the number of bytes would be counted as 9, even though an 777 # int64 only holds up to 8 bytes of data. 778 "floatValue": 3.14, 779 "timestampValue": "A String", 780 "dayOfWeekValue": "A String", 781 "timeValue": { # Represents a time of day. The date and time zone are either not significant 782 # or are specified elsewhere. An API may choose to allow leap seconds. Related 783 # types are google.type.Date and `google.protobuf.Timestamp`. 784 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 785 # to allow the value "24:00:00" for scenarios like business closing time. 786 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 787 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 788 # allow the value 60 if it allows leap-seconds. 789 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 790 }, 791 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 792 # and time zone are either specified elsewhere or are not significant. The date 793 # is relative to the Proleptic Gregorian Calendar. This can represent: 794 # 795 # * A full date, with non-zero year, month and day values 796 # * A month and day value, with a zero year, e.g. an anniversary 797 # * A year on its own, with zero month and day values 798 # * A year and month value, with a zero day, e.g. a credit card expiration date 799 # 800 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 801 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 802 # a year. 803 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 804 # if specifying a year by itself or a year and month where the day is not 805 # significant. 806 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 807 # month and day. 808 }, 809 "stringValue": "A String", 810 "booleanValue": True or False, 811 "integerValue": "A String", 812 }, 813 }, 814 ], 815 }, 816 "logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently 817 # only supported value is `AND`. 818 }, 819 }, 820 }, 821 ], 822 "fieldTransformations": [ # Transform the record by applying various field transformations. 823 { # The transformation to apply to the field. 824 "infoTypeTransformations": { # A type of transformation that will scan unstructured text and # Treat the contents of the field as free text, and selectively 825 # transform content that matches an `InfoType`. 826 # apply various `PrimitiveTransformation`s to each finding, where the 827 # transformation is applied to only values that were identified as a specific 828 # info_type. 829 "transformations": [ # Transformation for each infoType. Cannot specify more than one 830 # for a given infoType. [required] 831 { # A transformation to apply to text that is identified as a specific 832 # info_type. 833 "primitiveTransformation": { # A rule for transforming a value. # Primitive transformation to apply to the infoType. [required] 834 "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a 835 # fixed character. Masking can start from the beginning or end of the string. 836 # This can be used on data of any type (numbers, longs, and so on) and when 837 # de-identifying structured data we'll attempt to preserve the original data's 838 # type. (This allows you to take a long like 123 and modify it to a string like 839 # **3. 840 "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing. 841 # For example, if your string is 555-555-5555 and you ask us to skip `-` and 842 # mask 5 chars with * we would produce ***-*55-5555. 843 { # Characters to skip when doing deidentification of a value. These will be left 844 # alone and skipped. 845 "commonCharactersToIgnore": "A String", 846 "charactersToSkip": "A String", 847 }, 848 ], 849 "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be 850 # masked. Skipped characters do not count towards this tally. 851 "maskingCharacter": "A String", # Character to mask the sensitive values—for example, "*" for an 852 # alphabetic string such as name, or "0" for a numeric string such as ZIP 853 # code or credit card number. String must have length 1. If not supplied, we 854 # will default to "*" for strings, 0 for digits. 855 "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is 856 # '0', number_to_mask is 14, and `reverse_order` is false, then 857 # 1234-5678-9012-3456 -> 00000000000000-3456 858 # If `masking_character` is '*', `number_to_mask` is 3, and `reverse_order` 859 # is true, then 12345 -> 12*** 860 }, 861 "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` 862 # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the 863 # output would be 'My phone number is '. 864 }, 865 "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given 866 # input. Outputs a base64 encoded representation of the encrypted output. 867 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. 868 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function. 869 # a key encryption key (KEK) stored by KMS). 870 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 871 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 872 # unwrap the data crypto key. 873 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 874 # The wrapped key must be a 128/192/256 bit key. 875 # Authorization requires the following IAM permissions when sending a request 876 # to perform a crypto transformation using a kms-wrapped crypto key: 877 # dlp.kms.encrypt 878 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 879 "wrappedKey": "A String", # The wrapped data crypto key. [required] 880 }, 881 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 882 # leaking the key. Choose another type of key if possible. 883 "key": "A String", # A 128/192/256 bit key. [required] 884 }, 885 "transient": { # Use this to have a random data crypto key generated. 886 # It will be discarded after the request finishes. 887 "name": "A String", # Name of the key. [required] 888 # This is an arbitrary string used to differentiate different keys. 889 # A unique key is generated per name: two separate `TransientCryptoKey` 890 # protos share the same generated key if their names are the same. 891 # When the data crypto key is generated, this name is not used in any way 892 # (repeating the api call will result in a different key being generated). 893 }, 894 }, 895 "context": { # General identifier of a data field in a storage service. # Optional. A context may be used for higher security and maintaining 896 # referential integrity such that the same identifier in two different 897 # contexts will be given a distinct surrogate. The context is appended to 898 # plaintext value being encrypted. On decryption the provided context is 899 # validated against the value used during encryption. If a context was 900 # provided during encryption, same context must be provided during decryption 901 # as well. 902 # 903 # If the context is not set, plaintext would be used as is for encryption. 904 # If the context is set but: 905 # 906 # 1. there is no record present when transforming a given value or 907 # 2. the field is not present when transforming a given value, 908 # 909 # plaintext would be used as is for encryption. 910 # 911 # Note that case (1) is expected when an `InfoTypeTransformation` is 912 # applied to both structured and non-structured `ContentItem`s. 913 "name": "A String", # Name describing the field. 914 }, 915 "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. 916 # This annotation will be applied to the surrogate by prefixing it with 917 # the name of the custom info type followed by the number of 918 # characters comprising the surrogate. The following scheme defines the 919 # format: <info type name>(<surrogate character count>):<surrogate> 920 # 921 # For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and 922 # the surrogate is 'abc', the full replacement value 923 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 924 # 925 # This annotation identifies the surrogate when inspecting content using the 926 # custom info type 'Surrogate'. This facilitates reversal of the 927 # surrogate when it occurs in free text. 928 # 929 # In order for inspection to work properly, the name of this info type must 930 # not occur naturally anywhere in your data; otherwise, inspection may either 931 # 932 # - reverse a surrogate that does not correspond to an actual identifier 933 # - be unable to parse the surrogate and result in an error 934 # 935 # Therefore, choose your custom info type name carefully after considering 936 # what your data looks like. One way to select a name that has a high chance 937 # of yielding reliable detection is to include one or more unicode characters 938 # that are highly improbable to exist in your data. 939 # For example, assuming your data is entered from a regular ASCII keyboard, 940 # the symbol with the hex code point 29DD might be used like so: 941 # ⧝MY_TOKEN_TYPE 942 "name": "A String", # Name of the information type. Either a name of your choosing when 943 # creating a CustomInfoType, or one of the names listed 944 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 945 # a built-in type. InfoType names should conform to the pattern 946 # [a-zA-Z0-9_]{1,64}. 947 }, 948 }, 949 "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The 950 # Bucketing transformation can provide all of this functionality, 951 # but requires more configuration. This message is provided as a convenience to 952 # the user for simple bucketing strategies. 953 # 954 # The transformed value will be a hyphenated string of 955 # <lower_bound>-<upper_bound>, i.e if lower_bound = 10 and upper_bound = 20 956 # all values that are within this bucket will be replaced with "10-20". 957 # 958 # This can be used on data of type: double, long. 959 # 960 # If the bound Value type differs from the type of data 961 # being transformed, we will first attempt converting the type of the data to 962 # be transformed to match the type of the bound before comparing. 963 # 964 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 965 "lowerBound": { # Set of primitive values supported by the system. # Lower bound value of buckets. All values less than `lower_bound` are 966 # grouped together into a single bucket; for example if `lower_bound` = 10, 967 # then all values less than 10 are replaced with the value “-10”. [Required]. 968 # Note that for the purposes of inspection or transformation, the number 969 # of bytes considered to comprise a 'Value' is based on its representation 970 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 971 # 123456789, the number of bytes would be counted as 9, even though an 972 # int64 only holds up to 8 bytes of data. 973 "floatValue": 3.14, 974 "timestampValue": "A String", 975 "dayOfWeekValue": "A String", 976 "timeValue": { # Represents a time of day. The date and time zone are either not significant 977 # or are specified elsewhere. An API may choose to allow leap seconds. Related 978 # types are google.type.Date and `google.protobuf.Timestamp`. 979 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 980 # to allow the value "24:00:00" for scenarios like business closing time. 981 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 982 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 983 # allow the value 60 if it allows leap-seconds. 984 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 985 }, 986 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 987 # and time zone are either specified elsewhere or are not significant. The date 988 # is relative to the Proleptic Gregorian Calendar. This can represent: 989 # 990 # * A full date, with non-zero year, month and day values 991 # * A month and day value, with a zero year, e.g. an anniversary 992 # * A year on its own, with zero month and day values 993 # * A year and month value, with a zero day, e.g. a credit card expiration date 994 # 995 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 996 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 997 # a year. 998 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 999 # if specifying a year by itself or a year and month where the day is not 1000 # significant. 1001 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 1002 # month and day. 1003 }, 1004 "stringValue": "A String", 1005 "booleanValue": True or False, 1006 "integerValue": "A String", 1007 }, 1008 "upperBound": { # Set of primitive values supported by the system. # Upper bound value of buckets. All values greater than upper_bound are 1009 # grouped together into a single bucket; for example if `upper_bound` = 89, 1010 # then all values greater than 89 are replaced with the value “89+”. 1011 # [Required]. 1012 # Note that for the purposes of inspection or transformation, the number 1013 # of bytes considered to comprise a 'Value' is based on its representation 1014 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 1015 # 123456789, the number of bytes would be counted as 9, even though an 1016 # int64 only holds up to 8 bytes of data. 1017 "floatValue": 3.14, 1018 "timestampValue": "A String", 1019 "dayOfWeekValue": "A String", 1020 "timeValue": { # Represents a time of day. The date and time zone are either not significant 1021 # or are specified elsewhere. An API may choose to allow leap seconds. Related 1022 # types are google.type.Date and `google.protobuf.Timestamp`. 1023 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 1024 # to allow the value "24:00:00" for scenarios like business closing time. 1025 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 1026 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 1027 # allow the value 60 if it allows leap-seconds. 1028 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 1029 }, 1030 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 1031 # and time zone are either specified elsewhere or are not significant. The date 1032 # is relative to the Proleptic Gregorian Calendar. This can represent: 1033 # 1034 # * A full date, with non-zero year, month and day values 1035 # * A month and day value, with a zero year, e.g. an anniversary 1036 # * A year on its own, with zero month and day values 1037 # * A year and month value, with a zero day, e.g. a credit card expiration date 1038 # 1039 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 1040 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 1041 # a year. 1042 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 1043 # if specifying a year by itself or a year and month where the day is not 1044 # significant. 1045 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 1046 # month and day. 1047 }, 1048 "stringValue": "A String", 1049 "booleanValue": True or False, 1050 "integerValue": "A String", 1051 }, 1052 "bucketSize": 3.14, # Size of each bucket (except for minimum and maximum buckets). So if 1053 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the 1054 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 1055 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. [Required]. 1056 }, 1057 "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. 1058 }, 1059 "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a 1060 # portion of the value. 1061 "partToExtract": "A String", 1062 }, 1063 "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. 1064 # Uses SHA-256. 1065 # The key size must be either 32 or 64 bytes. 1066 # Outputs a base64 encoded representation of the hashed output 1067 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). 1068 # Currently, only string and integer values can be hashed. 1069 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more. 1070 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function. 1071 # a key encryption key (KEK) stored by KMS). 1072 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 1073 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 1074 # unwrap the data crypto key. 1075 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 1076 # The wrapped key must be a 128/192/256 bit key. 1077 # Authorization requires the following IAM permissions when sending a request 1078 # to perform a crypto transformation using a kms-wrapped crypto key: 1079 # dlp.kms.encrypt 1080 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 1081 "wrappedKey": "A String", # The wrapped data crypto key. [required] 1082 }, 1083 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 1084 # leaking the key. Choose another type of key if possible. 1085 "key": "A String", # A 128/192/256 bit key. [required] 1086 }, 1087 "transient": { # Use this to have a random data crypto key generated. 1088 # It will be discarded after the request finishes. 1089 "name": "A String", # Name of the key. [required] 1090 # This is an arbitrary string used to differentiate different keys. 1091 # A unique key is generated per name: two separate `TransientCryptoKey` 1092 # protos share the same generated key if their names are the same. 1093 # When the data crypto key is generated, this name is not used in any way 1094 # (repeating the api call will result in a different key being generated). 1095 }, 1096 }, 1097 }, 1098 "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the 1099 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting 1100 # to learn more. 1101 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This 1102 # results in the same shift for the same context and crypto_key. 1103 # a key encryption key (KEK) stored by KMS). 1104 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 1105 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 1106 # unwrap the data crypto key. 1107 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 1108 # The wrapped key must be a 128/192/256 bit key. 1109 # Authorization requires the following IAM permissions when sending a request 1110 # to perform a crypto transformation using a kms-wrapped crypto key: 1111 # dlp.kms.encrypt 1112 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 1113 "wrappedKey": "A String", # The wrapped data crypto key. [required] 1114 }, 1115 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 1116 # leaking the key. Choose another type of key if possible. 1117 "key": "A String", # A 128/192/256 bit key. [required] 1118 }, 1119 "transient": { # Use this to have a random data crypto key generated. 1120 # It will be discarded after the request finishes. 1121 "name": "A String", # Name of the key. [required] 1122 # This is an arbitrary string used to differentiate different keys. 1123 # A unique key is generated per name: two separate `TransientCryptoKey` 1124 # protos share the same generated key if their names are the same. 1125 # When the data crypto key is generated, this name is not used in any way 1126 # (repeating the api call will result in a different key being generated). 1127 }, 1128 }, 1129 "lowerBoundDays": 42, # For example, -5 means shift date to at most 5 days back in the past. 1130 # [Required] 1131 "upperBoundDays": 42, # Range of shift in days. Actual shift will be selected at random within this 1132 # range (inclusive ends). Negative means shift to earlier in time. Must not 1133 # be more than 365250 days (1000 years) each direction. 1134 # 1135 # For example, 3 means shift date to at most 3 days into the future. 1136 # [Required] 1137 "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. 1138 # If set, must also set method. If set, shift will be consistent for the 1139 # given context. 1140 "name": "A String", # Name describing the field. 1141 }, 1142 }, 1143 "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and 1144 # replacement values are dynamically provided by the user for custom behavior, 1145 # such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH 1146 # This can be used on 1147 # data of type: number, long, string, timestamp. 1148 # If the bound `Value` type differs from the type of data being transformed, we 1149 # will first attempt converting the type of the data to be transformed to match 1150 # the type of the bound before comparing. 1151 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 1152 "buckets": [ # Set of buckets. Ranges must be non-overlapping. 1153 { # Bucket is represented as a range, along with replacement values. 1154 "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min. 1155 # Note that for the purposes of inspection or transformation, the number 1156 # of bytes considered to comprise a 'Value' is based on its representation 1157 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 1158 # 123456789, the number of bytes would be counted as 9, even though an 1159 # int64 only holds up to 8 bytes of data. 1160 "floatValue": 3.14, 1161 "timestampValue": "A String", 1162 "dayOfWeekValue": "A String", 1163 "timeValue": { # Represents a time of day. The date and time zone are either not significant 1164 # or are specified elsewhere. An API may choose to allow leap seconds. Related 1165 # types are google.type.Date and `google.protobuf.Timestamp`. 1166 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 1167 # to allow the value "24:00:00" for scenarios like business closing time. 1168 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 1169 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 1170 # allow the value 60 if it allows leap-seconds. 1171 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 1172 }, 1173 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 1174 # and time zone are either specified elsewhere or are not significant. The date 1175 # is relative to the Proleptic Gregorian Calendar. This can represent: 1176 # 1177 # * A full date, with non-zero year, month and day values 1178 # * A month and day value, with a zero year, e.g. an anniversary 1179 # * A year on its own, with zero month and day values 1180 # * A year and month value, with a zero day, e.g. a credit card expiration date 1181 # 1182 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 1183 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 1184 # a year. 1185 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 1186 # if specifying a year by itself or a year and month where the day is not 1187 # significant. 1188 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 1189 # month and day. 1190 }, 1191 "stringValue": "A String", 1192 "booleanValue": True or False, 1193 "integerValue": "A String", 1194 }, 1195 "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided 1196 # the default behavior will be to hyphenate the min-max range. 1197 # Note that for the purposes of inspection or transformation, the number 1198 # of bytes considered to comprise a 'Value' is based on its representation 1199 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 1200 # 123456789, the number of bytes would be counted as 9, even though an 1201 # int64 only holds up to 8 bytes of data. 1202 "floatValue": 3.14, 1203 "timestampValue": "A String", 1204 "dayOfWeekValue": "A String", 1205 "timeValue": { # Represents a time of day. The date and time zone are either not significant 1206 # or are specified elsewhere. An API may choose to allow leap seconds. Related 1207 # types are google.type.Date and `google.protobuf.Timestamp`. 1208 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 1209 # to allow the value "24:00:00" for scenarios like business closing time. 1210 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 1211 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 1212 # allow the value 60 if it allows leap-seconds. 1213 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 1214 }, 1215 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 1216 # and time zone are either specified elsewhere or are not significant. The date 1217 # is relative to the Proleptic Gregorian Calendar. This can represent: 1218 # 1219 # * A full date, with non-zero year, month and day values 1220 # * A month and day value, with a zero year, e.g. an anniversary 1221 # * A year on its own, with zero month and day values 1222 # * A year and month value, with a zero day, e.g. a credit card expiration date 1223 # 1224 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 1225 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 1226 # a year. 1227 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 1228 # if specifying a year by itself or a year and month where the day is not 1229 # significant. 1230 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 1231 # month and day. 1232 }, 1233 "stringValue": "A String", 1234 "booleanValue": True or False, 1235 "integerValue": "A String", 1236 }, 1237 "min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if 1238 # used. 1239 # Note that for the purposes of inspection or transformation, the number 1240 # of bytes considered to comprise a 'Value' is based on its representation 1241 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 1242 # 123456789, the number of bytes would be counted as 9, even though an 1243 # int64 only holds up to 8 bytes of data. 1244 "floatValue": 3.14, 1245 "timestampValue": "A String", 1246 "dayOfWeekValue": "A String", 1247 "timeValue": { # Represents a time of day. The date and time zone are either not significant 1248 # or are specified elsewhere. An API may choose to allow leap seconds. Related 1249 # types are google.type.Date and `google.protobuf.Timestamp`. 1250 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 1251 # to allow the value "24:00:00" for scenarios like business closing time. 1252 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 1253 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 1254 # allow the value 60 if it allows leap-seconds. 1255 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 1256 }, 1257 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 1258 # and time zone are either specified elsewhere or are not significant. The date 1259 # is relative to the Proleptic Gregorian Calendar. This can represent: 1260 # 1261 # * A full date, with non-zero year, month and day values 1262 # * A month and day value, with a zero year, e.g. an anniversary 1263 # * A year on its own, with zero month and day values 1264 # * A year and month value, with a zero day, e.g. a credit card expiration date 1265 # 1266 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 1267 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 1268 # a year. 1269 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 1270 # if specifying a year by itself or a year and month where the day is not 1271 # significant. 1272 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 1273 # month and day. 1274 }, 1275 "stringValue": "A String", 1276 "booleanValue": True or False, 1277 "integerValue": "A String", 1278 }, 1279 }, 1280 ], 1281 }, 1282 "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption 1283 # (FPE) with the FFX mode of operation; however when used in the 1284 # `ReidentifyContent` API method, it serves the opposite function by reversing 1285 # the surrogate back into the original identifier. The identifier must be 1286 # encoded as ASCII. For a given crypto key and context, the same identifier 1287 # will be replaced with the same surrogate. Identifiers must be at least two 1288 # characters long. In the case that the identifier is the empty string, it will 1289 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn 1290 # more. 1291 # 1292 # Note: We recommend using CryptoDeterministicConfig for all use cases which 1293 # do not require preserving the input alphabet space and size, plus warrant 1294 # referential integrity. 1295 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption algorithm. [required] 1296 # a key encryption key (KEK) stored by KMS). 1297 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 1298 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 1299 # unwrap the data crypto key. 1300 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 1301 # The wrapped key must be a 128/192/256 bit key. 1302 # Authorization requires the following IAM permissions when sending a request 1303 # to perform a crypto transformation using a kms-wrapped crypto key: 1304 # dlp.kms.encrypt 1305 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 1306 "wrappedKey": "A String", # The wrapped data crypto key. [required] 1307 }, 1308 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 1309 # leaking the key. Choose another type of key if possible. 1310 "key": "A String", # A 128/192/256 bit key. [required] 1311 }, 1312 "transient": { # Use this to have a random data crypto key generated. 1313 # It will be discarded after the request finishes. 1314 "name": "A String", # Name of the key. [required] 1315 # This is an arbitrary string used to differentiate different keys. 1316 # A unique key is generated per name: two separate `TransientCryptoKey` 1317 # protos share the same generated key if their names are the same. 1318 # When the data crypto key is generated, this name is not used in any way 1319 # (repeating the api call will result in a different key being generated). 1320 }, 1321 }, 1322 "radix": 42, # The native way to select the alphabet. Must be in the range [2, 62]. 1323 "commonAlphabet": "A String", 1324 "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters 1325 # that the FFX mode natively supports. This happens before/after 1326 # encryption/decryption. 1327 # Each character listed must appear only once. 1328 # Number of characters must be in the range [2, 62]. 1329 # This must be encoded as ASCII. 1330 # The order of characters does not matter. 1331 "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same 1332 # identifier in two different contexts won't be given the same surrogate. If 1333 # the context is not set, a default tweak will be used. 1334 # 1335 # If the context is set but: 1336 # 1337 # 1. there is no record present when transforming a given value or 1338 # 1. the field is not present when transforming a given value, 1339 # 1340 # a default tweak will be used. 1341 # 1342 # Note that case (1) is expected when an `InfoTypeTransformation` is 1343 # applied to both structured and non-structured `ContentItem`s. 1344 # Currently, the referenced field may be of value type integer or string. 1345 # 1346 # The tweak is constructed as a sequence of bytes in big endian byte order 1347 # such that: 1348 # 1349 # - a 64 bit integer is encoded followed by a single byte of value 1 1350 # - a string is encoded in UTF-8 format followed by a single byte of value 2 1351 "name": "A String", # Name describing the field. 1352 }, 1353 "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. 1354 # This annotation will be applied to the surrogate by prefixing it with 1355 # the name of the custom infoType followed by the number of 1356 # characters comprising the surrogate. The following scheme defines the 1357 # format: info_type_name(surrogate_character_count):surrogate 1358 # 1359 # For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and 1360 # the surrogate is 'abc', the full replacement value 1361 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 1362 # 1363 # This annotation identifies the surrogate when inspecting content using the 1364 # custom infoType 1365 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). 1366 # This facilitates reversal of the surrogate when it occurs in free text. 1367 # 1368 # In order for inspection to work properly, the name of this infoType must 1369 # not occur naturally anywhere in your data; otherwise, inspection may 1370 # find a surrogate that does not correspond to an actual identifier. 1371 # Therefore, choose your custom infoType name carefully after considering 1372 # what your data looks like. One way to select a name that has a high chance 1373 # of yielding reliable detection is to include one or more unicode characters 1374 # that are highly improbable to exist in your data. 1375 # For example, assuming your data is entered from a regular ASCII keyboard, 1376 # the symbol with the hex code point 29DD might be used like so: 1377 # ⧝MY_TOKEN_TYPE 1378 "name": "A String", # Name of the information type. Either a name of your choosing when 1379 # creating a CustomInfoType, or one of the names listed 1380 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 1381 # a built-in type. InfoType names should conform to the pattern 1382 # [a-zA-Z0-9_]{1,64}. 1383 }, 1384 }, 1385 "replaceConfig": { # Replace each input value with a given `Value`. 1386 "newValue": { # Set of primitive values supported by the system. # Value to replace it with. 1387 # Note that for the purposes of inspection or transformation, the number 1388 # of bytes considered to comprise a 'Value' is based on its representation 1389 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 1390 # 123456789, the number of bytes would be counted as 9, even though an 1391 # int64 only holds up to 8 bytes of data. 1392 "floatValue": 3.14, 1393 "timestampValue": "A String", 1394 "dayOfWeekValue": "A String", 1395 "timeValue": { # Represents a time of day. The date and time zone are either not significant 1396 # or are specified elsewhere. An API may choose to allow leap seconds. Related 1397 # types are google.type.Date and `google.protobuf.Timestamp`. 1398 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 1399 # to allow the value "24:00:00" for scenarios like business closing time. 1400 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 1401 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 1402 # allow the value 60 if it allows leap-seconds. 1403 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 1404 }, 1405 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 1406 # and time zone are either specified elsewhere or are not significant. The date 1407 # is relative to the Proleptic Gregorian Calendar. This can represent: 1408 # 1409 # * A full date, with non-zero year, month and day values 1410 # * A month and day value, with a zero year, e.g. an anniversary 1411 # * A year on its own, with zero month and day values 1412 # * A year and month value, with a zero day, e.g. a credit card expiration date 1413 # 1414 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 1415 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 1416 # a year. 1417 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 1418 # if specifying a year by itself or a year and month where the day is not 1419 # significant. 1420 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 1421 # month and day. 1422 }, 1423 "stringValue": "A String", 1424 "booleanValue": True or False, 1425 "integerValue": "A String", 1426 }, 1427 }, 1428 }, 1429 "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause 1430 # this transformation to apply to all findings that correspond to 1431 # infoTypes that were requested in `InspectConfig`. 1432 { # Type of information detected by the API. 1433 "name": "A String", # Name of the information type. Either a name of your choosing when 1434 # creating a CustomInfoType, or one of the names listed 1435 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 1436 # a built-in type. InfoType names should conform to the pattern 1437 # [a-zA-Z0-9_]{1,64}. 1438 }, 1439 ], 1440 }, 1441 ], 1442 }, 1443 "primitiveTransformation": { # A rule for transforming a value. # Apply the transformation to the entire field. 1444 "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a 1445 # fixed character. Masking can start from the beginning or end of the string. 1446 # This can be used on data of any type (numbers, longs, and so on) and when 1447 # de-identifying structured data we'll attempt to preserve the original data's 1448 # type. (This allows you to take a long like 123 and modify it to a string like 1449 # **3. 1450 "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing. 1451 # For example, if your string is 555-555-5555 and you ask us to skip `-` and 1452 # mask 5 chars with * we would produce ***-*55-5555. 1453 { # Characters to skip when doing deidentification of a value. These will be left 1454 # alone and skipped. 1455 "commonCharactersToIgnore": "A String", 1456 "charactersToSkip": "A String", 1457 }, 1458 ], 1459 "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be 1460 # masked. Skipped characters do not count towards this tally. 1461 "maskingCharacter": "A String", # Character to mask the sensitive values—for example, "*" for an 1462 # alphabetic string such as name, or "0" for a numeric string such as ZIP 1463 # code or credit card number. String must have length 1. If not supplied, we 1464 # will default to "*" for strings, 0 for digits. 1465 "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is 1466 # '0', number_to_mask is 14, and `reverse_order` is false, then 1467 # 1234-5678-9012-3456 -> 00000000000000-3456 1468 # If `masking_character` is '*', `number_to_mask` is 3, and `reverse_order` 1469 # is true, then 12345 -> 12*** 1470 }, 1471 "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` 1472 # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the 1473 # output would be 'My phone number is '. 1474 }, 1475 "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given 1476 # input. Outputs a base64 encoded representation of the encrypted output. 1477 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. 1478 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function. 1479 # a key encryption key (KEK) stored by KMS). 1480 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 1481 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 1482 # unwrap the data crypto key. 1483 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 1484 # The wrapped key must be a 128/192/256 bit key. 1485 # Authorization requires the following IAM permissions when sending a request 1486 # to perform a crypto transformation using a kms-wrapped crypto key: 1487 # dlp.kms.encrypt 1488 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 1489 "wrappedKey": "A String", # The wrapped data crypto key. [required] 1490 }, 1491 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 1492 # leaking the key. Choose another type of key if possible. 1493 "key": "A String", # A 128/192/256 bit key. [required] 1494 }, 1495 "transient": { # Use this to have a random data crypto key generated. 1496 # It will be discarded after the request finishes. 1497 "name": "A String", # Name of the key. [required] 1498 # This is an arbitrary string used to differentiate different keys. 1499 # A unique key is generated per name: two separate `TransientCryptoKey` 1500 # protos share the same generated key if their names are the same. 1501 # When the data crypto key is generated, this name is not used in any way 1502 # (repeating the api call will result in a different key being generated). 1503 }, 1504 }, 1505 "context": { # General identifier of a data field in a storage service. # Optional. A context may be used for higher security and maintaining 1506 # referential integrity such that the same identifier in two different 1507 # contexts will be given a distinct surrogate. The context is appended to 1508 # plaintext value being encrypted. On decryption the provided context is 1509 # validated against the value used during encryption. If a context was 1510 # provided during encryption, same context must be provided during decryption 1511 # as well. 1512 # 1513 # If the context is not set, plaintext would be used as is for encryption. 1514 # If the context is set but: 1515 # 1516 # 1. there is no record present when transforming a given value or 1517 # 2. the field is not present when transforming a given value, 1518 # 1519 # plaintext would be used as is for encryption. 1520 # 1521 # Note that case (1) is expected when an `InfoTypeTransformation` is 1522 # applied to both structured and non-structured `ContentItem`s. 1523 "name": "A String", # Name describing the field. 1524 }, 1525 "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. 1526 # This annotation will be applied to the surrogate by prefixing it with 1527 # the name of the custom info type followed by the number of 1528 # characters comprising the surrogate. The following scheme defines the 1529 # format: <info type name>(<surrogate character count>):<surrogate> 1530 # 1531 # For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and 1532 # the surrogate is 'abc', the full replacement value 1533 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 1534 # 1535 # This annotation identifies the surrogate when inspecting content using the 1536 # custom info type 'Surrogate'. This facilitates reversal of the 1537 # surrogate when it occurs in free text. 1538 # 1539 # In order for inspection to work properly, the name of this info type must 1540 # not occur naturally anywhere in your data; otherwise, inspection may either 1541 # 1542 # - reverse a surrogate that does not correspond to an actual identifier 1543 # - be unable to parse the surrogate and result in an error 1544 # 1545 # Therefore, choose your custom info type name carefully after considering 1546 # what your data looks like. One way to select a name that has a high chance 1547 # of yielding reliable detection is to include one or more unicode characters 1548 # that are highly improbable to exist in your data. 1549 # For example, assuming your data is entered from a regular ASCII keyboard, 1550 # the symbol with the hex code point 29DD might be used like so: 1551 # ⧝MY_TOKEN_TYPE 1552 "name": "A String", # Name of the information type. Either a name of your choosing when 1553 # creating a CustomInfoType, or one of the names listed 1554 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 1555 # a built-in type. InfoType names should conform to the pattern 1556 # [a-zA-Z0-9_]{1,64}. 1557 }, 1558 }, 1559 "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The 1560 # Bucketing transformation can provide all of this functionality, 1561 # but requires more configuration. This message is provided as a convenience to 1562 # the user for simple bucketing strategies. 1563 # 1564 # The transformed value will be a hyphenated string of 1565 # <lower_bound>-<upper_bound>, i.e if lower_bound = 10 and upper_bound = 20 1566 # all values that are within this bucket will be replaced with "10-20". 1567 # 1568 # This can be used on data of type: double, long. 1569 # 1570 # If the bound Value type differs from the type of data 1571 # being transformed, we will first attempt converting the type of the data to 1572 # be transformed to match the type of the bound before comparing. 1573 # 1574 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 1575 "lowerBound": { # Set of primitive values supported by the system. # Lower bound value of buckets. All values less than `lower_bound` are 1576 # grouped together into a single bucket; for example if `lower_bound` = 10, 1577 # then all values less than 10 are replaced with the value “-10”. [Required]. 1578 # Note that for the purposes of inspection or transformation, the number 1579 # of bytes considered to comprise a 'Value' is based on its representation 1580 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 1581 # 123456789, the number of bytes would be counted as 9, even though an 1582 # int64 only holds up to 8 bytes of data. 1583 "floatValue": 3.14, 1584 "timestampValue": "A String", 1585 "dayOfWeekValue": "A String", 1586 "timeValue": { # Represents a time of day. The date and time zone are either not significant 1587 # or are specified elsewhere. An API may choose to allow leap seconds. Related 1588 # types are google.type.Date and `google.protobuf.Timestamp`. 1589 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 1590 # to allow the value "24:00:00" for scenarios like business closing time. 1591 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 1592 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 1593 # allow the value 60 if it allows leap-seconds. 1594 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 1595 }, 1596 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 1597 # and time zone are either specified elsewhere or are not significant. The date 1598 # is relative to the Proleptic Gregorian Calendar. This can represent: 1599 # 1600 # * A full date, with non-zero year, month and day values 1601 # * A month and day value, with a zero year, e.g. an anniversary 1602 # * A year on its own, with zero month and day values 1603 # * A year and month value, with a zero day, e.g. a credit card expiration date 1604 # 1605 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 1606 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 1607 # a year. 1608 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 1609 # if specifying a year by itself or a year and month where the day is not 1610 # significant. 1611 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 1612 # month and day. 1613 }, 1614 "stringValue": "A String", 1615 "booleanValue": True or False, 1616 "integerValue": "A String", 1617 }, 1618 "upperBound": { # Set of primitive values supported by the system. # Upper bound value of buckets. All values greater than upper_bound are 1619 # grouped together into a single bucket; for example if `upper_bound` = 89, 1620 # then all values greater than 89 are replaced with the value “89+”. 1621 # [Required]. 1622 # Note that for the purposes of inspection or transformation, the number 1623 # of bytes considered to comprise a 'Value' is based on its representation 1624 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 1625 # 123456789, the number of bytes would be counted as 9, even though an 1626 # int64 only holds up to 8 bytes of data. 1627 "floatValue": 3.14, 1628 "timestampValue": "A String", 1629 "dayOfWeekValue": "A String", 1630 "timeValue": { # Represents a time of day. The date and time zone are either not significant 1631 # or are specified elsewhere. An API may choose to allow leap seconds. Related 1632 # types are google.type.Date and `google.protobuf.Timestamp`. 1633 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 1634 # to allow the value "24:00:00" for scenarios like business closing time. 1635 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 1636 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 1637 # allow the value 60 if it allows leap-seconds. 1638 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 1639 }, 1640 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 1641 # and time zone are either specified elsewhere or are not significant. The date 1642 # is relative to the Proleptic Gregorian Calendar. This can represent: 1643 # 1644 # * A full date, with non-zero year, month and day values 1645 # * A month and day value, with a zero year, e.g. an anniversary 1646 # * A year on its own, with zero month and day values 1647 # * A year and month value, with a zero day, e.g. a credit card expiration date 1648 # 1649 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 1650 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 1651 # a year. 1652 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 1653 # if specifying a year by itself or a year and month where the day is not 1654 # significant. 1655 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 1656 # month and day. 1657 }, 1658 "stringValue": "A String", 1659 "booleanValue": True or False, 1660 "integerValue": "A String", 1661 }, 1662 "bucketSize": 3.14, # Size of each bucket (except for minimum and maximum buckets). So if 1663 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the 1664 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 1665 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. [Required]. 1666 }, 1667 "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. 1668 }, 1669 "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a 1670 # portion of the value. 1671 "partToExtract": "A String", 1672 }, 1673 "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. 1674 # Uses SHA-256. 1675 # The key size must be either 32 or 64 bytes. 1676 # Outputs a base64 encoded representation of the hashed output 1677 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). 1678 # Currently, only string and integer values can be hashed. 1679 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more. 1680 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function. 1681 # a key encryption key (KEK) stored by KMS). 1682 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 1683 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 1684 # unwrap the data crypto key. 1685 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 1686 # The wrapped key must be a 128/192/256 bit key. 1687 # Authorization requires the following IAM permissions when sending a request 1688 # to perform a crypto transformation using a kms-wrapped crypto key: 1689 # dlp.kms.encrypt 1690 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 1691 "wrappedKey": "A String", # The wrapped data crypto key. [required] 1692 }, 1693 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 1694 # leaking the key. Choose another type of key if possible. 1695 "key": "A String", # A 128/192/256 bit key. [required] 1696 }, 1697 "transient": { # Use this to have a random data crypto key generated. 1698 # It will be discarded after the request finishes. 1699 "name": "A String", # Name of the key. [required] 1700 # This is an arbitrary string used to differentiate different keys. 1701 # A unique key is generated per name: two separate `TransientCryptoKey` 1702 # protos share the same generated key if their names are the same. 1703 # When the data crypto key is generated, this name is not used in any way 1704 # (repeating the api call will result in a different key being generated). 1705 }, 1706 }, 1707 }, 1708 "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the 1709 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting 1710 # to learn more. 1711 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This 1712 # results in the same shift for the same context and crypto_key. 1713 # a key encryption key (KEK) stored by KMS). 1714 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 1715 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 1716 # unwrap the data crypto key. 1717 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 1718 # The wrapped key must be a 128/192/256 bit key. 1719 # Authorization requires the following IAM permissions when sending a request 1720 # to perform a crypto transformation using a kms-wrapped crypto key: 1721 # dlp.kms.encrypt 1722 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 1723 "wrappedKey": "A String", # The wrapped data crypto key. [required] 1724 }, 1725 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 1726 # leaking the key. Choose another type of key if possible. 1727 "key": "A String", # A 128/192/256 bit key. [required] 1728 }, 1729 "transient": { # Use this to have a random data crypto key generated. 1730 # It will be discarded after the request finishes. 1731 "name": "A String", # Name of the key. [required] 1732 # This is an arbitrary string used to differentiate different keys. 1733 # A unique key is generated per name: two separate `TransientCryptoKey` 1734 # protos share the same generated key if their names are the same. 1735 # When the data crypto key is generated, this name is not used in any way 1736 # (repeating the api call will result in a different key being generated). 1737 }, 1738 }, 1739 "lowerBoundDays": 42, # For example, -5 means shift date to at most 5 days back in the past. 1740 # [Required] 1741 "upperBoundDays": 42, # Range of shift in days. Actual shift will be selected at random within this 1742 # range (inclusive ends). Negative means shift to earlier in time. Must not 1743 # be more than 365250 days (1000 years) each direction. 1744 # 1745 # For example, 3 means shift date to at most 3 days into the future. 1746 # [Required] 1747 "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. 1748 # If set, must also set method. If set, shift will be consistent for the 1749 # given context. 1750 "name": "A String", # Name describing the field. 1751 }, 1752 }, 1753 "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and 1754 # replacement values are dynamically provided by the user for custom behavior, 1755 # such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH 1756 # This can be used on 1757 # data of type: number, long, string, timestamp. 1758 # If the bound `Value` type differs from the type of data being transformed, we 1759 # will first attempt converting the type of the data to be transformed to match 1760 # the type of the bound before comparing. 1761 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 1762 "buckets": [ # Set of buckets. Ranges must be non-overlapping. 1763 { # Bucket is represented as a range, along with replacement values. 1764 "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min. 1765 # Note that for the purposes of inspection or transformation, the number 1766 # of bytes considered to comprise a 'Value' is based on its representation 1767 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 1768 # 123456789, the number of bytes would be counted as 9, even though an 1769 # int64 only holds up to 8 bytes of data. 1770 "floatValue": 3.14, 1771 "timestampValue": "A String", 1772 "dayOfWeekValue": "A String", 1773 "timeValue": { # Represents a time of day. The date and time zone are either not significant 1774 # or are specified elsewhere. An API may choose to allow leap seconds. Related 1775 # types are google.type.Date and `google.protobuf.Timestamp`. 1776 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 1777 # to allow the value "24:00:00" for scenarios like business closing time. 1778 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 1779 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 1780 # allow the value 60 if it allows leap-seconds. 1781 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 1782 }, 1783 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 1784 # and time zone are either specified elsewhere or are not significant. The date 1785 # is relative to the Proleptic Gregorian Calendar. This can represent: 1786 # 1787 # * A full date, with non-zero year, month and day values 1788 # * A month and day value, with a zero year, e.g. an anniversary 1789 # * A year on its own, with zero month and day values 1790 # * A year and month value, with a zero day, e.g. a credit card expiration date 1791 # 1792 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 1793 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 1794 # a year. 1795 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 1796 # if specifying a year by itself or a year and month where the day is not 1797 # significant. 1798 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 1799 # month and day. 1800 }, 1801 "stringValue": "A String", 1802 "booleanValue": True or False, 1803 "integerValue": "A String", 1804 }, 1805 "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided 1806 # the default behavior will be to hyphenate the min-max range. 1807 # Note that for the purposes of inspection or transformation, the number 1808 # of bytes considered to comprise a 'Value' is based on its representation 1809 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 1810 # 123456789, the number of bytes would be counted as 9, even though an 1811 # int64 only holds up to 8 bytes of data. 1812 "floatValue": 3.14, 1813 "timestampValue": "A String", 1814 "dayOfWeekValue": "A String", 1815 "timeValue": { # Represents a time of day. The date and time zone are either not significant 1816 # or are specified elsewhere. An API may choose to allow leap seconds. Related 1817 # types are google.type.Date and `google.protobuf.Timestamp`. 1818 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 1819 # to allow the value "24:00:00" for scenarios like business closing time. 1820 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 1821 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 1822 # allow the value 60 if it allows leap-seconds. 1823 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 1824 }, 1825 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 1826 # and time zone are either specified elsewhere or are not significant. The date 1827 # is relative to the Proleptic Gregorian Calendar. This can represent: 1828 # 1829 # * A full date, with non-zero year, month and day values 1830 # * A month and day value, with a zero year, e.g. an anniversary 1831 # * A year on its own, with zero month and day values 1832 # * A year and month value, with a zero day, e.g. a credit card expiration date 1833 # 1834 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 1835 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 1836 # a year. 1837 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 1838 # if specifying a year by itself or a year and month where the day is not 1839 # significant. 1840 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 1841 # month and day. 1842 }, 1843 "stringValue": "A String", 1844 "booleanValue": True or False, 1845 "integerValue": "A String", 1846 }, 1847 "min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if 1848 # used. 1849 # Note that for the purposes of inspection or transformation, the number 1850 # of bytes considered to comprise a 'Value' is based on its representation 1851 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 1852 # 123456789, the number of bytes would be counted as 9, even though an 1853 # int64 only holds up to 8 bytes of data. 1854 "floatValue": 3.14, 1855 "timestampValue": "A String", 1856 "dayOfWeekValue": "A String", 1857 "timeValue": { # Represents a time of day. The date and time zone are either not significant 1858 # or are specified elsewhere. An API may choose to allow leap seconds. Related 1859 # types are google.type.Date and `google.protobuf.Timestamp`. 1860 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 1861 # to allow the value "24:00:00" for scenarios like business closing time. 1862 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 1863 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 1864 # allow the value 60 if it allows leap-seconds. 1865 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 1866 }, 1867 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 1868 # and time zone are either specified elsewhere or are not significant. The date 1869 # is relative to the Proleptic Gregorian Calendar. This can represent: 1870 # 1871 # * A full date, with non-zero year, month and day values 1872 # * A month and day value, with a zero year, e.g. an anniversary 1873 # * A year on its own, with zero month and day values 1874 # * A year and month value, with a zero day, e.g. a credit card expiration date 1875 # 1876 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 1877 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 1878 # a year. 1879 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 1880 # if specifying a year by itself or a year and month where the day is not 1881 # significant. 1882 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 1883 # month and day. 1884 }, 1885 "stringValue": "A String", 1886 "booleanValue": True or False, 1887 "integerValue": "A String", 1888 }, 1889 }, 1890 ], 1891 }, 1892 "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption 1893 # (FPE) with the FFX mode of operation; however when used in the 1894 # `ReidentifyContent` API method, it serves the opposite function by reversing 1895 # the surrogate back into the original identifier. The identifier must be 1896 # encoded as ASCII. For a given crypto key and context, the same identifier 1897 # will be replaced with the same surrogate. Identifiers must be at least two 1898 # characters long. In the case that the identifier is the empty string, it will 1899 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn 1900 # more. 1901 # 1902 # Note: We recommend using CryptoDeterministicConfig for all use cases which 1903 # do not require preserving the input alphabet space and size, plus warrant 1904 # referential integrity. 1905 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption algorithm. [required] 1906 # a key encryption key (KEK) stored by KMS). 1907 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 1908 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 1909 # unwrap the data crypto key. 1910 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 1911 # The wrapped key must be a 128/192/256 bit key. 1912 # Authorization requires the following IAM permissions when sending a request 1913 # to perform a crypto transformation using a kms-wrapped crypto key: 1914 # dlp.kms.encrypt 1915 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 1916 "wrappedKey": "A String", # The wrapped data crypto key. [required] 1917 }, 1918 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 1919 # leaking the key. Choose another type of key if possible. 1920 "key": "A String", # A 128/192/256 bit key. [required] 1921 }, 1922 "transient": { # Use this to have a random data crypto key generated. 1923 # It will be discarded after the request finishes. 1924 "name": "A String", # Name of the key. [required] 1925 # This is an arbitrary string used to differentiate different keys. 1926 # A unique key is generated per name: two separate `TransientCryptoKey` 1927 # protos share the same generated key if their names are the same. 1928 # When the data crypto key is generated, this name is not used in any way 1929 # (repeating the api call will result in a different key being generated). 1930 }, 1931 }, 1932 "radix": 42, # The native way to select the alphabet. Must be in the range [2, 62]. 1933 "commonAlphabet": "A String", 1934 "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters 1935 # that the FFX mode natively supports. This happens before/after 1936 # encryption/decryption. 1937 # Each character listed must appear only once. 1938 # Number of characters must be in the range [2, 62]. 1939 # This must be encoded as ASCII. 1940 # The order of characters does not matter. 1941 "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same 1942 # identifier in two different contexts won't be given the same surrogate. If 1943 # the context is not set, a default tweak will be used. 1944 # 1945 # If the context is set but: 1946 # 1947 # 1. there is no record present when transforming a given value or 1948 # 1. the field is not present when transforming a given value, 1949 # 1950 # a default tweak will be used. 1951 # 1952 # Note that case (1) is expected when an `InfoTypeTransformation` is 1953 # applied to both structured and non-structured `ContentItem`s. 1954 # Currently, the referenced field may be of value type integer or string. 1955 # 1956 # The tweak is constructed as a sequence of bytes in big endian byte order 1957 # such that: 1958 # 1959 # - a 64 bit integer is encoded followed by a single byte of value 1 1960 # - a string is encoded in UTF-8 format followed by a single byte of value 2 1961 "name": "A String", # Name describing the field. 1962 }, 1963 "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. 1964 # This annotation will be applied to the surrogate by prefixing it with 1965 # the name of the custom infoType followed by the number of 1966 # characters comprising the surrogate. The following scheme defines the 1967 # format: info_type_name(surrogate_character_count):surrogate 1968 # 1969 # For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and 1970 # the surrogate is 'abc', the full replacement value 1971 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 1972 # 1973 # This annotation identifies the surrogate when inspecting content using the 1974 # custom infoType 1975 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). 1976 # This facilitates reversal of the surrogate when it occurs in free text. 1977 # 1978 # In order for inspection to work properly, the name of this infoType must 1979 # not occur naturally anywhere in your data; otherwise, inspection may 1980 # find a surrogate that does not correspond to an actual identifier. 1981 # Therefore, choose your custom infoType name carefully after considering 1982 # what your data looks like. One way to select a name that has a high chance 1983 # of yielding reliable detection is to include one or more unicode characters 1984 # that are highly improbable to exist in your data. 1985 # For example, assuming your data is entered from a regular ASCII keyboard, 1986 # the symbol with the hex code point 29DD might be used like so: 1987 # ⧝MY_TOKEN_TYPE 1988 "name": "A String", # Name of the information type. Either a name of your choosing when 1989 # creating a CustomInfoType, or one of the names listed 1990 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 1991 # a built-in type. InfoType names should conform to the pattern 1992 # [a-zA-Z0-9_]{1,64}. 1993 }, 1994 }, 1995 "replaceConfig": { # Replace each input value with a given `Value`. 1996 "newValue": { # Set of primitive values supported by the system. # Value to replace it with. 1997 # Note that for the purposes of inspection or transformation, the number 1998 # of bytes considered to comprise a 'Value' is based on its representation 1999 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 2000 # 123456789, the number of bytes would be counted as 9, even though an 2001 # int64 only holds up to 8 bytes of data. 2002 "floatValue": 3.14, 2003 "timestampValue": "A String", 2004 "dayOfWeekValue": "A String", 2005 "timeValue": { # Represents a time of day. The date and time zone are either not significant 2006 # or are specified elsewhere. An API may choose to allow leap seconds. Related 2007 # types are google.type.Date and `google.protobuf.Timestamp`. 2008 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 2009 # to allow the value "24:00:00" for scenarios like business closing time. 2010 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 2011 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 2012 # allow the value 60 if it allows leap-seconds. 2013 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 2014 }, 2015 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 2016 # and time zone are either specified elsewhere or are not significant. The date 2017 # is relative to the Proleptic Gregorian Calendar. This can represent: 2018 # 2019 # * A full date, with non-zero year, month and day values 2020 # * A month and day value, with a zero year, e.g. an anniversary 2021 # * A year on its own, with zero month and day values 2022 # * A year and month value, with a zero day, e.g. a credit card expiration date 2023 # 2024 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 2025 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 2026 # a year. 2027 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 2028 # if specifying a year by itself or a year and month where the day is not 2029 # significant. 2030 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 2031 # month and day. 2032 }, 2033 "stringValue": "A String", 2034 "booleanValue": True or False, 2035 "integerValue": "A String", 2036 }, 2037 }, 2038 }, 2039 "condition": { # A condition for determining whether a transformation should be applied to # Only apply the transformation if the condition evaluates to true for the 2040 # given `RecordCondition`. The conditions are allowed to reference fields 2041 # that are not used in the actual transformation. [optional] 2042 # 2043 # Example Use Cases: 2044 # 2045 # - Apply a different bucket transformation to an age column if the zip code 2046 # column for the same record is within a specific range. 2047 # - Redact a field if the date of birth field is greater than 85. 2048 # a field. 2049 "expressions": { # An expression, consisting or an operator and conditions. # An expression. 2050 "conditions": { # A collection of conditions. 2051 "conditions": [ 2052 { # The field type of `value` and `field` do not need to match to be 2053 # considered equal, but not all comparisons are possible. 2054 # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, 2055 # but all other comparisons are invalid with incompatible types. 2056 # A `value` of type: 2057 # 2058 # - `string` can be compared against all other types 2059 # - `boolean` can only be compared against other booleans 2060 # - `integer` can be compared against doubles or a string if the string value 2061 # can be parsed as an integer. 2062 # - `double` can be compared against integers or a string if the string can 2063 # be parsed as a double. 2064 # - `Timestamp` can be compared against strings in RFC 3339 date string 2065 # format. 2066 # - `TimeOfDay` can be compared against timestamps and strings in the format 2067 # of 'HH:mm:ss'. 2068 # 2069 # If we fail to compare do to type mismatch, a warning will be given and 2070 # the condition will evaluate to false. 2071 "operator": "A String", # Operator used to compare the field or infoType to the value. [required] 2072 "field": { # General identifier of a data field in a storage service. # Field within the record this condition is evaluated against. [required] 2073 "name": "A String", # Name describing the field. 2074 }, 2075 "value": { # Set of primitive values supported by the system. # Value to compare against. [Required, except for `EXISTS` tests.] 2076 # Note that for the purposes of inspection or transformation, the number 2077 # of bytes considered to comprise a 'Value' is based on its representation 2078 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 2079 # 123456789, the number of bytes would be counted as 9, even though an 2080 # int64 only holds up to 8 bytes of data. 2081 "floatValue": 3.14, 2082 "timestampValue": "A String", 2083 "dayOfWeekValue": "A String", 2084 "timeValue": { # Represents a time of day. The date and time zone are either not significant 2085 # or are specified elsewhere. An API may choose to allow leap seconds. Related 2086 # types are google.type.Date and `google.protobuf.Timestamp`. 2087 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 2088 # to allow the value "24:00:00" for scenarios like business closing time. 2089 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 2090 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 2091 # allow the value 60 if it allows leap-seconds. 2092 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 2093 }, 2094 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 2095 # and time zone are either specified elsewhere or are not significant. The date 2096 # is relative to the Proleptic Gregorian Calendar. This can represent: 2097 # 2098 # * A full date, with non-zero year, month and day values 2099 # * A month and day value, with a zero year, e.g. an anniversary 2100 # * A year on its own, with zero month and day values 2101 # * A year and month value, with a zero day, e.g. a credit card expiration date 2102 # 2103 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 2104 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 2105 # a year. 2106 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 2107 # if specifying a year by itself or a year and month where the day is not 2108 # significant. 2109 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 2110 # month and day. 2111 }, 2112 "stringValue": "A String", 2113 "booleanValue": True or False, 2114 "integerValue": "A String", 2115 }, 2116 }, 2117 ], 2118 }, 2119 "logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently 2120 # only supported value is `AND`. 2121 }, 2122 }, 2123 "fields": [ # Input field(s) to apply the transformation to. [required] 2124 { # General identifier of a data field in a storage service. 2125 "name": "A String", # Name describing the field. 2126 }, 2127 ], 2128 }, 2129 ], 2130 }, 2131 }, 2132 "createTime": "A String", # The creation timestamp of a inspectTemplate, output only field. 2133 "name": "A String", # The template name. Output only. 2134 # 2135 # The template will have one of the following formats: 2136 # `projects/PROJECT_ID/deidentifyTemplates/TEMPLATE_ID` OR 2137 # `organizations/ORGANIZATION_ID/deidentifyTemplates/TEMPLATE_ID` 2138 }, 2139 "templateId": "A String", # The template id can contain uppercase and lowercase letters, 2140 # numbers, and hyphens; that is, it must match the regular 2141 # expression: `[a-zA-Z\\d-_]+`. The maximum length is 100 2142 # characters. Can be empty to allow the system to generate one. 2143 } 2144 2145 x__xgafv: string, V1 error format. 2146 Allowed values 2147 1 - v1 error format 2148 2 - v2 error format 2149 2150Returns: 2151 An object of the form: 2152 2153 { # The DeidentifyTemplates contains instructions on how to deidentify content. 2154 # See https://cloud.google.com/dlp/docs/concepts-templates to learn more. 2155 "updateTime": "A String", # The last update timestamp of a inspectTemplate, output only field. 2156 "displayName": "A String", # Display name (max 256 chars). 2157 "description": "A String", # Short description (max 256 chars). 2158 "deidentifyConfig": { # The configuration that controls how the data will change. # ///////////// // The core content of the template // /////////////// 2159 "infoTypeTransformations": { # A type of transformation that will scan unstructured text and # Treat the dataset as free-form text and apply the same free text 2160 # transformation everywhere. 2161 # apply various `PrimitiveTransformation`s to each finding, where the 2162 # transformation is applied to only values that were identified as a specific 2163 # info_type. 2164 "transformations": [ # Transformation for each infoType. Cannot specify more than one 2165 # for a given infoType. [required] 2166 { # A transformation to apply to text that is identified as a specific 2167 # info_type. 2168 "primitiveTransformation": { # A rule for transforming a value. # Primitive transformation to apply to the infoType. [required] 2169 "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a 2170 # fixed character. Masking can start from the beginning or end of the string. 2171 # This can be used on data of any type (numbers, longs, and so on) and when 2172 # de-identifying structured data we'll attempt to preserve the original data's 2173 # type. (This allows you to take a long like 123 and modify it to a string like 2174 # **3. 2175 "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing. 2176 # For example, if your string is 555-555-5555 and you ask us to skip `-` and 2177 # mask 5 chars with * we would produce ***-*55-5555. 2178 { # Characters to skip when doing deidentification of a value. These will be left 2179 # alone and skipped. 2180 "commonCharactersToIgnore": "A String", 2181 "charactersToSkip": "A String", 2182 }, 2183 ], 2184 "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be 2185 # masked. Skipped characters do not count towards this tally. 2186 "maskingCharacter": "A String", # Character to mask the sensitive values—for example, "*" for an 2187 # alphabetic string such as name, or "0" for a numeric string such as ZIP 2188 # code or credit card number. String must have length 1. If not supplied, we 2189 # will default to "*" for strings, 0 for digits. 2190 "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is 2191 # '0', number_to_mask is 14, and `reverse_order` is false, then 2192 # 1234-5678-9012-3456 -> 00000000000000-3456 2193 # If `masking_character` is '*', `number_to_mask` is 3, and `reverse_order` 2194 # is true, then 12345 -> 12*** 2195 }, 2196 "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` 2197 # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the 2198 # output would be 'My phone number is '. 2199 }, 2200 "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given 2201 # input. Outputs a base64 encoded representation of the encrypted output. 2202 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. 2203 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function. 2204 # a key encryption key (KEK) stored by KMS). 2205 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 2206 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 2207 # unwrap the data crypto key. 2208 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 2209 # The wrapped key must be a 128/192/256 bit key. 2210 # Authorization requires the following IAM permissions when sending a request 2211 # to perform a crypto transformation using a kms-wrapped crypto key: 2212 # dlp.kms.encrypt 2213 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 2214 "wrappedKey": "A String", # The wrapped data crypto key. [required] 2215 }, 2216 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 2217 # leaking the key. Choose another type of key if possible. 2218 "key": "A String", # A 128/192/256 bit key. [required] 2219 }, 2220 "transient": { # Use this to have a random data crypto key generated. 2221 # It will be discarded after the request finishes. 2222 "name": "A String", # Name of the key. [required] 2223 # This is an arbitrary string used to differentiate different keys. 2224 # A unique key is generated per name: two separate `TransientCryptoKey` 2225 # protos share the same generated key if their names are the same. 2226 # When the data crypto key is generated, this name is not used in any way 2227 # (repeating the api call will result in a different key being generated). 2228 }, 2229 }, 2230 "context": { # General identifier of a data field in a storage service. # Optional. A context may be used for higher security and maintaining 2231 # referential integrity such that the same identifier in two different 2232 # contexts will be given a distinct surrogate. The context is appended to 2233 # plaintext value being encrypted. On decryption the provided context is 2234 # validated against the value used during encryption. If a context was 2235 # provided during encryption, same context must be provided during decryption 2236 # as well. 2237 # 2238 # If the context is not set, plaintext would be used as is for encryption. 2239 # If the context is set but: 2240 # 2241 # 1. there is no record present when transforming a given value or 2242 # 2. the field is not present when transforming a given value, 2243 # 2244 # plaintext would be used as is for encryption. 2245 # 2246 # Note that case (1) is expected when an `InfoTypeTransformation` is 2247 # applied to both structured and non-structured `ContentItem`s. 2248 "name": "A String", # Name describing the field. 2249 }, 2250 "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. 2251 # This annotation will be applied to the surrogate by prefixing it with 2252 # the name of the custom info type followed by the number of 2253 # characters comprising the surrogate. The following scheme defines the 2254 # format: <info type name>(<surrogate character count>):<surrogate> 2255 # 2256 # For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and 2257 # the surrogate is 'abc', the full replacement value 2258 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 2259 # 2260 # This annotation identifies the surrogate when inspecting content using the 2261 # custom info type 'Surrogate'. This facilitates reversal of the 2262 # surrogate when it occurs in free text. 2263 # 2264 # In order for inspection to work properly, the name of this info type must 2265 # not occur naturally anywhere in your data; otherwise, inspection may either 2266 # 2267 # - reverse a surrogate that does not correspond to an actual identifier 2268 # - be unable to parse the surrogate and result in an error 2269 # 2270 # Therefore, choose your custom info type name carefully after considering 2271 # what your data looks like. One way to select a name that has a high chance 2272 # of yielding reliable detection is to include one or more unicode characters 2273 # that are highly improbable to exist in your data. 2274 # For example, assuming your data is entered from a regular ASCII keyboard, 2275 # the symbol with the hex code point 29DD might be used like so: 2276 # ⧝MY_TOKEN_TYPE 2277 "name": "A String", # Name of the information type. Either a name of your choosing when 2278 # creating a CustomInfoType, or one of the names listed 2279 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 2280 # a built-in type. InfoType names should conform to the pattern 2281 # [a-zA-Z0-9_]{1,64}. 2282 }, 2283 }, 2284 "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The 2285 # Bucketing transformation can provide all of this functionality, 2286 # but requires more configuration. This message is provided as a convenience to 2287 # the user for simple bucketing strategies. 2288 # 2289 # The transformed value will be a hyphenated string of 2290 # <lower_bound>-<upper_bound>, i.e if lower_bound = 10 and upper_bound = 20 2291 # all values that are within this bucket will be replaced with "10-20". 2292 # 2293 # This can be used on data of type: double, long. 2294 # 2295 # If the bound Value type differs from the type of data 2296 # being transformed, we will first attempt converting the type of the data to 2297 # be transformed to match the type of the bound before comparing. 2298 # 2299 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 2300 "lowerBound": { # Set of primitive values supported by the system. # Lower bound value of buckets. All values less than `lower_bound` are 2301 # grouped together into a single bucket; for example if `lower_bound` = 10, 2302 # then all values less than 10 are replaced with the value “-10”. [Required]. 2303 # Note that for the purposes of inspection or transformation, the number 2304 # of bytes considered to comprise a 'Value' is based on its representation 2305 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 2306 # 123456789, the number of bytes would be counted as 9, even though an 2307 # int64 only holds up to 8 bytes of data. 2308 "floatValue": 3.14, 2309 "timestampValue": "A String", 2310 "dayOfWeekValue": "A String", 2311 "timeValue": { # Represents a time of day. The date and time zone are either not significant 2312 # or are specified elsewhere. An API may choose to allow leap seconds. Related 2313 # types are google.type.Date and `google.protobuf.Timestamp`. 2314 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 2315 # to allow the value "24:00:00" for scenarios like business closing time. 2316 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 2317 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 2318 # allow the value 60 if it allows leap-seconds. 2319 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 2320 }, 2321 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 2322 # and time zone are either specified elsewhere or are not significant. The date 2323 # is relative to the Proleptic Gregorian Calendar. This can represent: 2324 # 2325 # * A full date, with non-zero year, month and day values 2326 # * A month and day value, with a zero year, e.g. an anniversary 2327 # * A year on its own, with zero month and day values 2328 # * A year and month value, with a zero day, e.g. a credit card expiration date 2329 # 2330 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 2331 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 2332 # a year. 2333 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 2334 # if specifying a year by itself or a year and month where the day is not 2335 # significant. 2336 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 2337 # month and day. 2338 }, 2339 "stringValue": "A String", 2340 "booleanValue": True or False, 2341 "integerValue": "A String", 2342 }, 2343 "upperBound": { # Set of primitive values supported by the system. # Upper bound value of buckets. All values greater than upper_bound are 2344 # grouped together into a single bucket; for example if `upper_bound` = 89, 2345 # then all values greater than 89 are replaced with the value “89+”. 2346 # [Required]. 2347 # Note that for the purposes of inspection or transformation, the number 2348 # of bytes considered to comprise a 'Value' is based on its representation 2349 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 2350 # 123456789, the number of bytes would be counted as 9, even though an 2351 # int64 only holds up to 8 bytes of data. 2352 "floatValue": 3.14, 2353 "timestampValue": "A String", 2354 "dayOfWeekValue": "A String", 2355 "timeValue": { # Represents a time of day. The date and time zone are either not significant 2356 # or are specified elsewhere. An API may choose to allow leap seconds. Related 2357 # types are google.type.Date and `google.protobuf.Timestamp`. 2358 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 2359 # to allow the value "24:00:00" for scenarios like business closing time. 2360 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 2361 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 2362 # allow the value 60 if it allows leap-seconds. 2363 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 2364 }, 2365 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 2366 # and time zone are either specified elsewhere or are not significant. The date 2367 # is relative to the Proleptic Gregorian Calendar. This can represent: 2368 # 2369 # * A full date, with non-zero year, month and day values 2370 # * A month and day value, with a zero year, e.g. an anniversary 2371 # * A year on its own, with zero month and day values 2372 # * A year and month value, with a zero day, e.g. a credit card expiration date 2373 # 2374 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 2375 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 2376 # a year. 2377 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 2378 # if specifying a year by itself or a year and month where the day is not 2379 # significant. 2380 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 2381 # month and day. 2382 }, 2383 "stringValue": "A String", 2384 "booleanValue": True or False, 2385 "integerValue": "A String", 2386 }, 2387 "bucketSize": 3.14, # Size of each bucket (except for minimum and maximum buckets). So if 2388 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the 2389 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 2390 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. [Required]. 2391 }, 2392 "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. 2393 }, 2394 "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a 2395 # portion of the value. 2396 "partToExtract": "A String", 2397 }, 2398 "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. 2399 # Uses SHA-256. 2400 # The key size must be either 32 or 64 bytes. 2401 # Outputs a base64 encoded representation of the hashed output 2402 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). 2403 # Currently, only string and integer values can be hashed. 2404 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more. 2405 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function. 2406 # a key encryption key (KEK) stored by KMS). 2407 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 2408 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 2409 # unwrap the data crypto key. 2410 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 2411 # The wrapped key must be a 128/192/256 bit key. 2412 # Authorization requires the following IAM permissions when sending a request 2413 # to perform a crypto transformation using a kms-wrapped crypto key: 2414 # dlp.kms.encrypt 2415 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 2416 "wrappedKey": "A String", # The wrapped data crypto key. [required] 2417 }, 2418 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 2419 # leaking the key. Choose another type of key if possible. 2420 "key": "A String", # A 128/192/256 bit key. [required] 2421 }, 2422 "transient": { # Use this to have a random data crypto key generated. 2423 # It will be discarded after the request finishes. 2424 "name": "A String", # Name of the key. [required] 2425 # This is an arbitrary string used to differentiate different keys. 2426 # A unique key is generated per name: two separate `TransientCryptoKey` 2427 # protos share the same generated key if their names are the same. 2428 # When the data crypto key is generated, this name is not used in any way 2429 # (repeating the api call will result in a different key being generated). 2430 }, 2431 }, 2432 }, 2433 "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the 2434 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting 2435 # to learn more. 2436 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This 2437 # results in the same shift for the same context and crypto_key. 2438 # a key encryption key (KEK) stored by KMS). 2439 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 2440 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 2441 # unwrap the data crypto key. 2442 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 2443 # The wrapped key must be a 128/192/256 bit key. 2444 # Authorization requires the following IAM permissions when sending a request 2445 # to perform a crypto transformation using a kms-wrapped crypto key: 2446 # dlp.kms.encrypt 2447 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 2448 "wrappedKey": "A String", # The wrapped data crypto key. [required] 2449 }, 2450 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 2451 # leaking the key. Choose another type of key if possible. 2452 "key": "A String", # A 128/192/256 bit key. [required] 2453 }, 2454 "transient": { # Use this to have a random data crypto key generated. 2455 # It will be discarded after the request finishes. 2456 "name": "A String", # Name of the key. [required] 2457 # This is an arbitrary string used to differentiate different keys. 2458 # A unique key is generated per name: two separate `TransientCryptoKey` 2459 # protos share the same generated key if their names are the same. 2460 # When the data crypto key is generated, this name is not used in any way 2461 # (repeating the api call will result in a different key being generated). 2462 }, 2463 }, 2464 "lowerBoundDays": 42, # For example, -5 means shift date to at most 5 days back in the past. 2465 # [Required] 2466 "upperBoundDays": 42, # Range of shift in days. Actual shift will be selected at random within this 2467 # range (inclusive ends). Negative means shift to earlier in time. Must not 2468 # be more than 365250 days (1000 years) each direction. 2469 # 2470 # For example, 3 means shift date to at most 3 days into the future. 2471 # [Required] 2472 "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. 2473 # If set, must also set method. If set, shift will be consistent for the 2474 # given context. 2475 "name": "A String", # Name describing the field. 2476 }, 2477 }, 2478 "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and 2479 # replacement values are dynamically provided by the user for custom behavior, 2480 # such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH 2481 # This can be used on 2482 # data of type: number, long, string, timestamp. 2483 # If the bound `Value` type differs from the type of data being transformed, we 2484 # will first attempt converting the type of the data to be transformed to match 2485 # the type of the bound before comparing. 2486 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 2487 "buckets": [ # Set of buckets. Ranges must be non-overlapping. 2488 { # Bucket is represented as a range, along with replacement values. 2489 "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min. 2490 # Note that for the purposes of inspection or transformation, the number 2491 # of bytes considered to comprise a 'Value' is based on its representation 2492 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 2493 # 123456789, the number of bytes would be counted as 9, even though an 2494 # int64 only holds up to 8 bytes of data. 2495 "floatValue": 3.14, 2496 "timestampValue": "A String", 2497 "dayOfWeekValue": "A String", 2498 "timeValue": { # Represents a time of day. The date and time zone are either not significant 2499 # or are specified elsewhere. An API may choose to allow leap seconds. Related 2500 # types are google.type.Date and `google.protobuf.Timestamp`. 2501 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 2502 # to allow the value "24:00:00" for scenarios like business closing time. 2503 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 2504 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 2505 # allow the value 60 if it allows leap-seconds. 2506 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 2507 }, 2508 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 2509 # and time zone are either specified elsewhere or are not significant. The date 2510 # is relative to the Proleptic Gregorian Calendar. This can represent: 2511 # 2512 # * A full date, with non-zero year, month and day values 2513 # * A month and day value, with a zero year, e.g. an anniversary 2514 # * A year on its own, with zero month and day values 2515 # * A year and month value, with a zero day, e.g. a credit card expiration date 2516 # 2517 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 2518 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 2519 # a year. 2520 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 2521 # if specifying a year by itself or a year and month where the day is not 2522 # significant. 2523 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 2524 # month and day. 2525 }, 2526 "stringValue": "A String", 2527 "booleanValue": True or False, 2528 "integerValue": "A String", 2529 }, 2530 "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided 2531 # the default behavior will be to hyphenate the min-max range. 2532 # Note that for the purposes of inspection or transformation, the number 2533 # of bytes considered to comprise a 'Value' is based on its representation 2534 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 2535 # 123456789, the number of bytes would be counted as 9, even though an 2536 # int64 only holds up to 8 bytes of data. 2537 "floatValue": 3.14, 2538 "timestampValue": "A String", 2539 "dayOfWeekValue": "A String", 2540 "timeValue": { # Represents a time of day. The date and time zone are either not significant 2541 # or are specified elsewhere. An API may choose to allow leap seconds. Related 2542 # types are google.type.Date and `google.protobuf.Timestamp`. 2543 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 2544 # to allow the value "24:00:00" for scenarios like business closing time. 2545 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 2546 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 2547 # allow the value 60 if it allows leap-seconds. 2548 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 2549 }, 2550 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 2551 # and time zone are either specified elsewhere or are not significant. The date 2552 # is relative to the Proleptic Gregorian Calendar. This can represent: 2553 # 2554 # * A full date, with non-zero year, month and day values 2555 # * A month and day value, with a zero year, e.g. an anniversary 2556 # * A year on its own, with zero month and day values 2557 # * A year and month value, with a zero day, e.g. a credit card expiration date 2558 # 2559 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 2560 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 2561 # a year. 2562 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 2563 # if specifying a year by itself or a year and month where the day is not 2564 # significant. 2565 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 2566 # month and day. 2567 }, 2568 "stringValue": "A String", 2569 "booleanValue": True or False, 2570 "integerValue": "A String", 2571 }, 2572 "min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if 2573 # used. 2574 # Note that for the purposes of inspection or transformation, the number 2575 # of bytes considered to comprise a 'Value' is based on its representation 2576 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 2577 # 123456789, the number of bytes would be counted as 9, even though an 2578 # int64 only holds up to 8 bytes of data. 2579 "floatValue": 3.14, 2580 "timestampValue": "A String", 2581 "dayOfWeekValue": "A String", 2582 "timeValue": { # Represents a time of day. The date and time zone are either not significant 2583 # or are specified elsewhere. An API may choose to allow leap seconds. Related 2584 # types are google.type.Date and `google.protobuf.Timestamp`. 2585 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 2586 # to allow the value "24:00:00" for scenarios like business closing time. 2587 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 2588 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 2589 # allow the value 60 if it allows leap-seconds. 2590 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 2591 }, 2592 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 2593 # and time zone are either specified elsewhere or are not significant. The date 2594 # is relative to the Proleptic Gregorian Calendar. This can represent: 2595 # 2596 # * A full date, with non-zero year, month and day values 2597 # * A month and day value, with a zero year, e.g. an anniversary 2598 # * A year on its own, with zero month and day values 2599 # * A year and month value, with a zero day, e.g. a credit card expiration date 2600 # 2601 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 2602 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 2603 # a year. 2604 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 2605 # if specifying a year by itself or a year and month where the day is not 2606 # significant. 2607 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 2608 # month and day. 2609 }, 2610 "stringValue": "A String", 2611 "booleanValue": True or False, 2612 "integerValue": "A String", 2613 }, 2614 }, 2615 ], 2616 }, 2617 "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption 2618 # (FPE) with the FFX mode of operation; however when used in the 2619 # `ReidentifyContent` API method, it serves the opposite function by reversing 2620 # the surrogate back into the original identifier. The identifier must be 2621 # encoded as ASCII. For a given crypto key and context, the same identifier 2622 # will be replaced with the same surrogate. Identifiers must be at least two 2623 # characters long. In the case that the identifier is the empty string, it will 2624 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn 2625 # more. 2626 # 2627 # Note: We recommend using CryptoDeterministicConfig for all use cases which 2628 # do not require preserving the input alphabet space and size, plus warrant 2629 # referential integrity. 2630 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption algorithm. [required] 2631 # a key encryption key (KEK) stored by KMS). 2632 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 2633 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 2634 # unwrap the data crypto key. 2635 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 2636 # The wrapped key must be a 128/192/256 bit key. 2637 # Authorization requires the following IAM permissions when sending a request 2638 # to perform a crypto transformation using a kms-wrapped crypto key: 2639 # dlp.kms.encrypt 2640 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 2641 "wrappedKey": "A String", # The wrapped data crypto key. [required] 2642 }, 2643 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 2644 # leaking the key. Choose another type of key if possible. 2645 "key": "A String", # A 128/192/256 bit key. [required] 2646 }, 2647 "transient": { # Use this to have a random data crypto key generated. 2648 # It will be discarded after the request finishes. 2649 "name": "A String", # Name of the key. [required] 2650 # This is an arbitrary string used to differentiate different keys. 2651 # A unique key is generated per name: two separate `TransientCryptoKey` 2652 # protos share the same generated key if their names are the same. 2653 # When the data crypto key is generated, this name is not used in any way 2654 # (repeating the api call will result in a different key being generated). 2655 }, 2656 }, 2657 "radix": 42, # The native way to select the alphabet. Must be in the range [2, 62]. 2658 "commonAlphabet": "A String", 2659 "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters 2660 # that the FFX mode natively supports. This happens before/after 2661 # encryption/decryption. 2662 # Each character listed must appear only once. 2663 # Number of characters must be in the range [2, 62]. 2664 # This must be encoded as ASCII. 2665 # The order of characters does not matter. 2666 "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same 2667 # identifier in two different contexts won't be given the same surrogate. If 2668 # the context is not set, a default tweak will be used. 2669 # 2670 # If the context is set but: 2671 # 2672 # 1. there is no record present when transforming a given value or 2673 # 1. the field is not present when transforming a given value, 2674 # 2675 # a default tweak will be used. 2676 # 2677 # Note that case (1) is expected when an `InfoTypeTransformation` is 2678 # applied to both structured and non-structured `ContentItem`s. 2679 # Currently, the referenced field may be of value type integer or string. 2680 # 2681 # The tweak is constructed as a sequence of bytes in big endian byte order 2682 # such that: 2683 # 2684 # - a 64 bit integer is encoded followed by a single byte of value 1 2685 # - a string is encoded in UTF-8 format followed by a single byte of value 2 2686 "name": "A String", # Name describing the field. 2687 }, 2688 "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. 2689 # This annotation will be applied to the surrogate by prefixing it with 2690 # the name of the custom infoType followed by the number of 2691 # characters comprising the surrogate. The following scheme defines the 2692 # format: info_type_name(surrogate_character_count):surrogate 2693 # 2694 # For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and 2695 # the surrogate is 'abc', the full replacement value 2696 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 2697 # 2698 # This annotation identifies the surrogate when inspecting content using the 2699 # custom infoType 2700 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). 2701 # This facilitates reversal of the surrogate when it occurs in free text. 2702 # 2703 # In order for inspection to work properly, the name of this infoType must 2704 # not occur naturally anywhere in your data; otherwise, inspection may 2705 # find a surrogate that does not correspond to an actual identifier. 2706 # Therefore, choose your custom infoType name carefully after considering 2707 # what your data looks like. One way to select a name that has a high chance 2708 # of yielding reliable detection is to include one or more unicode characters 2709 # that are highly improbable to exist in your data. 2710 # For example, assuming your data is entered from a regular ASCII keyboard, 2711 # the symbol with the hex code point 29DD might be used like so: 2712 # ⧝MY_TOKEN_TYPE 2713 "name": "A String", # Name of the information type. Either a name of your choosing when 2714 # creating a CustomInfoType, or one of the names listed 2715 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 2716 # a built-in type. InfoType names should conform to the pattern 2717 # [a-zA-Z0-9_]{1,64}. 2718 }, 2719 }, 2720 "replaceConfig": { # Replace each input value with a given `Value`. 2721 "newValue": { # Set of primitive values supported by the system. # Value to replace it with. 2722 # Note that for the purposes of inspection or transformation, the number 2723 # of bytes considered to comprise a 'Value' is based on its representation 2724 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 2725 # 123456789, the number of bytes would be counted as 9, even though an 2726 # int64 only holds up to 8 bytes of data. 2727 "floatValue": 3.14, 2728 "timestampValue": "A String", 2729 "dayOfWeekValue": "A String", 2730 "timeValue": { # Represents a time of day. The date and time zone are either not significant 2731 # or are specified elsewhere. An API may choose to allow leap seconds. Related 2732 # types are google.type.Date and `google.protobuf.Timestamp`. 2733 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 2734 # to allow the value "24:00:00" for scenarios like business closing time. 2735 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 2736 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 2737 # allow the value 60 if it allows leap-seconds. 2738 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 2739 }, 2740 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 2741 # and time zone are either specified elsewhere or are not significant. The date 2742 # is relative to the Proleptic Gregorian Calendar. This can represent: 2743 # 2744 # * A full date, with non-zero year, month and day values 2745 # * A month and day value, with a zero year, e.g. an anniversary 2746 # * A year on its own, with zero month and day values 2747 # * A year and month value, with a zero day, e.g. a credit card expiration date 2748 # 2749 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 2750 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 2751 # a year. 2752 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 2753 # if specifying a year by itself or a year and month where the day is not 2754 # significant. 2755 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 2756 # month and day. 2757 }, 2758 "stringValue": "A String", 2759 "booleanValue": True or False, 2760 "integerValue": "A String", 2761 }, 2762 }, 2763 }, 2764 "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause 2765 # this transformation to apply to all findings that correspond to 2766 # infoTypes that were requested in `InspectConfig`. 2767 { # Type of information detected by the API. 2768 "name": "A String", # Name of the information type. Either a name of your choosing when 2769 # creating a CustomInfoType, or one of the names listed 2770 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 2771 # a built-in type. InfoType names should conform to the pattern 2772 # [a-zA-Z0-9_]{1,64}. 2773 }, 2774 ], 2775 }, 2776 ], 2777 }, 2778 "recordTransformations": { # A type of transformation that is applied over structured data such as a # Treat the dataset as structured. Transformations can be applied to 2779 # specific locations within structured datasets, such as transforming 2780 # a column within a table. 2781 # table. 2782 "recordSuppressions": [ # Configuration defining which records get suppressed entirely. Records that 2783 # match any suppression rule are omitted from the output [optional]. 2784 { # Configuration to suppress records whose suppression conditions evaluate to 2785 # true. 2786 "condition": { # A condition for determining whether a transformation should be applied to # A condition that when it evaluates to true will result in the record being 2787 # evaluated to be suppressed from the transformed content. 2788 # a field. 2789 "expressions": { # An expression, consisting or an operator and conditions. # An expression. 2790 "conditions": { # A collection of conditions. 2791 "conditions": [ 2792 { # The field type of `value` and `field` do not need to match to be 2793 # considered equal, but not all comparisons are possible. 2794 # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, 2795 # but all other comparisons are invalid with incompatible types. 2796 # A `value` of type: 2797 # 2798 # - `string` can be compared against all other types 2799 # - `boolean` can only be compared against other booleans 2800 # - `integer` can be compared against doubles or a string if the string value 2801 # can be parsed as an integer. 2802 # - `double` can be compared against integers or a string if the string can 2803 # be parsed as a double. 2804 # - `Timestamp` can be compared against strings in RFC 3339 date string 2805 # format. 2806 # - `TimeOfDay` can be compared against timestamps and strings in the format 2807 # of 'HH:mm:ss'. 2808 # 2809 # If we fail to compare do to type mismatch, a warning will be given and 2810 # the condition will evaluate to false. 2811 "operator": "A String", # Operator used to compare the field or infoType to the value. [required] 2812 "field": { # General identifier of a data field in a storage service. # Field within the record this condition is evaluated against. [required] 2813 "name": "A String", # Name describing the field. 2814 }, 2815 "value": { # Set of primitive values supported by the system. # Value to compare against. [Required, except for `EXISTS` tests.] 2816 # Note that for the purposes of inspection or transformation, the number 2817 # of bytes considered to comprise a 'Value' is based on its representation 2818 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 2819 # 123456789, the number of bytes would be counted as 9, even though an 2820 # int64 only holds up to 8 bytes of data. 2821 "floatValue": 3.14, 2822 "timestampValue": "A String", 2823 "dayOfWeekValue": "A String", 2824 "timeValue": { # Represents a time of day. The date and time zone are either not significant 2825 # or are specified elsewhere. An API may choose to allow leap seconds. Related 2826 # types are google.type.Date and `google.protobuf.Timestamp`. 2827 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 2828 # to allow the value "24:00:00" for scenarios like business closing time. 2829 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 2830 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 2831 # allow the value 60 if it allows leap-seconds. 2832 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 2833 }, 2834 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 2835 # and time zone are either specified elsewhere or are not significant. The date 2836 # is relative to the Proleptic Gregorian Calendar. This can represent: 2837 # 2838 # * A full date, with non-zero year, month and day values 2839 # * A month and day value, with a zero year, e.g. an anniversary 2840 # * A year on its own, with zero month and day values 2841 # * A year and month value, with a zero day, e.g. a credit card expiration date 2842 # 2843 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 2844 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 2845 # a year. 2846 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 2847 # if specifying a year by itself or a year and month where the day is not 2848 # significant. 2849 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 2850 # month and day. 2851 }, 2852 "stringValue": "A String", 2853 "booleanValue": True or False, 2854 "integerValue": "A String", 2855 }, 2856 }, 2857 ], 2858 }, 2859 "logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently 2860 # only supported value is `AND`. 2861 }, 2862 }, 2863 }, 2864 ], 2865 "fieldTransformations": [ # Transform the record by applying various field transformations. 2866 { # The transformation to apply to the field. 2867 "infoTypeTransformations": { # A type of transformation that will scan unstructured text and # Treat the contents of the field as free text, and selectively 2868 # transform content that matches an `InfoType`. 2869 # apply various `PrimitiveTransformation`s to each finding, where the 2870 # transformation is applied to only values that were identified as a specific 2871 # info_type. 2872 "transformations": [ # Transformation for each infoType. Cannot specify more than one 2873 # for a given infoType. [required] 2874 { # A transformation to apply to text that is identified as a specific 2875 # info_type. 2876 "primitiveTransformation": { # A rule for transforming a value. # Primitive transformation to apply to the infoType. [required] 2877 "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a 2878 # fixed character. Masking can start from the beginning or end of the string. 2879 # This can be used on data of any type (numbers, longs, and so on) and when 2880 # de-identifying structured data we'll attempt to preserve the original data's 2881 # type. (This allows you to take a long like 123 and modify it to a string like 2882 # **3. 2883 "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing. 2884 # For example, if your string is 555-555-5555 and you ask us to skip `-` and 2885 # mask 5 chars with * we would produce ***-*55-5555. 2886 { # Characters to skip when doing deidentification of a value. These will be left 2887 # alone and skipped. 2888 "commonCharactersToIgnore": "A String", 2889 "charactersToSkip": "A String", 2890 }, 2891 ], 2892 "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be 2893 # masked. Skipped characters do not count towards this tally. 2894 "maskingCharacter": "A String", # Character to mask the sensitive values—for example, "*" for an 2895 # alphabetic string such as name, or "0" for a numeric string such as ZIP 2896 # code or credit card number. String must have length 1. If not supplied, we 2897 # will default to "*" for strings, 0 for digits. 2898 "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is 2899 # '0', number_to_mask is 14, and `reverse_order` is false, then 2900 # 1234-5678-9012-3456 -> 00000000000000-3456 2901 # If `masking_character` is '*', `number_to_mask` is 3, and `reverse_order` 2902 # is true, then 12345 -> 12*** 2903 }, 2904 "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` 2905 # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the 2906 # output would be 'My phone number is '. 2907 }, 2908 "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given 2909 # input. Outputs a base64 encoded representation of the encrypted output. 2910 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. 2911 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function. 2912 # a key encryption key (KEK) stored by KMS). 2913 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 2914 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 2915 # unwrap the data crypto key. 2916 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 2917 # The wrapped key must be a 128/192/256 bit key. 2918 # Authorization requires the following IAM permissions when sending a request 2919 # to perform a crypto transformation using a kms-wrapped crypto key: 2920 # dlp.kms.encrypt 2921 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 2922 "wrappedKey": "A String", # The wrapped data crypto key. [required] 2923 }, 2924 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 2925 # leaking the key. Choose another type of key if possible. 2926 "key": "A String", # A 128/192/256 bit key. [required] 2927 }, 2928 "transient": { # Use this to have a random data crypto key generated. 2929 # It will be discarded after the request finishes. 2930 "name": "A String", # Name of the key. [required] 2931 # This is an arbitrary string used to differentiate different keys. 2932 # A unique key is generated per name: two separate `TransientCryptoKey` 2933 # protos share the same generated key if their names are the same. 2934 # When the data crypto key is generated, this name is not used in any way 2935 # (repeating the api call will result in a different key being generated). 2936 }, 2937 }, 2938 "context": { # General identifier of a data field in a storage service. # Optional. A context may be used for higher security and maintaining 2939 # referential integrity such that the same identifier in two different 2940 # contexts will be given a distinct surrogate. The context is appended to 2941 # plaintext value being encrypted. On decryption the provided context is 2942 # validated against the value used during encryption. If a context was 2943 # provided during encryption, same context must be provided during decryption 2944 # as well. 2945 # 2946 # If the context is not set, plaintext would be used as is for encryption. 2947 # If the context is set but: 2948 # 2949 # 1. there is no record present when transforming a given value or 2950 # 2. the field is not present when transforming a given value, 2951 # 2952 # plaintext would be used as is for encryption. 2953 # 2954 # Note that case (1) is expected when an `InfoTypeTransformation` is 2955 # applied to both structured and non-structured `ContentItem`s. 2956 "name": "A String", # Name describing the field. 2957 }, 2958 "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. 2959 # This annotation will be applied to the surrogate by prefixing it with 2960 # the name of the custom info type followed by the number of 2961 # characters comprising the surrogate. The following scheme defines the 2962 # format: <info type name>(<surrogate character count>):<surrogate> 2963 # 2964 # For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and 2965 # the surrogate is 'abc', the full replacement value 2966 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 2967 # 2968 # This annotation identifies the surrogate when inspecting content using the 2969 # custom info type 'Surrogate'. This facilitates reversal of the 2970 # surrogate when it occurs in free text. 2971 # 2972 # In order for inspection to work properly, the name of this info type must 2973 # not occur naturally anywhere in your data; otherwise, inspection may either 2974 # 2975 # - reverse a surrogate that does not correspond to an actual identifier 2976 # - be unable to parse the surrogate and result in an error 2977 # 2978 # Therefore, choose your custom info type name carefully after considering 2979 # what your data looks like. One way to select a name that has a high chance 2980 # of yielding reliable detection is to include one or more unicode characters 2981 # that are highly improbable to exist in your data. 2982 # For example, assuming your data is entered from a regular ASCII keyboard, 2983 # the symbol with the hex code point 29DD might be used like so: 2984 # ⧝MY_TOKEN_TYPE 2985 "name": "A String", # Name of the information type. Either a name of your choosing when 2986 # creating a CustomInfoType, or one of the names listed 2987 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 2988 # a built-in type. InfoType names should conform to the pattern 2989 # [a-zA-Z0-9_]{1,64}. 2990 }, 2991 }, 2992 "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The 2993 # Bucketing transformation can provide all of this functionality, 2994 # but requires more configuration. This message is provided as a convenience to 2995 # the user for simple bucketing strategies. 2996 # 2997 # The transformed value will be a hyphenated string of 2998 # <lower_bound>-<upper_bound>, i.e if lower_bound = 10 and upper_bound = 20 2999 # all values that are within this bucket will be replaced with "10-20". 3000 # 3001 # This can be used on data of type: double, long. 3002 # 3003 # If the bound Value type differs from the type of data 3004 # being transformed, we will first attempt converting the type of the data to 3005 # be transformed to match the type of the bound before comparing. 3006 # 3007 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 3008 "lowerBound": { # Set of primitive values supported by the system. # Lower bound value of buckets. All values less than `lower_bound` are 3009 # grouped together into a single bucket; for example if `lower_bound` = 10, 3010 # then all values less than 10 are replaced with the value “-10”. [Required]. 3011 # Note that for the purposes of inspection or transformation, the number 3012 # of bytes considered to comprise a 'Value' is based on its representation 3013 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 3014 # 123456789, the number of bytes would be counted as 9, even though an 3015 # int64 only holds up to 8 bytes of data. 3016 "floatValue": 3.14, 3017 "timestampValue": "A String", 3018 "dayOfWeekValue": "A String", 3019 "timeValue": { # Represents a time of day. The date and time zone are either not significant 3020 # or are specified elsewhere. An API may choose to allow leap seconds. Related 3021 # types are google.type.Date and `google.protobuf.Timestamp`. 3022 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 3023 # to allow the value "24:00:00" for scenarios like business closing time. 3024 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 3025 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 3026 # allow the value 60 if it allows leap-seconds. 3027 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 3028 }, 3029 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 3030 # and time zone are either specified elsewhere or are not significant. The date 3031 # is relative to the Proleptic Gregorian Calendar. This can represent: 3032 # 3033 # * A full date, with non-zero year, month and day values 3034 # * A month and day value, with a zero year, e.g. an anniversary 3035 # * A year on its own, with zero month and day values 3036 # * A year and month value, with a zero day, e.g. a credit card expiration date 3037 # 3038 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 3039 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 3040 # a year. 3041 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 3042 # if specifying a year by itself or a year and month where the day is not 3043 # significant. 3044 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 3045 # month and day. 3046 }, 3047 "stringValue": "A String", 3048 "booleanValue": True or False, 3049 "integerValue": "A String", 3050 }, 3051 "upperBound": { # Set of primitive values supported by the system. # Upper bound value of buckets. All values greater than upper_bound are 3052 # grouped together into a single bucket; for example if `upper_bound` = 89, 3053 # then all values greater than 89 are replaced with the value “89+”. 3054 # [Required]. 3055 # Note that for the purposes of inspection or transformation, the number 3056 # of bytes considered to comprise a 'Value' is based on its representation 3057 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 3058 # 123456789, the number of bytes would be counted as 9, even though an 3059 # int64 only holds up to 8 bytes of data. 3060 "floatValue": 3.14, 3061 "timestampValue": "A String", 3062 "dayOfWeekValue": "A String", 3063 "timeValue": { # Represents a time of day. The date and time zone are either not significant 3064 # or are specified elsewhere. An API may choose to allow leap seconds. Related 3065 # types are google.type.Date and `google.protobuf.Timestamp`. 3066 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 3067 # to allow the value "24:00:00" for scenarios like business closing time. 3068 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 3069 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 3070 # allow the value 60 if it allows leap-seconds. 3071 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 3072 }, 3073 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 3074 # and time zone are either specified elsewhere or are not significant. The date 3075 # is relative to the Proleptic Gregorian Calendar. This can represent: 3076 # 3077 # * A full date, with non-zero year, month and day values 3078 # * A month and day value, with a zero year, e.g. an anniversary 3079 # * A year on its own, with zero month and day values 3080 # * A year and month value, with a zero day, e.g. a credit card expiration date 3081 # 3082 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 3083 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 3084 # a year. 3085 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 3086 # if specifying a year by itself or a year and month where the day is not 3087 # significant. 3088 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 3089 # month and day. 3090 }, 3091 "stringValue": "A String", 3092 "booleanValue": True or False, 3093 "integerValue": "A String", 3094 }, 3095 "bucketSize": 3.14, # Size of each bucket (except for minimum and maximum buckets). So if 3096 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the 3097 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 3098 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. [Required]. 3099 }, 3100 "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. 3101 }, 3102 "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a 3103 # portion of the value. 3104 "partToExtract": "A String", 3105 }, 3106 "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. 3107 # Uses SHA-256. 3108 # The key size must be either 32 or 64 bytes. 3109 # Outputs a base64 encoded representation of the hashed output 3110 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). 3111 # Currently, only string and integer values can be hashed. 3112 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more. 3113 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function. 3114 # a key encryption key (KEK) stored by KMS). 3115 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 3116 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 3117 # unwrap the data crypto key. 3118 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 3119 # The wrapped key must be a 128/192/256 bit key. 3120 # Authorization requires the following IAM permissions when sending a request 3121 # to perform a crypto transformation using a kms-wrapped crypto key: 3122 # dlp.kms.encrypt 3123 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 3124 "wrappedKey": "A String", # The wrapped data crypto key. [required] 3125 }, 3126 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 3127 # leaking the key. Choose another type of key if possible. 3128 "key": "A String", # A 128/192/256 bit key. [required] 3129 }, 3130 "transient": { # Use this to have a random data crypto key generated. 3131 # It will be discarded after the request finishes. 3132 "name": "A String", # Name of the key. [required] 3133 # This is an arbitrary string used to differentiate different keys. 3134 # A unique key is generated per name: two separate `TransientCryptoKey` 3135 # protos share the same generated key if their names are the same. 3136 # When the data crypto key is generated, this name is not used in any way 3137 # (repeating the api call will result in a different key being generated). 3138 }, 3139 }, 3140 }, 3141 "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the 3142 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting 3143 # to learn more. 3144 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This 3145 # results in the same shift for the same context and crypto_key. 3146 # a key encryption key (KEK) stored by KMS). 3147 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 3148 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 3149 # unwrap the data crypto key. 3150 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 3151 # The wrapped key must be a 128/192/256 bit key. 3152 # Authorization requires the following IAM permissions when sending a request 3153 # to perform a crypto transformation using a kms-wrapped crypto key: 3154 # dlp.kms.encrypt 3155 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 3156 "wrappedKey": "A String", # The wrapped data crypto key. [required] 3157 }, 3158 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 3159 # leaking the key. Choose another type of key if possible. 3160 "key": "A String", # A 128/192/256 bit key. [required] 3161 }, 3162 "transient": { # Use this to have a random data crypto key generated. 3163 # It will be discarded after the request finishes. 3164 "name": "A String", # Name of the key. [required] 3165 # This is an arbitrary string used to differentiate different keys. 3166 # A unique key is generated per name: two separate `TransientCryptoKey` 3167 # protos share the same generated key if their names are the same. 3168 # When the data crypto key is generated, this name is not used in any way 3169 # (repeating the api call will result in a different key being generated). 3170 }, 3171 }, 3172 "lowerBoundDays": 42, # For example, -5 means shift date to at most 5 days back in the past. 3173 # [Required] 3174 "upperBoundDays": 42, # Range of shift in days. Actual shift will be selected at random within this 3175 # range (inclusive ends). Negative means shift to earlier in time. Must not 3176 # be more than 365250 days (1000 years) each direction. 3177 # 3178 # For example, 3 means shift date to at most 3 days into the future. 3179 # [Required] 3180 "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. 3181 # If set, must also set method. If set, shift will be consistent for the 3182 # given context. 3183 "name": "A String", # Name describing the field. 3184 }, 3185 }, 3186 "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and 3187 # replacement values are dynamically provided by the user for custom behavior, 3188 # such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH 3189 # This can be used on 3190 # data of type: number, long, string, timestamp. 3191 # If the bound `Value` type differs from the type of data being transformed, we 3192 # will first attempt converting the type of the data to be transformed to match 3193 # the type of the bound before comparing. 3194 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 3195 "buckets": [ # Set of buckets. Ranges must be non-overlapping. 3196 { # Bucket is represented as a range, along with replacement values. 3197 "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min. 3198 # Note that for the purposes of inspection or transformation, the number 3199 # of bytes considered to comprise a 'Value' is based on its representation 3200 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 3201 # 123456789, the number of bytes would be counted as 9, even though an 3202 # int64 only holds up to 8 bytes of data. 3203 "floatValue": 3.14, 3204 "timestampValue": "A String", 3205 "dayOfWeekValue": "A String", 3206 "timeValue": { # Represents a time of day. The date and time zone are either not significant 3207 # or are specified elsewhere. An API may choose to allow leap seconds. Related 3208 # types are google.type.Date and `google.protobuf.Timestamp`. 3209 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 3210 # to allow the value "24:00:00" for scenarios like business closing time. 3211 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 3212 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 3213 # allow the value 60 if it allows leap-seconds. 3214 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 3215 }, 3216 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 3217 # and time zone are either specified elsewhere or are not significant. The date 3218 # is relative to the Proleptic Gregorian Calendar. This can represent: 3219 # 3220 # * A full date, with non-zero year, month and day values 3221 # * A month and day value, with a zero year, e.g. an anniversary 3222 # * A year on its own, with zero month and day values 3223 # * A year and month value, with a zero day, e.g. a credit card expiration date 3224 # 3225 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 3226 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 3227 # a year. 3228 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 3229 # if specifying a year by itself or a year and month where the day is not 3230 # significant. 3231 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 3232 # month and day. 3233 }, 3234 "stringValue": "A String", 3235 "booleanValue": True or False, 3236 "integerValue": "A String", 3237 }, 3238 "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided 3239 # the default behavior will be to hyphenate the min-max range. 3240 # Note that for the purposes of inspection or transformation, the number 3241 # of bytes considered to comprise a 'Value' is based on its representation 3242 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 3243 # 123456789, the number of bytes would be counted as 9, even though an 3244 # int64 only holds up to 8 bytes of data. 3245 "floatValue": 3.14, 3246 "timestampValue": "A String", 3247 "dayOfWeekValue": "A String", 3248 "timeValue": { # Represents a time of day. The date and time zone are either not significant 3249 # or are specified elsewhere. An API may choose to allow leap seconds. Related 3250 # types are google.type.Date and `google.protobuf.Timestamp`. 3251 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 3252 # to allow the value "24:00:00" for scenarios like business closing time. 3253 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 3254 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 3255 # allow the value 60 if it allows leap-seconds. 3256 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 3257 }, 3258 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 3259 # and time zone are either specified elsewhere or are not significant. The date 3260 # is relative to the Proleptic Gregorian Calendar. This can represent: 3261 # 3262 # * A full date, with non-zero year, month and day values 3263 # * A month and day value, with a zero year, e.g. an anniversary 3264 # * A year on its own, with zero month and day values 3265 # * A year and month value, with a zero day, e.g. a credit card expiration date 3266 # 3267 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 3268 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 3269 # a year. 3270 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 3271 # if specifying a year by itself or a year and month where the day is not 3272 # significant. 3273 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 3274 # month and day. 3275 }, 3276 "stringValue": "A String", 3277 "booleanValue": True or False, 3278 "integerValue": "A String", 3279 }, 3280 "min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if 3281 # used. 3282 # Note that for the purposes of inspection or transformation, the number 3283 # of bytes considered to comprise a 'Value' is based on its representation 3284 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 3285 # 123456789, the number of bytes would be counted as 9, even though an 3286 # int64 only holds up to 8 bytes of data. 3287 "floatValue": 3.14, 3288 "timestampValue": "A String", 3289 "dayOfWeekValue": "A String", 3290 "timeValue": { # Represents a time of day. The date and time zone are either not significant 3291 # or are specified elsewhere. An API may choose to allow leap seconds. Related 3292 # types are google.type.Date and `google.protobuf.Timestamp`. 3293 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 3294 # to allow the value "24:00:00" for scenarios like business closing time. 3295 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 3296 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 3297 # allow the value 60 if it allows leap-seconds. 3298 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 3299 }, 3300 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 3301 # and time zone are either specified elsewhere or are not significant. The date 3302 # is relative to the Proleptic Gregorian Calendar. This can represent: 3303 # 3304 # * A full date, with non-zero year, month and day values 3305 # * A month and day value, with a zero year, e.g. an anniversary 3306 # * A year on its own, with zero month and day values 3307 # * A year and month value, with a zero day, e.g. a credit card expiration date 3308 # 3309 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 3310 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 3311 # a year. 3312 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 3313 # if specifying a year by itself or a year and month where the day is not 3314 # significant. 3315 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 3316 # month and day. 3317 }, 3318 "stringValue": "A String", 3319 "booleanValue": True or False, 3320 "integerValue": "A String", 3321 }, 3322 }, 3323 ], 3324 }, 3325 "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption 3326 # (FPE) with the FFX mode of operation; however when used in the 3327 # `ReidentifyContent` API method, it serves the opposite function by reversing 3328 # the surrogate back into the original identifier. The identifier must be 3329 # encoded as ASCII. For a given crypto key and context, the same identifier 3330 # will be replaced with the same surrogate. Identifiers must be at least two 3331 # characters long. In the case that the identifier is the empty string, it will 3332 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn 3333 # more. 3334 # 3335 # Note: We recommend using CryptoDeterministicConfig for all use cases which 3336 # do not require preserving the input alphabet space and size, plus warrant 3337 # referential integrity. 3338 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption algorithm. [required] 3339 # a key encryption key (KEK) stored by KMS). 3340 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 3341 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 3342 # unwrap the data crypto key. 3343 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 3344 # The wrapped key must be a 128/192/256 bit key. 3345 # Authorization requires the following IAM permissions when sending a request 3346 # to perform a crypto transformation using a kms-wrapped crypto key: 3347 # dlp.kms.encrypt 3348 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 3349 "wrappedKey": "A String", # The wrapped data crypto key. [required] 3350 }, 3351 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 3352 # leaking the key. Choose another type of key if possible. 3353 "key": "A String", # A 128/192/256 bit key. [required] 3354 }, 3355 "transient": { # Use this to have a random data crypto key generated. 3356 # It will be discarded after the request finishes. 3357 "name": "A String", # Name of the key. [required] 3358 # This is an arbitrary string used to differentiate different keys. 3359 # A unique key is generated per name: two separate `TransientCryptoKey` 3360 # protos share the same generated key if their names are the same. 3361 # When the data crypto key is generated, this name is not used in any way 3362 # (repeating the api call will result in a different key being generated). 3363 }, 3364 }, 3365 "radix": 42, # The native way to select the alphabet. Must be in the range [2, 62]. 3366 "commonAlphabet": "A String", 3367 "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters 3368 # that the FFX mode natively supports. This happens before/after 3369 # encryption/decryption. 3370 # Each character listed must appear only once. 3371 # Number of characters must be in the range [2, 62]. 3372 # This must be encoded as ASCII. 3373 # The order of characters does not matter. 3374 "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same 3375 # identifier in two different contexts won't be given the same surrogate. If 3376 # the context is not set, a default tweak will be used. 3377 # 3378 # If the context is set but: 3379 # 3380 # 1. there is no record present when transforming a given value or 3381 # 1. the field is not present when transforming a given value, 3382 # 3383 # a default tweak will be used. 3384 # 3385 # Note that case (1) is expected when an `InfoTypeTransformation` is 3386 # applied to both structured and non-structured `ContentItem`s. 3387 # Currently, the referenced field may be of value type integer or string. 3388 # 3389 # The tweak is constructed as a sequence of bytes in big endian byte order 3390 # such that: 3391 # 3392 # - a 64 bit integer is encoded followed by a single byte of value 1 3393 # - a string is encoded in UTF-8 format followed by a single byte of value 2 3394 "name": "A String", # Name describing the field. 3395 }, 3396 "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. 3397 # This annotation will be applied to the surrogate by prefixing it with 3398 # the name of the custom infoType followed by the number of 3399 # characters comprising the surrogate. The following scheme defines the 3400 # format: info_type_name(surrogate_character_count):surrogate 3401 # 3402 # For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and 3403 # the surrogate is 'abc', the full replacement value 3404 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 3405 # 3406 # This annotation identifies the surrogate when inspecting content using the 3407 # custom infoType 3408 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). 3409 # This facilitates reversal of the surrogate when it occurs in free text. 3410 # 3411 # In order for inspection to work properly, the name of this infoType must 3412 # not occur naturally anywhere in your data; otherwise, inspection may 3413 # find a surrogate that does not correspond to an actual identifier. 3414 # Therefore, choose your custom infoType name carefully after considering 3415 # what your data looks like. One way to select a name that has a high chance 3416 # of yielding reliable detection is to include one or more unicode characters 3417 # that are highly improbable to exist in your data. 3418 # For example, assuming your data is entered from a regular ASCII keyboard, 3419 # the symbol with the hex code point 29DD might be used like so: 3420 # ⧝MY_TOKEN_TYPE 3421 "name": "A String", # Name of the information type. Either a name of your choosing when 3422 # creating a CustomInfoType, or one of the names listed 3423 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 3424 # a built-in type. InfoType names should conform to the pattern 3425 # [a-zA-Z0-9_]{1,64}. 3426 }, 3427 }, 3428 "replaceConfig": { # Replace each input value with a given `Value`. 3429 "newValue": { # Set of primitive values supported by the system. # Value to replace it with. 3430 # Note that for the purposes of inspection or transformation, the number 3431 # of bytes considered to comprise a 'Value' is based on its representation 3432 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 3433 # 123456789, the number of bytes would be counted as 9, even though an 3434 # int64 only holds up to 8 bytes of data. 3435 "floatValue": 3.14, 3436 "timestampValue": "A String", 3437 "dayOfWeekValue": "A String", 3438 "timeValue": { # Represents a time of day. The date and time zone are either not significant 3439 # or are specified elsewhere. An API may choose to allow leap seconds. Related 3440 # types are google.type.Date and `google.protobuf.Timestamp`. 3441 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 3442 # to allow the value "24:00:00" for scenarios like business closing time. 3443 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 3444 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 3445 # allow the value 60 if it allows leap-seconds. 3446 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 3447 }, 3448 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 3449 # and time zone are either specified elsewhere or are not significant. The date 3450 # is relative to the Proleptic Gregorian Calendar. This can represent: 3451 # 3452 # * A full date, with non-zero year, month and day values 3453 # * A month and day value, with a zero year, e.g. an anniversary 3454 # * A year on its own, with zero month and day values 3455 # * A year and month value, with a zero day, e.g. a credit card expiration date 3456 # 3457 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 3458 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 3459 # a year. 3460 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 3461 # if specifying a year by itself or a year and month where the day is not 3462 # significant. 3463 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 3464 # month and day. 3465 }, 3466 "stringValue": "A String", 3467 "booleanValue": True or False, 3468 "integerValue": "A String", 3469 }, 3470 }, 3471 }, 3472 "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause 3473 # this transformation to apply to all findings that correspond to 3474 # infoTypes that were requested in `InspectConfig`. 3475 { # Type of information detected by the API. 3476 "name": "A String", # Name of the information type. Either a name of your choosing when 3477 # creating a CustomInfoType, or one of the names listed 3478 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 3479 # a built-in type. InfoType names should conform to the pattern 3480 # [a-zA-Z0-9_]{1,64}. 3481 }, 3482 ], 3483 }, 3484 ], 3485 }, 3486 "primitiveTransformation": { # A rule for transforming a value. # Apply the transformation to the entire field. 3487 "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a 3488 # fixed character. Masking can start from the beginning or end of the string. 3489 # This can be used on data of any type (numbers, longs, and so on) and when 3490 # de-identifying structured data we'll attempt to preserve the original data's 3491 # type. (This allows you to take a long like 123 and modify it to a string like 3492 # **3. 3493 "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing. 3494 # For example, if your string is 555-555-5555 and you ask us to skip `-` and 3495 # mask 5 chars with * we would produce ***-*55-5555. 3496 { # Characters to skip when doing deidentification of a value. These will be left 3497 # alone and skipped. 3498 "commonCharactersToIgnore": "A String", 3499 "charactersToSkip": "A String", 3500 }, 3501 ], 3502 "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be 3503 # masked. Skipped characters do not count towards this tally. 3504 "maskingCharacter": "A String", # Character to mask the sensitive values—for example, "*" for an 3505 # alphabetic string such as name, or "0" for a numeric string such as ZIP 3506 # code or credit card number. String must have length 1. If not supplied, we 3507 # will default to "*" for strings, 0 for digits. 3508 "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is 3509 # '0', number_to_mask is 14, and `reverse_order` is false, then 3510 # 1234-5678-9012-3456 -> 00000000000000-3456 3511 # If `masking_character` is '*', `number_to_mask` is 3, and `reverse_order` 3512 # is true, then 12345 -> 12*** 3513 }, 3514 "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` 3515 # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the 3516 # output would be 'My phone number is '. 3517 }, 3518 "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given 3519 # input. Outputs a base64 encoded representation of the encrypted output. 3520 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. 3521 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function. 3522 # a key encryption key (KEK) stored by KMS). 3523 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 3524 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 3525 # unwrap the data crypto key. 3526 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 3527 # The wrapped key must be a 128/192/256 bit key. 3528 # Authorization requires the following IAM permissions when sending a request 3529 # to perform a crypto transformation using a kms-wrapped crypto key: 3530 # dlp.kms.encrypt 3531 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 3532 "wrappedKey": "A String", # The wrapped data crypto key. [required] 3533 }, 3534 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 3535 # leaking the key. Choose another type of key if possible. 3536 "key": "A String", # A 128/192/256 bit key. [required] 3537 }, 3538 "transient": { # Use this to have a random data crypto key generated. 3539 # It will be discarded after the request finishes. 3540 "name": "A String", # Name of the key. [required] 3541 # This is an arbitrary string used to differentiate different keys. 3542 # A unique key is generated per name: two separate `TransientCryptoKey` 3543 # protos share the same generated key if their names are the same. 3544 # When the data crypto key is generated, this name is not used in any way 3545 # (repeating the api call will result in a different key being generated). 3546 }, 3547 }, 3548 "context": { # General identifier of a data field in a storage service. # Optional. A context may be used for higher security and maintaining 3549 # referential integrity such that the same identifier in two different 3550 # contexts will be given a distinct surrogate. The context is appended to 3551 # plaintext value being encrypted. On decryption the provided context is 3552 # validated against the value used during encryption. If a context was 3553 # provided during encryption, same context must be provided during decryption 3554 # as well. 3555 # 3556 # If the context is not set, plaintext would be used as is for encryption. 3557 # If the context is set but: 3558 # 3559 # 1. there is no record present when transforming a given value or 3560 # 2. the field is not present when transforming a given value, 3561 # 3562 # plaintext would be used as is for encryption. 3563 # 3564 # Note that case (1) is expected when an `InfoTypeTransformation` is 3565 # applied to both structured and non-structured `ContentItem`s. 3566 "name": "A String", # Name describing the field. 3567 }, 3568 "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. 3569 # This annotation will be applied to the surrogate by prefixing it with 3570 # the name of the custom info type followed by the number of 3571 # characters comprising the surrogate. The following scheme defines the 3572 # format: <info type name>(<surrogate character count>):<surrogate> 3573 # 3574 # For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and 3575 # the surrogate is 'abc', the full replacement value 3576 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 3577 # 3578 # This annotation identifies the surrogate when inspecting content using the 3579 # custom info type 'Surrogate'. This facilitates reversal of the 3580 # surrogate when it occurs in free text. 3581 # 3582 # In order for inspection to work properly, the name of this info type must 3583 # not occur naturally anywhere in your data; otherwise, inspection may either 3584 # 3585 # - reverse a surrogate that does not correspond to an actual identifier 3586 # - be unable to parse the surrogate and result in an error 3587 # 3588 # Therefore, choose your custom info type name carefully after considering 3589 # what your data looks like. One way to select a name that has a high chance 3590 # of yielding reliable detection is to include one or more unicode characters 3591 # that are highly improbable to exist in your data. 3592 # For example, assuming your data is entered from a regular ASCII keyboard, 3593 # the symbol with the hex code point 29DD might be used like so: 3594 # ⧝MY_TOKEN_TYPE 3595 "name": "A String", # Name of the information type. Either a name of your choosing when 3596 # creating a CustomInfoType, or one of the names listed 3597 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 3598 # a built-in type. InfoType names should conform to the pattern 3599 # [a-zA-Z0-9_]{1,64}. 3600 }, 3601 }, 3602 "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The 3603 # Bucketing transformation can provide all of this functionality, 3604 # but requires more configuration. This message is provided as a convenience to 3605 # the user for simple bucketing strategies. 3606 # 3607 # The transformed value will be a hyphenated string of 3608 # <lower_bound>-<upper_bound>, i.e if lower_bound = 10 and upper_bound = 20 3609 # all values that are within this bucket will be replaced with "10-20". 3610 # 3611 # This can be used on data of type: double, long. 3612 # 3613 # If the bound Value type differs from the type of data 3614 # being transformed, we will first attempt converting the type of the data to 3615 # be transformed to match the type of the bound before comparing. 3616 # 3617 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 3618 "lowerBound": { # Set of primitive values supported by the system. # Lower bound value of buckets. All values less than `lower_bound` are 3619 # grouped together into a single bucket; for example if `lower_bound` = 10, 3620 # then all values less than 10 are replaced with the value “-10”. [Required]. 3621 # Note that for the purposes of inspection or transformation, the number 3622 # of bytes considered to comprise a 'Value' is based on its representation 3623 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 3624 # 123456789, the number of bytes would be counted as 9, even though an 3625 # int64 only holds up to 8 bytes of data. 3626 "floatValue": 3.14, 3627 "timestampValue": "A String", 3628 "dayOfWeekValue": "A String", 3629 "timeValue": { # Represents a time of day. The date and time zone are either not significant 3630 # or are specified elsewhere. An API may choose to allow leap seconds. Related 3631 # types are google.type.Date and `google.protobuf.Timestamp`. 3632 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 3633 # to allow the value "24:00:00" for scenarios like business closing time. 3634 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 3635 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 3636 # allow the value 60 if it allows leap-seconds. 3637 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 3638 }, 3639 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 3640 # and time zone are either specified elsewhere or are not significant. The date 3641 # is relative to the Proleptic Gregorian Calendar. This can represent: 3642 # 3643 # * A full date, with non-zero year, month and day values 3644 # * A month and day value, with a zero year, e.g. an anniversary 3645 # * A year on its own, with zero month and day values 3646 # * A year and month value, with a zero day, e.g. a credit card expiration date 3647 # 3648 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 3649 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 3650 # a year. 3651 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 3652 # if specifying a year by itself or a year and month where the day is not 3653 # significant. 3654 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 3655 # month and day. 3656 }, 3657 "stringValue": "A String", 3658 "booleanValue": True or False, 3659 "integerValue": "A String", 3660 }, 3661 "upperBound": { # Set of primitive values supported by the system. # Upper bound value of buckets. All values greater than upper_bound are 3662 # grouped together into a single bucket; for example if `upper_bound` = 89, 3663 # then all values greater than 89 are replaced with the value “89+”. 3664 # [Required]. 3665 # Note that for the purposes of inspection or transformation, the number 3666 # of bytes considered to comprise a 'Value' is based on its representation 3667 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 3668 # 123456789, the number of bytes would be counted as 9, even though an 3669 # int64 only holds up to 8 bytes of data. 3670 "floatValue": 3.14, 3671 "timestampValue": "A String", 3672 "dayOfWeekValue": "A String", 3673 "timeValue": { # Represents a time of day. The date and time zone are either not significant 3674 # or are specified elsewhere. An API may choose to allow leap seconds. Related 3675 # types are google.type.Date and `google.protobuf.Timestamp`. 3676 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 3677 # to allow the value "24:00:00" for scenarios like business closing time. 3678 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 3679 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 3680 # allow the value 60 if it allows leap-seconds. 3681 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 3682 }, 3683 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 3684 # and time zone are either specified elsewhere or are not significant. The date 3685 # is relative to the Proleptic Gregorian Calendar. This can represent: 3686 # 3687 # * A full date, with non-zero year, month and day values 3688 # * A month and day value, with a zero year, e.g. an anniversary 3689 # * A year on its own, with zero month and day values 3690 # * A year and month value, with a zero day, e.g. a credit card expiration date 3691 # 3692 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 3693 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 3694 # a year. 3695 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 3696 # if specifying a year by itself or a year and month where the day is not 3697 # significant. 3698 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 3699 # month and day. 3700 }, 3701 "stringValue": "A String", 3702 "booleanValue": True or False, 3703 "integerValue": "A String", 3704 }, 3705 "bucketSize": 3.14, # Size of each bucket (except for minimum and maximum buckets). So if 3706 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the 3707 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 3708 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. [Required]. 3709 }, 3710 "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. 3711 }, 3712 "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a 3713 # portion of the value. 3714 "partToExtract": "A String", 3715 }, 3716 "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. 3717 # Uses SHA-256. 3718 # The key size must be either 32 or 64 bytes. 3719 # Outputs a base64 encoded representation of the hashed output 3720 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). 3721 # Currently, only string and integer values can be hashed. 3722 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more. 3723 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function. 3724 # a key encryption key (KEK) stored by KMS). 3725 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 3726 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 3727 # unwrap the data crypto key. 3728 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 3729 # The wrapped key must be a 128/192/256 bit key. 3730 # Authorization requires the following IAM permissions when sending a request 3731 # to perform a crypto transformation using a kms-wrapped crypto key: 3732 # dlp.kms.encrypt 3733 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 3734 "wrappedKey": "A String", # The wrapped data crypto key. [required] 3735 }, 3736 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 3737 # leaking the key. Choose another type of key if possible. 3738 "key": "A String", # A 128/192/256 bit key. [required] 3739 }, 3740 "transient": { # Use this to have a random data crypto key generated. 3741 # It will be discarded after the request finishes. 3742 "name": "A String", # Name of the key. [required] 3743 # This is an arbitrary string used to differentiate different keys. 3744 # A unique key is generated per name: two separate `TransientCryptoKey` 3745 # protos share the same generated key if their names are the same. 3746 # When the data crypto key is generated, this name is not used in any way 3747 # (repeating the api call will result in a different key being generated). 3748 }, 3749 }, 3750 }, 3751 "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the 3752 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting 3753 # to learn more. 3754 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This 3755 # results in the same shift for the same context and crypto_key. 3756 # a key encryption key (KEK) stored by KMS). 3757 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 3758 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 3759 # unwrap the data crypto key. 3760 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 3761 # The wrapped key must be a 128/192/256 bit key. 3762 # Authorization requires the following IAM permissions when sending a request 3763 # to perform a crypto transformation using a kms-wrapped crypto key: 3764 # dlp.kms.encrypt 3765 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 3766 "wrappedKey": "A String", # The wrapped data crypto key. [required] 3767 }, 3768 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 3769 # leaking the key. Choose another type of key if possible. 3770 "key": "A String", # A 128/192/256 bit key. [required] 3771 }, 3772 "transient": { # Use this to have a random data crypto key generated. 3773 # It will be discarded after the request finishes. 3774 "name": "A String", # Name of the key. [required] 3775 # This is an arbitrary string used to differentiate different keys. 3776 # A unique key is generated per name: two separate `TransientCryptoKey` 3777 # protos share the same generated key if their names are the same. 3778 # When the data crypto key is generated, this name is not used in any way 3779 # (repeating the api call will result in a different key being generated). 3780 }, 3781 }, 3782 "lowerBoundDays": 42, # For example, -5 means shift date to at most 5 days back in the past. 3783 # [Required] 3784 "upperBoundDays": 42, # Range of shift in days. Actual shift will be selected at random within this 3785 # range (inclusive ends). Negative means shift to earlier in time. Must not 3786 # be more than 365250 days (1000 years) each direction. 3787 # 3788 # For example, 3 means shift date to at most 3 days into the future. 3789 # [Required] 3790 "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. 3791 # If set, must also set method. If set, shift will be consistent for the 3792 # given context. 3793 "name": "A String", # Name describing the field. 3794 }, 3795 }, 3796 "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and 3797 # replacement values are dynamically provided by the user for custom behavior, 3798 # such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH 3799 # This can be used on 3800 # data of type: number, long, string, timestamp. 3801 # If the bound `Value` type differs from the type of data being transformed, we 3802 # will first attempt converting the type of the data to be transformed to match 3803 # the type of the bound before comparing. 3804 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 3805 "buckets": [ # Set of buckets. Ranges must be non-overlapping. 3806 { # Bucket is represented as a range, along with replacement values. 3807 "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min. 3808 # Note that for the purposes of inspection or transformation, the number 3809 # of bytes considered to comprise a 'Value' is based on its representation 3810 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 3811 # 123456789, the number of bytes would be counted as 9, even though an 3812 # int64 only holds up to 8 bytes of data. 3813 "floatValue": 3.14, 3814 "timestampValue": "A String", 3815 "dayOfWeekValue": "A String", 3816 "timeValue": { # Represents a time of day. The date and time zone are either not significant 3817 # or are specified elsewhere. An API may choose to allow leap seconds. Related 3818 # types are google.type.Date and `google.protobuf.Timestamp`. 3819 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 3820 # to allow the value "24:00:00" for scenarios like business closing time. 3821 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 3822 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 3823 # allow the value 60 if it allows leap-seconds. 3824 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 3825 }, 3826 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 3827 # and time zone are either specified elsewhere or are not significant. The date 3828 # is relative to the Proleptic Gregorian Calendar. This can represent: 3829 # 3830 # * A full date, with non-zero year, month and day values 3831 # * A month and day value, with a zero year, e.g. an anniversary 3832 # * A year on its own, with zero month and day values 3833 # * A year and month value, with a zero day, e.g. a credit card expiration date 3834 # 3835 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 3836 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 3837 # a year. 3838 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 3839 # if specifying a year by itself or a year and month where the day is not 3840 # significant. 3841 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 3842 # month and day. 3843 }, 3844 "stringValue": "A String", 3845 "booleanValue": True or False, 3846 "integerValue": "A String", 3847 }, 3848 "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided 3849 # the default behavior will be to hyphenate the min-max range. 3850 # Note that for the purposes of inspection or transformation, the number 3851 # of bytes considered to comprise a 'Value' is based on its representation 3852 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 3853 # 123456789, the number of bytes would be counted as 9, even though an 3854 # int64 only holds up to 8 bytes of data. 3855 "floatValue": 3.14, 3856 "timestampValue": "A String", 3857 "dayOfWeekValue": "A String", 3858 "timeValue": { # Represents a time of day. The date and time zone are either not significant 3859 # or are specified elsewhere. An API may choose to allow leap seconds. Related 3860 # types are google.type.Date and `google.protobuf.Timestamp`. 3861 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 3862 # to allow the value "24:00:00" for scenarios like business closing time. 3863 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 3864 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 3865 # allow the value 60 if it allows leap-seconds. 3866 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 3867 }, 3868 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 3869 # and time zone are either specified elsewhere or are not significant. The date 3870 # is relative to the Proleptic Gregorian Calendar. This can represent: 3871 # 3872 # * A full date, with non-zero year, month and day values 3873 # * A month and day value, with a zero year, e.g. an anniversary 3874 # * A year on its own, with zero month and day values 3875 # * A year and month value, with a zero day, e.g. a credit card expiration date 3876 # 3877 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 3878 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 3879 # a year. 3880 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 3881 # if specifying a year by itself or a year and month where the day is not 3882 # significant. 3883 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 3884 # month and day. 3885 }, 3886 "stringValue": "A String", 3887 "booleanValue": True or False, 3888 "integerValue": "A String", 3889 }, 3890 "min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if 3891 # used. 3892 # Note that for the purposes of inspection or transformation, the number 3893 # of bytes considered to comprise a 'Value' is based on its representation 3894 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 3895 # 123456789, the number of bytes would be counted as 9, even though an 3896 # int64 only holds up to 8 bytes of data. 3897 "floatValue": 3.14, 3898 "timestampValue": "A String", 3899 "dayOfWeekValue": "A String", 3900 "timeValue": { # Represents a time of day. The date and time zone are either not significant 3901 # or are specified elsewhere. An API may choose to allow leap seconds. Related 3902 # types are google.type.Date and `google.protobuf.Timestamp`. 3903 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 3904 # to allow the value "24:00:00" for scenarios like business closing time. 3905 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 3906 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 3907 # allow the value 60 if it allows leap-seconds. 3908 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 3909 }, 3910 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 3911 # and time zone are either specified elsewhere or are not significant. The date 3912 # is relative to the Proleptic Gregorian Calendar. This can represent: 3913 # 3914 # * A full date, with non-zero year, month and day values 3915 # * A month and day value, with a zero year, e.g. an anniversary 3916 # * A year on its own, with zero month and day values 3917 # * A year and month value, with a zero day, e.g. a credit card expiration date 3918 # 3919 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 3920 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 3921 # a year. 3922 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 3923 # if specifying a year by itself or a year and month where the day is not 3924 # significant. 3925 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 3926 # month and day. 3927 }, 3928 "stringValue": "A String", 3929 "booleanValue": True or False, 3930 "integerValue": "A String", 3931 }, 3932 }, 3933 ], 3934 }, 3935 "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption 3936 # (FPE) with the FFX mode of operation; however when used in the 3937 # `ReidentifyContent` API method, it serves the opposite function by reversing 3938 # the surrogate back into the original identifier. The identifier must be 3939 # encoded as ASCII. For a given crypto key and context, the same identifier 3940 # will be replaced with the same surrogate. Identifiers must be at least two 3941 # characters long. In the case that the identifier is the empty string, it will 3942 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn 3943 # more. 3944 # 3945 # Note: We recommend using CryptoDeterministicConfig for all use cases which 3946 # do not require preserving the input alphabet space and size, plus warrant 3947 # referential integrity. 3948 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption algorithm. [required] 3949 # a key encryption key (KEK) stored by KMS). 3950 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 3951 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 3952 # unwrap the data crypto key. 3953 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 3954 # The wrapped key must be a 128/192/256 bit key. 3955 # Authorization requires the following IAM permissions when sending a request 3956 # to perform a crypto transformation using a kms-wrapped crypto key: 3957 # dlp.kms.encrypt 3958 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 3959 "wrappedKey": "A String", # The wrapped data crypto key. [required] 3960 }, 3961 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 3962 # leaking the key. Choose another type of key if possible. 3963 "key": "A String", # A 128/192/256 bit key. [required] 3964 }, 3965 "transient": { # Use this to have a random data crypto key generated. 3966 # It will be discarded after the request finishes. 3967 "name": "A String", # Name of the key. [required] 3968 # This is an arbitrary string used to differentiate different keys. 3969 # A unique key is generated per name: two separate `TransientCryptoKey` 3970 # protos share the same generated key if their names are the same. 3971 # When the data crypto key is generated, this name is not used in any way 3972 # (repeating the api call will result in a different key being generated). 3973 }, 3974 }, 3975 "radix": 42, # The native way to select the alphabet. Must be in the range [2, 62]. 3976 "commonAlphabet": "A String", 3977 "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters 3978 # that the FFX mode natively supports. This happens before/after 3979 # encryption/decryption. 3980 # Each character listed must appear only once. 3981 # Number of characters must be in the range [2, 62]. 3982 # This must be encoded as ASCII. 3983 # The order of characters does not matter. 3984 "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same 3985 # identifier in two different contexts won't be given the same surrogate. If 3986 # the context is not set, a default tweak will be used. 3987 # 3988 # If the context is set but: 3989 # 3990 # 1. there is no record present when transforming a given value or 3991 # 1. the field is not present when transforming a given value, 3992 # 3993 # a default tweak will be used. 3994 # 3995 # Note that case (1) is expected when an `InfoTypeTransformation` is 3996 # applied to both structured and non-structured `ContentItem`s. 3997 # Currently, the referenced field may be of value type integer or string. 3998 # 3999 # The tweak is constructed as a sequence of bytes in big endian byte order 4000 # such that: 4001 # 4002 # - a 64 bit integer is encoded followed by a single byte of value 1 4003 # - a string is encoded in UTF-8 format followed by a single byte of value 2 4004 "name": "A String", # Name describing the field. 4005 }, 4006 "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. 4007 # This annotation will be applied to the surrogate by prefixing it with 4008 # the name of the custom infoType followed by the number of 4009 # characters comprising the surrogate. The following scheme defines the 4010 # format: info_type_name(surrogate_character_count):surrogate 4011 # 4012 # For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and 4013 # the surrogate is 'abc', the full replacement value 4014 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 4015 # 4016 # This annotation identifies the surrogate when inspecting content using the 4017 # custom infoType 4018 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). 4019 # This facilitates reversal of the surrogate when it occurs in free text. 4020 # 4021 # In order for inspection to work properly, the name of this infoType must 4022 # not occur naturally anywhere in your data; otherwise, inspection may 4023 # find a surrogate that does not correspond to an actual identifier. 4024 # Therefore, choose your custom infoType name carefully after considering 4025 # what your data looks like. One way to select a name that has a high chance 4026 # of yielding reliable detection is to include one or more unicode characters 4027 # that are highly improbable to exist in your data. 4028 # For example, assuming your data is entered from a regular ASCII keyboard, 4029 # the symbol with the hex code point 29DD might be used like so: 4030 # ⧝MY_TOKEN_TYPE 4031 "name": "A String", # Name of the information type. Either a name of your choosing when 4032 # creating a CustomInfoType, or one of the names listed 4033 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 4034 # a built-in type. InfoType names should conform to the pattern 4035 # [a-zA-Z0-9_]{1,64}. 4036 }, 4037 }, 4038 "replaceConfig": { # Replace each input value with a given `Value`. 4039 "newValue": { # Set of primitive values supported by the system. # Value to replace it with. 4040 # Note that for the purposes of inspection or transformation, the number 4041 # of bytes considered to comprise a 'Value' is based on its representation 4042 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 4043 # 123456789, the number of bytes would be counted as 9, even though an 4044 # int64 only holds up to 8 bytes of data. 4045 "floatValue": 3.14, 4046 "timestampValue": "A String", 4047 "dayOfWeekValue": "A String", 4048 "timeValue": { # Represents a time of day. The date and time zone are either not significant 4049 # or are specified elsewhere. An API may choose to allow leap seconds. Related 4050 # types are google.type.Date and `google.protobuf.Timestamp`. 4051 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 4052 # to allow the value "24:00:00" for scenarios like business closing time. 4053 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 4054 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 4055 # allow the value 60 if it allows leap-seconds. 4056 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 4057 }, 4058 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 4059 # and time zone are either specified elsewhere or are not significant. The date 4060 # is relative to the Proleptic Gregorian Calendar. This can represent: 4061 # 4062 # * A full date, with non-zero year, month and day values 4063 # * A month and day value, with a zero year, e.g. an anniversary 4064 # * A year on its own, with zero month and day values 4065 # * A year and month value, with a zero day, e.g. a credit card expiration date 4066 # 4067 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 4068 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 4069 # a year. 4070 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 4071 # if specifying a year by itself or a year and month where the day is not 4072 # significant. 4073 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 4074 # month and day. 4075 }, 4076 "stringValue": "A String", 4077 "booleanValue": True or False, 4078 "integerValue": "A String", 4079 }, 4080 }, 4081 }, 4082 "condition": { # A condition for determining whether a transformation should be applied to # Only apply the transformation if the condition evaluates to true for the 4083 # given `RecordCondition`. The conditions are allowed to reference fields 4084 # that are not used in the actual transformation. [optional] 4085 # 4086 # Example Use Cases: 4087 # 4088 # - Apply a different bucket transformation to an age column if the zip code 4089 # column for the same record is within a specific range. 4090 # - Redact a field if the date of birth field is greater than 85. 4091 # a field. 4092 "expressions": { # An expression, consisting or an operator and conditions. # An expression. 4093 "conditions": { # A collection of conditions. 4094 "conditions": [ 4095 { # The field type of `value` and `field` do not need to match to be 4096 # considered equal, but not all comparisons are possible. 4097 # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, 4098 # but all other comparisons are invalid with incompatible types. 4099 # A `value` of type: 4100 # 4101 # - `string` can be compared against all other types 4102 # - `boolean` can only be compared against other booleans 4103 # - `integer` can be compared against doubles or a string if the string value 4104 # can be parsed as an integer. 4105 # - `double` can be compared against integers or a string if the string can 4106 # be parsed as a double. 4107 # - `Timestamp` can be compared against strings in RFC 3339 date string 4108 # format. 4109 # - `TimeOfDay` can be compared against timestamps and strings in the format 4110 # of 'HH:mm:ss'. 4111 # 4112 # If we fail to compare do to type mismatch, a warning will be given and 4113 # the condition will evaluate to false. 4114 "operator": "A String", # Operator used to compare the field or infoType to the value. [required] 4115 "field": { # General identifier of a data field in a storage service. # Field within the record this condition is evaluated against. [required] 4116 "name": "A String", # Name describing the field. 4117 }, 4118 "value": { # Set of primitive values supported by the system. # Value to compare against. [Required, except for `EXISTS` tests.] 4119 # Note that for the purposes of inspection or transformation, the number 4120 # of bytes considered to comprise a 'Value' is based on its representation 4121 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 4122 # 123456789, the number of bytes would be counted as 9, even though an 4123 # int64 only holds up to 8 bytes of data. 4124 "floatValue": 3.14, 4125 "timestampValue": "A String", 4126 "dayOfWeekValue": "A String", 4127 "timeValue": { # Represents a time of day. The date and time zone are either not significant 4128 # or are specified elsewhere. An API may choose to allow leap seconds. Related 4129 # types are google.type.Date and `google.protobuf.Timestamp`. 4130 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 4131 # to allow the value "24:00:00" for scenarios like business closing time. 4132 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 4133 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 4134 # allow the value 60 if it allows leap-seconds. 4135 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 4136 }, 4137 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 4138 # and time zone are either specified elsewhere or are not significant. The date 4139 # is relative to the Proleptic Gregorian Calendar. This can represent: 4140 # 4141 # * A full date, with non-zero year, month and day values 4142 # * A month and day value, with a zero year, e.g. an anniversary 4143 # * A year on its own, with zero month and day values 4144 # * A year and month value, with a zero day, e.g. a credit card expiration date 4145 # 4146 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 4147 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 4148 # a year. 4149 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 4150 # if specifying a year by itself or a year and month where the day is not 4151 # significant. 4152 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 4153 # month and day. 4154 }, 4155 "stringValue": "A String", 4156 "booleanValue": True or False, 4157 "integerValue": "A String", 4158 }, 4159 }, 4160 ], 4161 }, 4162 "logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently 4163 # only supported value is `AND`. 4164 }, 4165 }, 4166 "fields": [ # Input field(s) to apply the transformation to. [required] 4167 { # General identifier of a data field in a storage service. 4168 "name": "A String", # Name describing the field. 4169 }, 4170 ], 4171 }, 4172 ], 4173 }, 4174 }, 4175 "createTime": "A String", # The creation timestamp of a inspectTemplate, output only field. 4176 "name": "A String", # The template name. Output only. 4177 # 4178 # The template will have one of the following formats: 4179 # `projects/PROJECT_ID/deidentifyTemplates/TEMPLATE_ID` OR 4180 # `organizations/ORGANIZATION_ID/deidentifyTemplates/TEMPLATE_ID` 4181 }</pre> 4182</div> 4183 4184<div class="method"> 4185 <code class="details" id="delete">delete(name, x__xgafv=None)</code> 4186 <pre>Deletes a DeidentifyTemplate. 4187See https://cloud.google.com/dlp/docs/creating-templates-deid to learn 4188more. 4189 4190Args: 4191 name: string, Resource name of the organization and deidentify template to be deleted, 4192for example `organizations/433245324/deidentifyTemplates/432452342` or 4193projects/project-id/deidentifyTemplates/432452342. (required) 4194 x__xgafv: string, V1 error format. 4195 Allowed values 4196 1 - v1 error format 4197 2 - v2 error format 4198 4199Returns: 4200 An object of the form: 4201 4202 { # A generic empty message that you can re-use to avoid defining duplicated 4203 # empty messages in your APIs. A typical example is to use it as the request 4204 # or the response type of an API method. For instance: 4205 # 4206 # service Foo { 4207 # rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); 4208 # } 4209 # 4210 # The JSON representation for `Empty` is empty JSON object `{}`. 4211 }</pre> 4212</div> 4213 4214<div class="method"> 4215 <code class="details" id="get">get(name, x__xgafv=None)</code> 4216 <pre>Gets a DeidentifyTemplate. 4217See https://cloud.google.com/dlp/docs/creating-templates-deid to learn 4218more. 4219 4220Args: 4221 name: string, Resource name of the organization and deidentify template to be read, for 4222example `organizations/433245324/deidentifyTemplates/432452342` or 4223projects/project-id/deidentifyTemplates/432452342. (required) 4224 x__xgafv: string, V1 error format. 4225 Allowed values 4226 1 - v1 error format 4227 2 - v2 error format 4228 4229Returns: 4230 An object of the form: 4231 4232 { # The DeidentifyTemplates contains instructions on how to deidentify content. 4233 # See https://cloud.google.com/dlp/docs/concepts-templates to learn more. 4234 "updateTime": "A String", # The last update timestamp of a inspectTemplate, output only field. 4235 "displayName": "A String", # Display name (max 256 chars). 4236 "description": "A String", # Short description (max 256 chars). 4237 "deidentifyConfig": { # The configuration that controls how the data will change. # ///////////// // The core content of the template // /////////////// 4238 "infoTypeTransformations": { # A type of transformation that will scan unstructured text and # Treat the dataset as free-form text and apply the same free text 4239 # transformation everywhere. 4240 # apply various `PrimitiveTransformation`s to each finding, where the 4241 # transformation is applied to only values that were identified as a specific 4242 # info_type. 4243 "transformations": [ # Transformation for each infoType. Cannot specify more than one 4244 # for a given infoType. [required] 4245 { # A transformation to apply to text that is identified as a specific 4246 # info_type. 4247 "primitiveTransformation": { # A rule for transforming a value. # Primitive transformation to apply to the infoType. [required] 4248 "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a 4249 # fixed character. Masking can start from the beginning or end of the string. 4250 # This can be used on data of any type (numbers, longs, and so on) and when 4251 # de-identifying structured data we'll attempt to preserve the original data's 4252 # type. (This allows you to take a long like 123 and modify it to a string like 4253 # **3. 4254 "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing. 4255 # For example, if your string is 555-555-5555 and you ask us to skip `-` and 4256 # mask 5 chars with * we would produce ***-*55-5555. 4257 { # Characters to skip when doing deidentification of a value. These will be left 4258 # alone and skipped. 4259 "commonCharactersToIgnore": "A String", 4260 "charactersToSkip": "A String", 4261 }, 4262 ], 4263 "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be 4264 # masked. Skipped characters do not count towards this tally. 4265 "maskingCharacter": "A String", # Character to mask the sensitive values—for example, "*" for an 4266 # alphabetic string such as name, or "0" for a numeric string such as ZIP 4267 # code or credit card number. String must have length 1. If not supplied, we 4268 # will default to "*" for strings, 0 for digits. 4269 "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is 4270 # '0', number_to_mask is 14, and `reverse_order` is false, then 4271 # 1234-5678-9012-3456 -> 00000000000000-3456 4272 # If `masking_character` is '*', `number_to_mask` is 3, and `reverse_order` 4273 # is true, then 12345 -> 12*** 4274 }, 4275 "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` 4276 # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the 4277 # output would be 'My phone number is '. 4278 }, 4279 "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given 4280 # input. Outputs a base64 encoded representation of the encrypted output. 4281 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. 4282 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function. 4283 # a key encryption key (KEK) stored by KMS). 4284 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 4285 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 4286 # unwrap the data crypto key. 4287 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 4288 # The wrapped key must be a 128/192/256 bit key. 4289 # Authorization requires the following IAM permissions when sending a request 4290 # to perform a crypto transformation using a kms-wrapped crypto key: 4291 # dlp.kms.encrypt 4292 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 4293 "wrappedKey": "A String", # The wrapped data crypto key. [required] 4294 }, 4295 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 4296 # leaking the key. Choose another type of key if possible. 4297 "key": "A String", # A 128/192/256 bit key. [required] 4298 }, 4299 "transient": { # Use this to have a random data crypto key generated. 4300 # It will be discarded after the request finishes. 4301 "name": "A String", # Name of the key. [required] 4302 # This is an arbitrary string used to differentiate different keys. 4303 # A unique key is generated per name: two separate `TransientCryptoKey` 4304 # protos share the same generated key if their names are the same. 4305 # When the data crypto key is generated, this name is not used in any way 4306 # (repeating the api call will result in a different key being generated). 4307 }, 4308 }, 4309 "context": { # General identifier of a data field in a storage service. # Optional. A context may be used for higher security and maintaining 4310 # referential integrity such that the same identifier in two different 4311 # contexts will be given a distinct surrogate. The context is appended to 4312 # plaintext value being encrypted. On decryption the provided context is 4313 # validated against the value used during encryption. If a context was 4314 # provided during encryption, same context must be provided during decryption 4315 # as well. 4316 # 4317 # If the context is not set, plaintext would be used as is for encryption. 4318 # If the context is set but: 4319 # 4320 # 1. there is no record present when transforming a given value or 4321 # 2. the field is not present when transforming a given value, 4322 # 4323 # plaintext would be used as is for encryption. 4324 # 4325 # Note that case (1) is expected when an `InfoTypeTransformation` is 4326 # applied to both structured and non-structured `ContentItem`s. 4327 "name": "A String", # Name describing the field. 4328 }, 4329 "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. 4330 # This annotation will be applied to the surrogate by prefixing it with 4331 # the name of the custom info type followed by the number of 4332 # characters comprising the surrogate. The following scheme defines the 4333 # format: <info type name>(<surrogate character count>):<surrogate> 4334 # 4335 # For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and 4336 # the surrogate is 'abc', the full replacement value 4337 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 4338 # 4339 # This annotation identifies the surrogate when inspecting content using the 4340 # custom info type 'Surrogate'. This facilitates reversal of the 4341 # surrogate when it occurs in free text. 4342 # 4343 # In order for inspection to work properly, the name of this info type must 4344 # not occur naturally anywhere in your data; otherwise, inspection may either 4345 # 4346 # - reverse a surrogate that does not correspond to an actual identifier 4347 # - be unable to parse the surrogate and result in an error 4348 # 4349 # Therefore, choose your custom info type name carefully after considering 4350 # what your data looks like. One way to select a name that has a high chance 4351 # of yielding reliable detection is to include one or more unicode characters 4352 # that are highly improbable to exist in your data. 4353 # For example, assuming your data is entered from a regular ASCII keyboard, 4354 # the symbol with the hex code point 29DD might be used like so: 4355 # ⧝MY_TOKEN_TYPE 4356 "name": "A String", # Name of the information type. Either a name of your choosing when 4357 # creating a CustomInfoType, or one of the names listed 4358 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 4359 # a built-in type. InfoType names should conform to the pattern 4360 # [a-zA-Z0-9_]{1,64}. 4361 }, 4362 }, 4363 "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The 4364 # Bucketing transformation can provide all of this functionality, 4365 # but requires more configuration. This message is provided as a convenience to 4366 # the user for simple bucketing strategies. 4367 # 4368 # The transformed value will be a hyphenated string of 4369 # <lower_bound>-<upper_bound>, i.e if lower_bound = 10 and upper_bound = 20 4370 # all values that are within this bucket will be replaced with "10-20". 4371 # 4372 # This can be used on data of type: double, long. 4373 # 4374 # If the bound Value type differs from the type of data 4375 # being transformed, we will first attempt converting the type of the data to 4376 # be transformed to match the type of the bound before comparing. 4377 # 4378 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 4379 "lowerBound": { # Set of primitive values supported by the system. # Lower bound value of buckets. All values less than `lower_bound` are 4380 # grouped together into a single bucket; for example if `lower_bound` = 10, 4381 # then all values less than 10 are replaced with the value “-10”. [Required]. 4382 # Note that for the purposes of inspection or transformation, the number 4383 # of bytes considered to comprise a 'Value' is based on its representation 4384 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 4385 # 123456789, the number of bytes would be counted as 9, even though an 4386 # int64 only holds up to 8 bytes of data. 4387 "floatValue": 3.14, 4388 "timestampValue": "A String", 4389 "dayOfWeekValue": "A String", 4390 "timeValue": { # Represents a time of day. The date and time zone are either not significant 4391 # or are specified elsewhere. An API may choose to allow leap seconds. Related 4392 # types are google.type.Date and `google.protobuf.Timestamp`. 4393 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 4394 # to allow the value "24:00:00" for scenarios like business closing time. 4395 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 4396 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 4397 # allow the value 60 if it allows leap-seconds. 4398 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 4399 }, 4400 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 4401 # and time zone are either specified elsewhere or are not significant. The date 4402 # is relative to the Proleptic Gregorian Calendar. This can represent: 4403 # 4404 # * A full date, with non-zero year, month and day values 4405 # * A month and day value, with a zero year, e.g. an anniversary 4406 # * A year on its own, with zero month and day values 4407 # * A year and month value, with a zero day, e.g. a credit card expiration date 4408 # 4409 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 4410 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 4411 # a year. 4412 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 4413 # if specifying a year by itself or a year and month where the day is not 4414 # significant. 4415 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 4416 # month and day. 4417 }, 4418 "stringValue": "A String", 4419 "booleanValue": True or False, 4420 "integerValue": "A String", 4421 }, 4422 "upperBound": { # Set of primitive values supported by the system. # Upper bound value of buckets. All values greater than upper_bound are 4423 # grouped together into a single bucket; for example if `upper_bound` = 89, 4424 # then all values greater than 89 are replaced with the value “89+”. 4425 # [Required]. 4426 # Note that for the purposes of inspection or transformation, the number 4427 # of bytes considered to comprise a 'Value' is based on its representation 4428 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 4429 # 123456789, the number of bytes would be counted as 9, even though an 4430 # int64 only holds up to 8 bytes of data. 4431 "floatValue": 3.14, 4432 "timestampValue": "A String", 4433 "dayOfWeekValue": "A String", 4434 "timeValue": { # Represents a time of day. The date and time zone are either not significant 4435 # or are specified elsewhere. An API may choose to allow leap seconds. Related 4436 # types are google.type.Date and `google.protobuf.Timestamp`. 4437 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 4438 # to allow the value "24:00:00" for scenarios like business closing time. 4439 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 4440 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 4441 # allow the value 60 if it allows leap-seconds. 4442 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 4443 }, 4444 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 4445 # and time zone are either specified elsewhere or are not significant. The date 4446 # is relative to the Proleptic Gregorian Calendar. This can represent: 4447 # 4448 # * A full date, with non-zero year, month and day values 4449 # * A month and day value, with a zero year, e.g. an anniversary 4450 # * A year on its own, with zero month and day values 4451 # * A year and month value, with a zero day, e.g. a credit card expiration date 4452 # 4453 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 4454 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 4455 # a year. 4456 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 4457 # if specifying a year by itself or a year and month where the day is not 4458 # significant. 4459 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 4460 # month and day. 4461 }, 4462 "stringValue": "A String", 4463 "booleanValue": True or False, 4464 "integerValue": "A String", 4465 }, 4466 "bucketSize": 3.14, # Size of each bucket (except for minimum and maximum buckets). So if 4467 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the 4468 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 4469 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. [Required]. 4470 }, 4471 "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. 4472 }, 4473 "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a 4474 # portion of the value. 4475 "partToExtract": "A String", 4476 }, 4477 "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. 4478 # Uses SHA-256. 4479 # The key size must be either 32 or 64 bytes. 4480 # Outputs a base64 encoded representation of the hashed output 4481 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). 4482 # Currently, only string and integer values can be hashed. 4483 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more. 4484 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function. 4485 # a key encryption key (KEK) stored by KMS). 4486 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 4487 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 4488 # unwrap the data crypto key. 4489 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 4490 # The wrapped key must be a 128/192/256 bit key. 4491 # Authorization requires the following IAM permissions when sending a request 4492 # to perform a crypto transformation using a kms-wrapped crypto key: 4493 # dlp.kms.encrypt 4494 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 4495 "wrappedKey": "A String", # The wrapped data crypto key. [required] 4496 }, 4497 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 4498 # leaking the key. Choose another type of key if possible. 4499 "key": "A String", # A 128/192/256 bit key. [required] 4500 }, 4501 "transient": { # Use this to have a random data crypto key generated. 4502 # It will be discarded after the request finishes. 4503 "name": "A String", # Name of the key. [required] 4504 # This is an arbitrary string used to differentiate different keys. 4505 # A unique key is generated per name: two separate `TransientCryptoKey` 4506 # protos share the same generated key if their names are the same. 4507 # When the data crypto key is generated, this name is not used in any way 4508 # (repeating the api call will result in a different key being generated). 4509 }, 4510 }, 4511 }, 4512 "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the 4513 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting 4514 # to learn more. 4515 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This 4516 # results in the same shift for the same context and crypto_key. 4517 # a key encryption key (KEK) stored by KMS). 4518 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 4519 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 4520 # unwrap the data crypto key. 4521 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 4522 # The wrapped key must be a 128/192/256 bit key. 4523 # Authorization requires the following IAM permissions when sending a request 4524 # to perform a crypto transformation using a kms-wrapped crypto key: 4525 # dlp.kms.encrypt 4526 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 4527 "wrappedKey": "A String", # The wrapped data crypto key. [required] 4528 }, 4529 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 4530 # leaking the key. Choose another type of key if possible. 4531 "key": "A String", # A 128/192/256 bit key. [required] 4532 }, 4533 "transient": { # Use this to have a random data crypto key generated. 4534 # It will be discarded after the request finishes. 4535 "name": "A String", # Name of the key. [required] 4536 # This is an arbitrary string used to differentiate different keys. 4537 # A unique key is generated per name: two separate `TransientCryptoKey` 4538 # protos share the same generated key if their names are the same. 4539 # When the data crypto key is generated, this name is not used in any way 4540 # (repeating the api call will result in a different key being generated). 4541 }, 4542 }, 4543 "lowerBoundDays": 42, # For example, -5 means shift date to at most 5 days back in the past. 4544 # [Required] 4545 "upperBoundDays": 42, # Range of shift in days. Actual shift will be selected at random within this 4546 # range (inclusive ends). Negative means shift to earlier in time. Must not 4547 # be more than 365250 days (1000 years) each direction. 4548 # 4549 # For example, 3 means shift date to at most 3 days into the future. 4550 # [Required] 4551 "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. 4552 # If set, must also set method. If set, shift will be consistent for the 4553 # given context. 4554 "name": "A String", # Name describing the field. 4555 }, 4556 }, 4557 "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and 4558 # replacement values are dynamically provided by the user for custom behavior, 4559 # such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH 4560 # This can be used on 4561 # data of type: number, long, string, timestamp. 4562 # If the bound `Value` type differs from the type of data being transformed, we 4563 # will first attempt converting the type of the data to be transformed to match 4564 # the type of the bound before comparing. 4565 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 4566 "buckets": [ # Set of buckets. Ranges must be non-overlapping. 4567 { # Bucket is represented as a range, along with replacement values. 4568 "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min. 4569 # Note that for the purposes of inspection or transformation, the number 4570 # of bytes considered to comprise a 'Value' is based on its representation 4571 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 4572 # 123456789, the number of bytes would be counted as 9, even though an 4573 # int64 only holds up to 8 bytes of data. 4574 "floatValue": 3.14, 4575 "timestampValue": "A String", 4576 "dayOfWeekValue": "A String", 4577 "timeValue": { # Represents a time of day. The date and time zone are either not significant 4578 # or are specified elsewhere. An API may choose to allow leap seconds. Related 4579 # types are google.type.Date and `google.protobuf.Timestamp`. 4580 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 4581 # to allow the value "24:00:00" for scenarios like business closing time. 4582 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 4583 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 4584 # allow the value 60 if it allows leap-seconds. 4585 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 4586 }, 4587 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 4588 # and time zone are either specified elsewhere or are not significant. The date 4589 # is relative to the Proleptic Gregorian Calendar. This can represent: 4590 # 4591 # * A full date, with non-zero year, month and day values 4592 # * A month and day value, with a zero year, e.g. an anniversary 4593 # * A year on its own, with zero month and day values 4594 # * A year and month value, with a zero day, e.g. a credit card expiration date 4595 # 4596 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 4597 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 4598 # a year. 4599 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 4600 # if specifying a year by itself or a year and month where the day is not 4601 # significant. 4602 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 4603 # month and day. 4604 }, 4605 "stringValue": "A String", 4606 "booleanValue": True or False, 4607 "integerValue": "A String", 4608 }, 4609 "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided 4610 # the default behavior will be to hyphenate the min-max range. 4611 # Note that for the purposes of inspection or transformation, the number 4612 # of bytes considered to comprise a 'Value' is based on its representation 4613 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 4614 # 123456789, the number of bytes would be counted as 9, even though an 4615 # int64 only holds up to 8 bytes of data. 4616 "floatValue": 3.14, 4617 "timestampValue": "A String", 4618 "dayOfWeekValue": "A String", 4619 "timeValue": { # Represents a time of day. The date and time zone are either not significant 4620 # or are specified elsewhere. An API may choose to allow leap seconds. Related 4621 # types are google.type.Date and `google.protobuf.Timestamp`. 4622 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 4623 # to allow the value "24:00:00" for scenarios like business closing time. 4624 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 4625 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 4626 # allow the value 60 if it allows leap-seconds. 4627 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 4628 }, 4629 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 4630 # and time zone are either specified elsewhere or are not significant. The date 4631 # is relative to the Proleptic Gregorian Calendar. This can represent: 4632 # 4633 # * A full date, with non-zero year, month and day values 4634 # * A month and day value, with a zero year, e.g. an anniversary 4635 # * A year on its own, with zero month and day values 4636 # * A year and month value, with a zero day, e.g. a credit card expiration date 4637 # 4638 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 4639 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 4640 # a year. 4641 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 4642 # if specifying a year by itself or a year and month where the day is not 4643 # significant. 4644 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 4645 # month and day. 4646 }, 4647 "stringValue": "A String", 4648 "booleanValue": True or False, 4649 "integerValue": "A String", 4650 }, 4651 "min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if 4652 # used. 4653 # Note that for the purposes of inspection or transformation, the number 4654 # of bytes considered to comprise a 'Value' is based on its representation 4655 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 4656 # 123456789, the number of bytes would be counted as 9, even though an 4657 # int64 only holds up to 8 bytes of data. 4658 "floatValue": 3.14, 4659 "timestampValue": "A String", 4660 "dayOfWeekValue": "A String", 4661 "timeValue": { # Represents a time of day. The date and time zone are either not significant 4662 # or are specified elsewhere. An API may choose to allow leap seconds. Related 4663 # types are google.type.Date and `google.protobuf.Timestamp`. 4664 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 4665 # to allow the value "24:00:00" for scenarios like business closing time. 4666 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 4667 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 4668 # allow the value 60 if it allows leap-seconds. 4669 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 4670 }, 4671 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 4672 # and time zone are either specified elsewhere or are not significant. The date 4673 # is relative to the Proleptic Gregorian Calendar. This can represent: 4674 # 4675 # * A full date, with non-zero year, month and day values 4676 # * A month and day value, with a zero year, e.g. an anniversary 4677 # * A year on its own, with zero month and day values 4678 # * A year and month value, with a zero day, e.g. a credit card expiration date 4679 # 4680 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 4681 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 4682 # a year. 4683 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 4684 # if specifying a year by itself or a year and month where the day is not 4685 # significant. 4686 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 4687 # month and day. 4688 }, 4689 "stringValue": "A String", 4690 "booleanValue": True or False, 4691 "integerValue": "A String", 4692 }, 4693 }, 4694 ], 4695 }, 4696 "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption 4697 # (FPE) with the FFX mode of operation; however when used in the 4698 # `ReidentifyContent` API method, it serves the opposite function by reversing 4699 # the surrogate back into the original identifier. The identifier must be 4700 # encoded as ASCII. For a given crypto key and context, the same identifier 4701 # will be replaced with the same surrogate. Identifiers must be at least two 4702 # characters long. In the case that the identifier is the empty string, it will 4703 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn 4704 # more. 4705 # 4706 # Note: We recommend using CryptoDeterministicConfig for all use cases which 4707 # do not require preserving the input alphabet space and size, plus warrant 4708 # referential integrity. 4709 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption algorithm. [required] 4710 # a key encryption key (KEK) stored by KMS). 4711 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 4712 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 4713 # unwrap the data crypto key. 4714 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 4715 # The wrapped key must be a 128/192/256 bit key. 4716 # Authorization requires the following IAM permissions when sending a request 4717 # to perform a crypto transformation using a kms-wrapped crypto key: 4718 # dlp.kms.encrypt 4719 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 4720 "wrappedKey": "A String", # The wrapped data crypto key. [required] 4721 }, 4722 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 4723 # leaking the key. Choose another type of key if possible. 4724 "key": "A String", # A 128/192/256 bit key. [required] 4725 }, 4726 "transient": { # Use this to have a random data crypto key generated. 4727 # It will be discarded after the request finishes. 4728 "name": "A String", # Name of the key. [required] 4729 # This is an arbitrary string used to differentiate different keys. 4730 # A unique key is generated per name: two separate `TransientCryptoKey` 4731 # protos share the same generated key if their names are the same. 4732 # When the data crypto key is generated, this name is not used in any way 4733 # (repeating the api call will result in a different key being generated). 4734 }, 4735 }, 4736 "radix": 42, # The native way to select the alphabet. Must be in the range [2, 62]. 4737 "commonAlphabet": "A String", 4738 "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters 4739 # that the FFX mode natively supports. This happens before/after 4740 # encryption/decryption. 4741 # Each character listed must appear only once. 4742 # Number of characters must be in the range [2, 62]. 4743 # This must be encoded as ASCII. 4744 # The order of characters does not matter. 4745 "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same 4746 # identifier in two different contexts won't be given the same surrogate. If 4747 # the context is not set, a default tweak will be used. 4748 # 4749 # If the context is set but: 4750 # 4751 # 1. there is no record present when transforming a given value or 4752 # 1. the field is not present when transforming a given value, 4753 # 4754 # a default tweak will be used. 4755 # 4756 # Note that case (1) is expected when an `InfoTypeTransformation` is 4757 # applied to both structured and non-structured `ContentItem`s. 4758 # Currently, the referenced field may be of value type integer or string. 4759 # 4760 # The tweak is constructed as a sequence of bytes in big endian byte order 4761 # such that: 4762 # 4763 # - a 64 bit integer is encoded followed by a single byte of value 1 4764 # - a string is encoded in UTF-8 format followed by a single byte of value 2 4765 "name": "A String", # Name describing the field. 4766 }, 4767 "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. 4768 # This annotation will be applied to the surrogate by prefixing it with 4769 # the name of the custom infoType followed by the number of 4770 # characters comprising the surrogate. The following scheme defines the 4771 # format: info_type_name(surrogate_character_count):surrogate 4772 # 4773 # For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and 4774 # the surrogate is 'abc', the full replacement value 4775 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 4776 # 4777 # This annotation identifies the surrogate when inspecting content using the 4778 # custom infoType 4779 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). 4780 # This facilitates reversal of the surrogate when it occurs in free text. 4781 # 4782 # In order for inspection to work properly, the name of this infoType must 4783 # not occur naturally anywhere in your data; otherwise, inspection may 4784 # find a surrogate that does not correspond to an actual identifier. 4785 # Therefore, choose your custom infoType name carefully after considering 4786 # what your data looks like. One way to select a name that has a high chance 4787 # of yielding reliable detection is to include one or more unicode characters 4788 # that are highly improbable to exist in your data. 4789 # For example, assuming your data is entered from a regular ASCII keyboard, 4790 # the symbol with the hex code point 29DD might be used like so: 4791 # ⧝MY_TOKEN_TYPE 4792 "name": "A String", # Name of the information type. Either a name of your choosing when 4793 # creating a CustomInfoType, or one of the names listed 4794 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 4795 # a built-in type. InfoType names should conform to the pattern 4796 # [a-zA-Z0-9_]{1,64}. 4797 }, 4798 }, 4799 "replaceConfig": { # Replace each input value with a given `Value`. 4800 "newValue": { # Set of primitive values supported by the system. # Value to replace it with. 4801 # Note that for the purposes of inspection or transformation, the number 4802 # of bytes considered to comprise a 'Value' is based on its representation 4803 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 4804 # 123456789, the number of bytes would be counted as 9, even though an 4805 # int64 only holds up to 8 bytes of data. 4806 "floatValue": 3.14, 4807 "timestampValue": "A String", 4808 "dayOfWeekValue": "A String", 4809 "timeValue": { # Represents a time of day. The date and time zone are either not significant 4810 # or are specified elsewhere. An API may choose to allow leap seconds. Related 4811 # types are google.type.Date and `google.protobuf.Timestamp`. 4812 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 4813 # to allow the value "24:00:00" for scenarios like business closing time. 4814 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 4815 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 4816 # allow the value 60 if it allows leap-seconds. 4817 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 4818 }, 4819 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 4820 # and time zone are either specified elsewhere or are not significant. The date 4821 # is relative to the Proleptic Gregorian Calendar. This can represent: 4822 # 4823 # * A full date, with non-zero year, month and day values 4824 # * A month and day value, with a zero year, e.g. an anniversary 4825 # * A year on its own, with zero month and day values 4826 # * A year and month value, with a zero day, e.g. a credit card expiration date 4827 # 4828 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 4829 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 4830 # a year. 4831 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 4832 # if specifying a year by itself or a year and month where the day is not 4833 # significant. 4834 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 4835 # month and day. 4836 }, 4837 "stringValue": "A String", 4838 "booleanValue": True or False, 4839 "integerValue": "A String", 4840 }, 4841 }, 4842 }, 4843 "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause 4844 # this transformation to apply to all findings that correspond to 4845 # infoTypes that were requested in `InspectConfig`. 4846 { # Type of information detected by the API. 4847 "name": "A String", # Name of the information type. Either a name of your choosing when 4848 # creating a CustomInfoType, or one of the names listed 4849 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 4850 # a built-in type. InfoType names should conform to the pattern 4851 # [a-zA-Z0-9_]{1,64}. 4852 }, 4853 ], 4854 }, 4855 ], 4856 }, 4857 "recordTransformations": { # A type of transformation that is applied over structured data such as a # Treat the dataset as structured. Transformations can be applied to 4858 # specific locations within structured datasets, such as transforming 4859 # a column within a table. 4860 # table. 4861 "recordSuppressions": [ # Configuration defining which records get suppressed entirely. Records that 4862 # match any suppression rule are omitted from the output [optional]. 4863 { # Configuration to suppress records whose suppression conditions evaluate to 4864 # true. 4865 "condition": { # A condition for determining whether a transformation should be applied to # A condition that when it evaluates to true will result in the record being 4866 # evaluated to be suppressed from the transformed content. 4867 # a field. 4868 "expressions": { # An expression, consisting or an operator and conditions. # An expression. 4869 "conditions": { # A collection of conditions. 4870 "conditions": [ 4871 { # The field type of `value` and `field` do not need to match to be 4872 # considered equal, but not all comparisons are possible. 4873 # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, 4874 # but all other comparisons are invalid with incompatible types. 4875 # A `value` of type: 4876 # 4877 # - `string` can be compared against all other types 4878 # - `boolean` can only be compared against other booleans 4879 # - `integer` can be compared against doubles or a string if the string value 4880 # can be parsed as an integer. 4881 # - `double` can be compared against integers or a string if the string can 4882 # be parsed as a double. 4883 # - `Timestamp` can be compared against strings in RFC 3339 date string 4884 # format. 4885 # - `TimeOfDay` can be compared against timestamps and strings in the format 4886 # of 'HH:mm:ss'. 4887 # 4888 # If we fail to compare do to type mismatch, a warning will be given and 4889 # the condition will evaluate to false. 4890 "operator": "A String", # Operator used to compare the field or infoType to the value. [required] 4891 "field": { # General identifier of a data field in a storage service. # Field within the record this condition is evaluated against. [required] 4892 "name": "A String", # Name describing the field. 4893 }, 4894 "value": { # Set of primitive values supported by the system. # Value to compare against. [Required, except for `EXISTS` tests.] 4895 # Note that for the purposes of inspection or transformation, the number 4896 # of bytes considered to comprise a 'Value' is based on its representation 4897 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 4898 # 123456789, the number of bytes would be counted as 9, even though an 4899 # int64 only holds up to 8 bytes of data. 4900 "floatValue": 3.14, 4901 "timestampValue": "A String", 4902 "dayOfWeekValue": "A String", 4903 "timeValue": { # Represents a time of day. The date and time zone are either not significant 4904 # or are specified elsewhere. An API may choose to allow leap seconds. Related 4905 # types are google.type.Date and `google.protobuf.Timestamp`. 4906 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 4907 # to allow the value "24:00:00" for scenarios like business closing time. 4908 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 4909 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 4910 # allow the value 60 if it allows leap-seconds. 4911 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 4912 }, 4913 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 4914 # and time zone are either specified elsewhere or are not significant. The date 4915 # is relative to the Proleptic Gregorian Calendar. This can represent: 4916 # 4917 # * A full date, with non-zero year, month and day values 4918 # * A month and day value, with a zero year, e.g. an anniversary 4919 # * A year on its own, with zero month and day values 4920 # * A year and month value, with a zero day, e.g. a credit card expiration date 4921 # 4922 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 4923 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 4924 # a year. 4925 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 4926 # if specifying a year by itself or a year and month where the day is not 4927 # significant. 4928 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 4929 # month and day. 4930 }, 4931 "stringValue": "A String", 4932 "booleanValue": True or False, 4933 "integerValue": "A String", 4934 }, 4935 }, 4936 ], 4937 }, 4938 "logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently 4939 # only supported value is `AND`. 4940 }, 4941 }, 4942 }, 4943 ], 4944 "fieldTransformations": [ # Transform the record by applying various field transformations. 4945 { # The transformation to apply to the field. 4946 "infoTypeTransformations": { # A type of transformation that will scan unstructured text and # Treat the contents of the field as free text, and selectively 4947 # transform content that matches an `InfoType`. 4948 # apply various `PrimitiveTransformation`s to each finding, where the 4949 # transformation is applied to only values that were identified as a specific 4950 # info_type. 4951 "transformations": [ # Transformation for each infoType. Cannot specify more than one 4952 # for a given infoType. [required] 4953 { # A transformation to apply to text that is identified as a specific 4954 # info_type. 4955 "primitiveTransformation": { # A rule for transforming a value. # Primitive transformation to apply to the infoType. [required] 4956 "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a 4957 # fixed character. Masking can start from the beginning or end of the string. 4958 # This can be used on data of any type (numbers, longs, and so on) and when 4959 # de-identifying structured data we'll attempt to preserve the original data's 4960 # type. (This allows you to take a long like 123 and modify it to a string like 4961 # **3. 4962 "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing. 4963 # For example, if your string is 555-555-5555 and you ask us to skip `-` and 4964 # mask 5 chars with * we would produce ***-*55-5555. 4965 { # Characters to skip when doing deidentification of a value. These will be left 4966 # alone and skipped. 4967 "commonCharactersToIgnore": "A String", 4968 "charactersToSkip": "A String", 4969 }, 4970 ], 4971 "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be 4972 # masked. Skipped characters do not count towards this tally. 4973 "maskingCharacter": "A String", # Character to mask the sensitive values—for example, "*" for an 4974 # alphabetic string such as name, or "0" for a numeric string such as ZIP 4975 # code or credit card number. String must have length 1. If not supplied, we 4976 # will default to "*" for strings, 0 for digits. 4977 "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is 4978 # '0', number_to_mask is 14, and `reverse_order` is false, then 4979 # 1234-5678-9012-3456 -> 00000000000000-3456 4980 # If `masking_character` is '*', `number_to_mask` is 3, and `reverse_order` 4981 # is true, then 12345 -> 12*** 4982 }, 4983 "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` 4984 # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the 4985 # output would be 'My phone number is '. 4986 }, 4987 "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given 4988 # input. Outputs a base64 encoded representation of the encrypted output. 4989 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. 4990 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function. 4991 # a key encryption key (KEK) stored by KMS). 4992 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 4993 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 4994 # unwrap the data crypto key. 4995 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 4996 # The wrapped key must be a 128/192/256 bit key. 4997 # Authorization requires the following IAM permissions when sending a request 4998 # to perform a crypto transformation using a kms-wrapped crypto key: 4999 # dlp.kms.encrypt 5000 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 5001 "wrappedKey": "A String", # The wrapped data crypto key. [required] 5002 }, 5003 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 5004 # leaking the key. Choose another type of key if possible. 5005 "key": "A String", # A 128/192/256 bit key. [required] 5006 }, 5007 "transient": { # Use this to have a random data crypto key generated. 5008 # It will be discarded after the request finishes. 5009 "name": "A String", # Name of the key. [required] 5010 # This is an arbitrary string used to differentiate different keys. 5011 # A unique key is generated per name: two separate `TransientCryptoKey` 5012 # protos share the same generated key if their names are the same. 5013 # When the data crypto key is generated, this name is not used in any way 5014 # (repeating the api call will result in a different key being generated). 5015 }, 5016 }, 5017 "context": { # General identifier of a data field in a storage service. # Optional. A context may be used for higher security and maintaining 5018 # referential integrity such that the same identifier in two different 5019 # contexts will be given a distinct surrogate. The context is appended to 5020 # plaintext value being encrypted. On decryption the provided context is 5021 # validated against the value used during encryption. If a context was 5022 # provided during encryption, same context must be provided during decryption 5023 # as well. 5024 # 5025 # If the context is not set, plaintext would be used as is for encryption. 5026 # If the context is set but: 5027 # 5028 # 1. there is no record present when transforming a given value or 5029 # 2. the field is not present when transforming a given value, 5030 # 5031 # plaintext would be used as is for encryption. 5032 # 5033 # Note that case (1) is expected when an `InfoTypeTransformation` is 5034 # applied to both structured and non-structured `ContentItem`s. 5035 "name": "A String", # Name describing the field. 5036 }, 5037 "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. 5038 # This annotation will be applied to the surrogate by prefixing it with 5039 # the name of the custom info type followed by the number of 5040 # characters comprising the surrogate. The following scheme defines the 5041 # format: <info type name>(<surrogate character count>):<surrogate> 5042 # 5043 # For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and 5044 # the surrogate is 'abc', the full replacement value 5045 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 5046 # 5047 # This annotation identifies the surrogate when inspecting content using the 5048 # custom info type 'Surrogate'. This facilitates reversal of the 5049 # surrogate when it occurs in free text. 5050 # 5051 # In order for inspection to work properly, the name of this info type must 5052 # not occur naturally anywhere in your data; otherwise, inspection may either 5053 # 5054 # - reverse a surrogate that does not correspond to an actual identifier 5055 # - be unable to parse the surrogate and result in an error 5056 # 5057 # Therefore, choose your custom info type name carefully after considering 5058 # what your data looks like. One way to select a name that has a high chance 5059 # of yielding reliable detection is to include one or more unicode characters 5060 # that are highly improbable to exist in your data. 5061 # For example, assuming your data is entered from a regular ASCII keyboard, 5062 # the symbol with the hex code point 29DD might be used like so: 5063 # ⧝MY_TOKEN_TYPE 5064 "name": "A String", # Name of the information type. Either a name of your choosing when 5065 # creating a CustomInfoType, or one of the names listed 5066 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 5067 # a built-in type. InfoType names should conform to the pattern 5068 # [a-zA-Z0-9_]{1,64}. 5069 }, 5070 }, 5071 "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The 5072 # Bucketing transformation can provide all of this functionality, 5073 # but requires more configuration. This message is provided as a convenience to 5074 # the user for simple bucketing strategies. 5075 # 5076 # The transformed value will be a hyphenated string of 5077 # <lower_bound>-<upper_bound>, i.e if lower_bound = 10 and upper_bound = 20 5078 # all values that are within this bucket will be replaced with "10-20". 5079 # 5080 # This can be used on data of type: double, long. 5081 # 5082 # If the bound Value type differs from the type of data 5083 # being transformed, we will first attempt converting the type of the data to 5084 # be transformed to match the type of the bound before comparing. 5085 # 5086 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 5087 "lowerBound": { # Set of primitive values supported by the system. # Lower bound value of buckets. All values less than `lower_bound` are 5088 # grouped together into a single bucket; for example if `lower_bound` = 10, 5089 # then all values less than 10 are replaced with the value “-10”. [Required]. 5090 # Note that for the purposes of inspection or transformation, the number 5091 # of bytes considered to comprise a 'Value' is based on its representation 5092 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 5093 # 123456789, the number of bytes would be counted as 9, even though an 5094 # int64 only holds up to 8 bytes of data. 5095 "floatValue": 3.14, 5096 "timestampValue": "A String", 5097 "dayOfWeekValue": "A String", 5098 "timeValue": { # Represents a time of day. The date and time zone are either not significant 5099 # or are specified elsewhere. An API may choose to allow leap seconds. Related 5100 # types are google.type.Date and `google.protobuf.Timestamp`. 5101 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 5102 # to allow the value "24:00:00" for scenarios like business closing time. 5103 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 5104 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 5105 # allow the value 60 if it allows leap-seconds. 5106 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 5107 }, 5108 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 5109 # and time zone are either specified elsewhere or are not significant. The date 5110 # is relative to the Proleptic Gregorian Calendar. This can represent: 5111 # 5112 # * A full date, with non-zero year, month and day values 5113 # * A month and day value, with a zero year, e.g. an anniversary 5114 # * A year on its own, with zero month and day values 5115 # * A year and month value, with a zero day, e.g. a credit card expiration date 5116 # 5117 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 5118 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 5119 # a year. 5120 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 5121 # if specifying a year by itself or a year and month where the day is not 5122 # significant. 5123 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 5124 # month and day. 5125 }, 5126 "stringValue": "A String", 5127 "booleanValue": True or False, 5128 "integerValue": "A String", 5129 }, 5130 "upperBound": { # Set of primitive values supported by the system. # Upper bound value of buckets. All values greater than upper_bound are 5131 # grouped together into a single bucket; for example if `upper_bound` = 89, 5132 # then all values greater than 89 are replaced with the value “89+”. 5133 # [Required]. 5134 # Note that for the purposes of inspection or transformation, the number 5135 # of bytes considered to comprise a 'Value' is based on its representation 5136 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 5137 # 123456789, the number of bytes would be counted as 9, even though an 5138 # int64 only holds up to 8 bytes of data. 5139 "floatValue": 3.14, 5140 "timestampValue": "A String", 5141 "dayOfWeekValue": "A String", 5142 "timeValue": { # Represents a time of day. The date and time zone are either not significant 5143 # or are specified elsewhere. An API may choose to allow leap seconds. Related 5144 # types are google.type.Date and `google.protobuf.Timestamp`. 5145 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 5146 # to allow the value "24:00:00" for scenarios like business closing time. 5147 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 5148 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 5149 # allow the value 60 if it allows leap-seconds. 5150 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 5151 }, 5152 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 5153 # and time zone are either specified elsewhere or are not significant. The date 5154 # is relative to the Proleptic Gregorian Calendar. This can represent: 5155 # 5156 # * A full date, with non-zero year, month and day values 5157 # * A month and day value, with a zero year, e.g. an anniversary 5158 # * A year on its own, with zero month and day values 5159 # * A year and month value, with a zero day, e.g. a credit card expiration date 5160 # 5161 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 5162 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 5163 # a year. 5164 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 5165 # if specifying a year by itself or a year and month where the day is not 5166 # significant. 5167 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 5168 # month and day. 5169 }, 5170 "stringValue": "A String", 5171 "booleanValue": True or False, 5172 "integerValue": "A String", 5173 }, 5174 "bucketSize": 3.14, # Size of each bucket (except for minimum and maximum buckets). So if 5175 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the 5176 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 5177 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. [Required]. 5178 }, 5179 "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. 5180 }, 5181 "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a 5182 # portion of the value. 5183 "partToExtract": "A String", 5184 }, 5185 "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. 5186 # Uses SHA-256. 5187 # The key size must be either 32 or 64 bytes. 5188 # Outputs a base64 encoded representation of the hashed output 5189 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). 5190 # Currently, only string and integer values can be hashed. 5191 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more. 5192 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function. 5193 # a key encryption key (KEK) stored by KMS). 5194 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 5195 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 5196 # unwrap the data crypto key. 5197 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 5198 # The wrapped key must be a 128/192/256 bit key. 5199 # Authorization requires the following IAM permissions when sending a request 5200 # to perform a crypto transformation using a kms-wrapped crypto key: 5201 # dlp.kms.encrypt 5202 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 5203 "wrappedKey": "A String", # The wrapped data crypto key. [required] 5204 }, 5205 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 5206 # leaking the key. Choose another type of key if possible. 5207 "key": "A String", # A 128/192/256 bit key. [required] 5208 }, 5209 "transient": { # Use this to have a random data crypto key generated. 5210 # It will be discarded after the request finishes. 5211 "name": "A String", # Name of the key. [required] 5212 # This is an arbitrary string used to differentiate different keys. 5213 # A unique key is generated per name: two separate `TransientCryptoKey` 5214 # protos share the same generated key if their names are the same. 5215 # When the data crypto key is generated, this name is not used in any way 5216 # (repeating the api call will result in a different key being generated). 5217 }, 5218 }, 5219 }, 5220 "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the 5221 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting 5222 # to learn more. 5223 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This 5224 # results in the same shift for the same context and crypto_key. 5225 # a key encryption key (KEK) stored by KMS). 5226 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 5227 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 5228 # unwrap the data crypto key. 5229 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 5230 # The wrapped key must be a 128/192/256 bit key. 5231 # Authorization requires the following IAM permissions when sending a request 5232 # to perform a crypto transformation using a kms-wrapped crypto key: 5233 # dlp.kms.encrypt 5234 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 5235 "wrappedKey": "A String", # The wrapped data crypto key. [required] 5236 }, 5237 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 5238 # leaking the key. Choose another type of key if possible. 5239 "key": "A String", # A 128/192/256 bit key. [required] 5240 }, 5241 "transient": { # Use this to have a random data crypto key generated. 5242 # It will be discarded after the request finishes. 5243 "name": "A String", # Name of the key. [required] 5244 # This is an arbitrary string used to differentiate different keys. 5245 # A unique key is generated per name: two separate `TransientCryptoKey` 5246 # protos share the same generated key if their names are the same. 5247 # When the data crypto key is generated, this name is not used in any way 5248 # (repeating the api call will result in a different key being generated). 5249 }, 5250 }, 5251 "lowerBoundDays": 42, # For example, -5 means shift date to at most 5 days back in the past. 5252 # [Required] 5253 "upperBoundDays": 42, # Range of shift in days. Actual shift will be selected at random within this 5254 # range (inclusive ends). Negative means shift to earlier in time. Must not 5255 # be more than 365250 days (1000 years) each direction. 5256 # 5257 # For example, 3 means shift date to at most 3 days into the future. 5258 # [Required] 5259 "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. 5260 # If set, must also set method. If set, shift will be consistent for the 5261 # given context. 5262 "name": "A String", # Name describing the field. 5263 }, 5264 }, 5265 "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and 5266 # replacement values are dynamically provided by the user for custom behavior, 5267 # such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH 5268 # This can be used on 5269 # data of type: number, long, string, timestamp. 5270 # If the bound `Value` type differs from the type of data being transformed, we 5271 # will first attempt converting the type of the data to be transformed to match 5272 # the type of the bound before comparing. 5273 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 5274 "buckets": [ # Set of buckets. Ranges must be non-overlapping. 5275 { # Bucket is represented as a range, along with replacement values. 5276 "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min. 5277 # Note that for the purposes of inspection or transformation, the number 5278 # of bytes considered to comprise a 'Value' is based on its representation 5279 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 5280 # 123456789, the number of bytes would be counted as 9, even though an 5281 # int64 only holds up to 8 bytes of data. 5282 "floatValue": 3.14, 5283 "timestampValue": "A String", 5284 "dayOfWeekValue": "A String", 5285 "timeValue": { # Represents a time of day. The date and time zone are either not significant 5286 # or are specified elsewhere. An API may choose to allow leap seconds. Related 5287 # types are google.type.Date and `google.protobuf.Timestamp`. 5288 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 5289 # to allow the value "24:00:00" for scenarios like business closing time. 5290 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 5291 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 5292 # allow the value 60 if it allows leap-seconds. 5293 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 5294 }, 5295 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 5296 # and time zone are either specified elsewhere or are not significant. The date 5297 # is relative to the Proleptic Gregorian Calendar. This can represent: 5298 # 5299 # * A full date, with non-zero year, month and day values 5300 # * A month and day value, with a zero year, e.g. an anniversary 5301 # * A year on its own, with zero month and day values 5302 # * A year and month value, with a zero day, e.g. a credit card expiration date 5303 # 5304 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 5305 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 5306 # a year. 5307 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 5308 # if specifying a year by itself or a year and month where the day is not 5309 # significant. 5310 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 5311 # month and day. 5312 }, 5313 "stringValue": "A String", 5314 "booleanValue": True or False, 5315 "integerValue": "A String", 5316 }, 5317 "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided 5318 # the default behavior will be to hyphenate the min-max range. 5319 # Note that for the purposes of inspection or transformation, the number 5320 # of bytes considered to comprise a 'Value' is based on its representation 5321 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 5322 # 123456789, the number of bytes would be counted as 9, even though an 5323 # int64 only holds up to 8 bytes of data. 5324 "floatValue": 3.14, 5325 "timestampValue": "A String", 5326 "dayOfWeekValue": "A String", 5327 "timeValue": { # Represents a time of day. The date and time zone are either not significant 5328 # or are specified elsewhere. An API may choose to allow leap seconds. Related 5329 # types are google.type.Date and `google.protobuf.Timestamp`. 5330 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 5331 # to allow the value "24:00:00" for scenarios like business closing time. 5332 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 5333 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 5334 # allow the value 60 if it allows leap-seconds. 5335 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 5336 }, 5337 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 5338 # and time zone are either specified elsewhere or are not significant. The date 5339 # is relative to the Proleptic Gregorian Calendar. This can represent: 5340 # 5341 # * A full date, with non-zero year, month and day values 5342 # * A month and day value, with a zero year, e.g. an anniversary 5343 # * A year on its own, with zero month and day values 5344 # * A year and month value, with a zero day, e.g. a credit card expiration date 5345 # 5346 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 5347 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 5348 # a year. 5349 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 5350 # if specifying a year by itself or a year and month where the day is not 5351 # significant. 5352 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 5353 # month and day. 5354 }, 5355 "stringValue": "A String", 5356 "booleanValue": True or False, 5357 "integerValue": "A String", 5358 }, 5359 "min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if 5360 # used. 5361 # Note that for the purposes of inspection or transformation, the number 5362 # of bytes considered to comprise a 'Value' is based on its representation 5363 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 5364 # 123456789, the number of bytes would be counted as 9, even though an 5365 # int64 only holds up to 8 bytes of data. 5366 "floatValue": 3.14, 5367 "timestampValue": "A String", 5368 "dayOfWeekValue": "A String", 5369 "timeValue": { # Represents a time of day. The date and time zone are either not significant 5370 # or are specified elsewhere. An API may choose to allow leap seconds. Related 5371 # types are google.type.Date and `google.protobuf.Timestamp`. 5372 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 5373 # to allow the value "24:00:00" for scenarios like business closing time. 5374 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 5375 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 5376 # allow the value 60 if it allows leap-seconds. 5377 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 5378 }, 5379 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 5380 # and time zone are either specified elsewhere or are not significant. The date 5381 # is relative to the Proleptic Gregorian Calendar. This can represent: 5382 # 5383 # * A full date, with non-zero year, month and day values 5384 # * A month and day value, with a zero year, e.g. an anniversary 5385 # * A year on its own, with zero month and day values 5386 # * A year and month value, with a zero day, e.g. a credit card expiration date 5387 # 5388 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 5389 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 5390 # a year. 5391 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 5392 # if specifying a year by itself or a year and month where the day is not 5393 # significant. 5394 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 5395 # month and day. 5396 }, 5397 "stringValue": "A String", 5398 "booleanValue": True or False, 5399 "integerValue": "A String", 5400 }, 5401 }, 5402 ], 5403 }, 5404 "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption 5405 # (FPE) with the FFX mode of operation; however when used in the 5406 # `ReidentifyContent` API method, it serves the opposite function by reversing 5407 # the surrogate back into the original identifier. The identifier must be 5408 # encoded as ASCII. For a given crypto key and context, the same identifier 5409 # will be replaced with the same surrogate. Identifiers must be at least two 5410 # characters long. In the case that the identifier is the empty string, it will 5411 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn 5412 # more. 5413 # 5414 # Note: We recommend using CryptoDeterministicConfig for all use cases which 5415 # do not require preserving the input alphabet space and size, plus warrant 5416 # referential integrity. 5417 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption algorithm. [required] 5418 # a key encryption key (KEK) stored by KMS). 5419 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 5420 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 5421 # unwrap the data crypto key. 5422 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 5423 # The wrapped key must be a 128/192/256 bit key. 5424 # Authorization requires the following IAM permissions when sending a request 5425 # to perform a crypto transformation using a kms-wrapped crypto key: 5426 # dlp.kms.encrypt 5427 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 5428 "wrappedKey": "A String", # The wrapped data crypto key. [required] 5429 }, 5430 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 5431 # leaking the key. Choose another type of key if possible. 5432 "key": "A String", # A 128/192/256 bit key. [required] 5433 }, 5434 "transient": { # Use this to have a random data crypto key generated. 5435 # It will be discarded after the request finishes. 5436 "name": "A String", # Name of the key. [required] 5437 # This is an arbitrary string used to differentiate different keys. 5438 # A unique key is generated per name: two separate `TransientCryptoKey` 5439 # protos share the same generated key if their names are the same. 5440 # When the data crypto key is generated, this name is not used in any way 5441 # (repeating the api call will result in a different key being generated). 5442 }, 5443 }, 5444 "radix": 42, # The native way to select the alphabet. Must be in the range [2, 62]. 5445 "commonAlphabet": "A String", 5446 "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters 5447 # that the FFX mode natively supports. This happens before/after 5448 # encryption/decryption. 5449 # Each character listed must appear only once. 5450 # Number of characters must be in the range [2, 62]. 5451 # This must be encoded as ASCII. 5452 # The order of characters does not matter. 5453 "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same 5454 # identifier in two different contexts won't be given the same surrogate. If 5455 # the context is not set, a default tweak will be used. 5456 # 5457 # If the context is set but: 5458 # 5459 # 1. there is no record present when transforming a given value or 5460 # 1. the field is not present when transforming a given value, 5461 # 5462 # a default tweak will be used. 5463 # 5464 # Note that case (1) is expected when an `InfoTypeTransformation` is 5465 # applied to both structured and non-structured `ContentItem`s. 5466 # Currently, the referenced field may be of value type integer or string. 5467 # 5468 # The tweak is constructed as a sequence of bytes in big endian byte order 5469 # such that: 5470 # 5471 # - a 64 bit integer is encoded followed by a single byte of value 1 5472 # - a string is encoded in UTF-8 format followed by a single byte of value 2 5473 "name": "A String", # Name describing the field. 5474 }, 5475 "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. 5476 # This annotation will be applied to the surrogate by prefixing it with 5477 # the name of the custom infoType followed by the number of 5478 # characters comprising the surrogate. The following scheme defines the 5479 # format: info_type_name(surrogate_character_count):surrogate 5480 # 5481 # For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and 5482 # the surrogate is 'abc', the full replacement value 5483 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 5484 # 5485 # This annotation identifies the surrogate when inspecting content using the 5486 # custom infoType 5487 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). 5488 # This facilitates reversal of the surrogate when it occurs in free text. 5489 # 5490 # In order for inspection to work properly, the name of this infoType must 5491 # not occur naturally anywhere in your data; otherwise, inspection may 5492 # find a surrogate that does not correspond to an actual identifier. 5493 # Therefore, choose your custom infoType name carefully after considering 5494 # what your data looks like. One way to select a name that has a high chance 5495 # of yielding reliable detection is to include one or more unicode characters 5496 # that are highly improbable to exist in your data. 5497 # For example, assuming your data is entered from a regular ASCII keyboard, 5498 # the symbol with the hex code point 29DD might be used like so: 5499 # ⧝MY_TOKEN_TYPE 5500 "name": "A String", # Name of the information type. Either a name of your choosing when 5501 # creating a CustomInfoType, or one of the names listed 5502 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 5503 # a built-in type. InfoType names should conform to the pattern 5504 # [a-zA-Z0-9_]{1,64}. 5505 }, 5506 }, 5507 "replaceConfig": { # Replace each input value with a given `Value`. 5508 "newValue": { # Set of primitive values supported by the system. # Value to replace it with. 5509 # Note that for the purposes of inspection or transformation, the number 5510 # of bytes considered to comprise a 'Value' is based on its representation 5511 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 5512 # 123456789, the number of bytes would be counted as 9, even though an 5513 # int64 only holds up to 8 bytes of data. 5514 "floatValue": 3.14, 5515 "timestampValue": "A String", 5516 "dayOfWeekValue": "A String", 5517 "timeValue": { # Represents a time of day. The date and time zone are either not significant 5518 # or are specified elsewhere. An API may choose to allow leap seconds. Related 5519 # types are google.type.Date and `google.protobuf.Timestamp`. 5520 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 5521 # to allow the value "24:00:00" for scenarios like business closing time. 5522 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 5523 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 5524 # allow the value 60 if it allows leap-seconds. 5525 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 5526 }, 5527 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 5528 # and time zone are either specified elsewhere or are not significant. The date 5529 # is relative to the Proleptic Gregorian Calendar. This can represent: 5530 # 5531 # * A full date, with non-zero year, month and day values 5532 # * A month and day value, with a zero year, e.g. an anniversary 5533 # * A year on its own, with zero month and day values 5534 # * A year and month value, with a zero day, e.g. a credit card expiration date 5535 # 5536 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 5537 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 5538 # a year. 5539 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 5540 # if specifying a year by itself or a year and month where the day is not 5541 # significant. 5542 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 5543 # month and day. 5544 }, 5545 "stringValue": "A String", 5546 "booleanValue": True or False, 5547 "integerValue": "A String", 5548 }, 5549 }, 5550 }, 5551 "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause 5552 # this transformation to apply to all findings that correspond to 5553 # infoTypes that were requested in `InspectConfig`. 5554 { # Type of information detected by the API. 5555 "name": "A String", # Name of the information type. Either a name of your choosing when 5556 # creating a CustomInfoType, or one of the names listed 5557 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 5558 # a built-in type. InfoType names should conform to the pattern 5559 # [a-zA-Z0-9_]{1,64}. 5560 }, 5561 ], 5562 }, 5563 ], 5564 }, 5565 "primitiveTransformation": { # A rule for transforming a value. # Apply the transformation to the entire field. 5566 "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a 5567 # fixed character. Masking can start from the beginning or end of the string. 5568 # This can be used on data of any type (numbers, longs, and so on) and when 5569 # de-identifying structured data we'll attempt to preserve the original data's 5570 # type. (This allows you to take a long like 123 and modify it to a string like 5571 # **3. 5572 "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing. 5573 # For example, if your string is 555-555-5555 and you ask us to skip `-` and 5574 # mask 5 chars with * we would produce ***-*55-5555. 5575 { # Characters to skip when doing deidentification of a value. These will be left 5576 # alone and skipped. 5577 "commonCharactersToIgnore": "A String", 5578 "charactersToSkip": "A String", 5579 }, 5580 ], 5581 "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be 5582 # masked. Skipped characters do not count towards this tally. 5583 "maskingCharacter": "A String", # Character to mask the sensitive values—for example, "*" for an 5584 # alphabetic string such as name, or "0" for a numeric string such as ZIP 5585 # code or credit card number. String must have length 1. If not supplied, we 5586 # will default to "*" for strings, 0 for digits. 5587 "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is 5588 # '0', number_to_mask is 14, and `reverse_order` is false, then 5589 # 1234-5678-9012-3456 -> 00000000000000-3456 5590 # If `masking_character` is '*', `number_to_mask` is 3, and `reverse_order` 5591 # is true, then 12345 -> 12*** 5592 }, 5593 "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` 5594 # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the 5595 # output would be 'My phone number is '. 5596 }, 5597 "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given 5598 # input. Outputs a base64 encoded representation of the encrypted output. 5599 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. 5600 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function. 5601 # a key encryption key (KEK) stored by KMS). 5602 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 5603 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 5604 # unwrap the data crypto key. 5605 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 5606 # The wrapped key must be a 128/192/256 bit key. 5607 # Authorization requires the following IAM permissions when sending a request 5608 # to perform a crypto transformation using a kms-wrapped crypto key: 5609 # dlp.kms.encrypt 5610 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 5611 "wrappedKey": "A String", # The wrapped data crypto key. [required] 5612 }, 5613 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 5614 # leaking the key. Choose another type of key if possible. 5615 "key": "A String", # A 128/192/256 bit key. [required] 5616 }, 5617 "transient": { # Use this to have a random data crypto key generated. 5618 # It will be discarded after the request finishes. 5619 "name": "A String", # Name of the key. [required] 5620 # This is an arbitrary string used to differentiate different keys. 5621 # A unique key is generated per name: two separate `TransientCryptoKey` 5622 # protos share the same generated key if their names are the same. 5623 # When the data crypto key is generated, this name is not used in any way 5624 # (repeating the api call will result in a different key being generated). 5625 }, 5626 }, 5627 "context": { # General identifier of a data field in a storage service. # Optional. A context may be used for higher security and maintaining 5628 # referential integrity such that the same identifier in two different 5629 # contexts will be given a distinct surrogate. The context is appended to 5630 # plaintext value being encrypted. On decryption the provided context is 5631 # validated against the value used during encryption. If a context was 5632 # provided during encryption, same context must be provided during decryption 5633 # as well. 5634 # 5635 # If the context is not set, plaintext would be used as is for encryption. 5636 # If the context is set but: 5637 # 5638 # 1. there is no record present when transforming a given value or 5639 # 2. the field is not present when transforming a given value, 5640 # 5641 # plaintext would be used as is for encryption. 5642 # 5643 # Note that case (1) is expected when an `InfoTypeTransformation` is 5644 # applied to both structured and non-structured `ContentItem`s. 5645 "name": "A String", # Name describing the field. 5646 }, 5647 "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. 5648 # This annotation will be applied to the surrogate by prefixing it with 5649 # the name of the custom info type followed by the number of 5650 # characters comprising the surrogate. The following scheme defines the 5651 # format: <info type name>(<surrogate character count>):<surrogate> 5652 # 5653 # For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and 5654 # the surrogate is 'abc', the full replacement value 5655 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 5656 # 5657 # This annotation identifies the surrogate when inspecting content using the 5658 # custom info type 'Surrogate'. This facilitates reversal of the 5659 # surrogate when it occurs in free text. 5660 # 5661 # In order for inspection to work properly, the name of this info type must 5662 # not occur naturally anywhere in your data; otherwise, inspection may either 5663 # 5664 # - reverse a surrogate that does not correspond to an actual identifier 5665 # - be unable to parse the surrogate and result in an error 5666 # 5667 # Therefore, choose your custom info type name carefully after considering 5668 # what your data looks like. One way to select a name that has a high chance 5669 # of yielding reliable detection is to include one or more unicode characters 5670 # that are highly improbable to exist in your data. 5671 # For example, assuming your data is entered from a regular ASCII keyboard, 5672 # the symbol with the hex code point 29DD might be used like so: 5673 # ⧝MY_TOKEN_TYPE 5674 "name": "A String", # Name of the information type. Either a name of your choosing when 5675 # creating a CustomInfoType, or one of the names listed 5676 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 5677 # a built-in type. InfoType names should conform to the pattern 5678 # [a-zA-Z0-9_]{1,64}. 5679 }, 5680 }, 5681 "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The 5682 # Bucketing transformation can provide all of this functionality, 5683 # but requires more configuration. This message is provided as a convenience to 5684 # the user for simple bucketing strategies. 5685 # 5686 # The transformed value will be a hyphenated string of 5687 # <lower_bound>-<upper_bound>, i.e if lower_bound = 10 and upper_bound = 20 5688 # all values that are within this bucket will be replaced with "10-20". 5689 # 5690 # This can be used on data of type: double, long. 5691 # 5692 # If the bound Value type differs from the type of data 5693 # being transformed, we will first attempt converting the type of the data to 5694 # be transformed to match the type of the bound before comparing. 5695 # 5696 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 5697 "lowerBound": { # Set of primitive values supported by the system. # Lower bound value of buckets. All values less than `lower_bound` are 5698 # grouped together into a single bucket; for example if `lower_bound` = 10, 5699 # then all values less than 10 are replaced with the value “-10”. [Required]. 5700 # Note that for the purposes of inspection or transformation, the number 5701 # of bytes considered to comprise a 'Value' is based on its representation 5702 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 5703 # 123456789, the number of bytes would be counted as 9, even though an 5704 # int64 only holds up to 8 bytes of data. 5705 "floatValue": 3.14, 5706 "timestampValue": "A String", 5707 "dayOfWeekValue": "A String", 5708 "timeValue": { # Represents a time of day. The date and time zone are either not significant 5709 # or are specified elsewhere. An API may choose to allow leap seconds. Related 5710 # types are google.type.Date and `google.protobuf.Timestamp`. 5711 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 5712 # to allow the value "24:00:00" for scenarios like business closing time. 5713 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 5714 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 5715 # allow the value 60 if it allows leap-seconds. 5716 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 5717 }, 5718 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 5719 # and time zone are either specified elsewhere or are not significant. The date 5720 # is relative to the Proleptic Gregorian Calendar. This can represent: 5721 # 5722 # * A full date, with non-zero year, month and day values 5723 # * A month and day value, with a zero year, e.g. an anniversary 5724 # * A year on its own, with zero month and day values 5725 # * A year and month value, with a zero day, e.g. a credit card expiration date 5726 # 5727 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 5728 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 5729 # a year. 5730 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 5731 # if specifying a year by itself or a year and month where the day is not 5732 # significant. 5733 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 5734 # month and day. 5735 }, 5736 "stringValue": "A String", 5737 "booleanValue": True or False, 5738 "integerValue": "A String", 5739 }, 5740 "upperBound": { # Set of primitive values supported by the system. # Upper bound value of buckets. All values greater than upper_bound are 5741 # grouped together into a single bucket; for example if `upper_bound` = 89, 5742 # then all values greater than 89 are replaced with the value “89+”. 5743 # [Required]. 5744 # Note that for the purposes of inspection or transformation, the number 5745 # of bytes considered to comprise a 'Value' is based on its representation 5746 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 5747 # 123456789, the number of bytes would be counted as 9, even though an 5748 # int64 only holds up to 8 bytes of data. 5749 "floatValue": 3.14, 5750 "timestampValue": "A String", 5751 "dayOfWeekValue": "A String", 5752 "timeValue": { # Represents a time of day. The date and time zone are either not significant 5753 # or are specified elsewhere. An API may choose to allow leap seconds. Related 5754 # types are google.type.Date and `google.protobuf.Timestamp`. 5755 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 5756 # to allow the value "24:00:00" for scenarios like business closing time. 5757 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 5758 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 5759 # allow the value 60 if it allows leap-seconds. 5760 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 5761 }, 5762 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 5763 # and time zone are either specified elsewhere or are not significant. The date 5764 # is relative to the Proleptic Gregorian Calendar. This can represent: 5765 # 5766 # * A full date, with non-zero year, month and day values 5767 # * A month and day value, with a zero year, e.g. an anniversary 5768 # * A year on its own, with zero month and day values 5769 # * A year and month value, with a zero day, e.g. a credit card expiration date 5770 # 5771 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 5772 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 5773 # a year. 5774 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 5775 # if specifying a year by itself or a year and month where the day is not 5776 # significant. 5777 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 5778 # month and day. 5779 }, 5780 "stringValue": "A String", 5781 "booleanValue": True or False, 5782 "integerValue": "A String", 5783 }, 5784 "bucketSize": 3.14, # Size of each bucket (except for minimum and maximum buckets). So if 5785 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the 5786 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 5787 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. [Required]. 5788 }, 5789 "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. 5790 }, 5791 "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a 5792 # portion of the value. 5793 "partToExtract": "A String", 5794 }, 5795 "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. 5796 # Uses SHA-256. 5797 # The key size must be either 32 or 64 bytes. 5798 # Outputs a base64 encoded representation of the hashed output 5799 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). 5800 # Currently, only string and integer values can be hashed. 5801 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more. 5802 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function. 5803 # a key encryption key (KEK) stored by KMS). 5804 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 5805 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 5806 # unwrap the data crypto key. 5807 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 5808 # The wrapped key must be a 128/192/256 bit key. 5809 # Authorization requires the following IAM permissions when sending a request 5810 # to perform a crypto transformation using a kms-wrapped crypto key: 5811 # dlp.kms.encrypt 5812 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 5813 "wrappedKey": "A String", # The wrapped data crypto key. [required] 5814 }, 5815 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 5816 # leaking the key. Choose another type of key if possible. 5817 "key": "A String", # A 128/192/256 bit key. [required] 5818 }, 5819 "transient": { # Use this to have a random data crypto key generated. 5820 # It will be discarded after the request finishes. 5821 "name": "A String", # Name of the key. [required] 5822 # This is an arbitrary string used to differentiate different keys. 5823 # A unique key is generated per name: two separate `TransientCryptoKey` 5824 # protos share the same generated key if their names are the same. 5825 # When the data crypto key is generated, this name is not used in any way 5826 # (repeating the api call will result in a different key being generated). 5827 }, 5828 }, 5829 }, 5830 "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the 5831 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting 5832 # to learn more. 5833 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This 5834 # results in the same shift for the same context and crypto_key. 5835 # a key encryption key (KEK) stored by KMS). 5836 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 5837 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 5838 # unwrap the data crypto key. 5839 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 5840 # The wrapped key must be a 128/192/256 bit key. 5841 # Authorization requires the following IAM permissions when sending a request 5842 # to perform a crypto transformation using a kms-wrapped crypto key: 5843 # dlp.kms.encrypt 5844 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 5845 "wrappedKey": "A String", # The wrapped data crypto key. [required] 5846 }, 5847 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 5848 # leaking the key. Choose another type of key if possible. 5849 "key": "A String", # A 128/192/256 bit key. [required] 5850 }, 5851 "transient": { # Use this to have a random data crypto key generated. 5852 # It will be discarded after the request finishes. 5853 "name": "A String", # Name of the key. [required] 5854 # This is an arbitrary string used to differentiate different keys. 5855 # A unique key is generated per name: two separate `TransientCryptoKey` 5856 # protos share the same generated key if their names are the same. 5857 # When the data crypto key is generated, this name is not used in any way 5858 # (repeating the api call will result in a different key being generated). 5859 }, 5860 }, 5861 "lowerBoundDays": 42, # For example, -5 means shift date to at most 5 days back in the past. 5862 # [Required] 5863 "upperBoundDays": 42, # Range of shift in days. Actual shift will be selected at random within this 5864 # range (inclusive ends). Negative means shift to earlier in time. Must not 5865 # be more than 365250 days (1000 years) each direction. 5866 # 5867 # For example, 3 means shift date to at most 3 days into the future. 5868 # [Required] 5869 "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. 5870 # If set, must also set method. If set, shift will be consistent for the 5871 # given context. 5872 "name": "A String", # Name describing the field. 5873 }, 5874 }, 5875 "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and 5876 # replacement values are dynamically provided by the user for custom behavior, 5877 # such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH 5878 # This can be used on 5879 # data of type: number, long, string, timestamp. 5880 # If the bound `Value` type differs from the type of data being transformed, we 5881 # will first attempt converting the type of the data to be transformed to match 5882 # the type of the bound before comparing. 5883 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 5884 "buckets": [ # Set of buckets. Ranges must be non-overlapping. 5885 { # Bucket is represented as a range, along with replacement values. 5886 "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min. 5887 # Note that for the purposes of inspection or transformation, the number 5888 # of bytes considered to comprise a 'Value' is based on its representation 5889 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 5890 # 123456789, the number of bytes would be counted as 9, even though an 5891 # int64 only holds up to 8 bytes of data. 5892 "floatValue": 3.14, 5893 "timestampValue": "A String", 5894 "dayOfWeekValue": "A String", 5895 "timeValue": { # Represents a time of day. The date and time zone are either not significant 5896 # or are specified elsewhere. An API may choose to allow leap seconds. Related 5897 # types are google.type.Date and `google.protobuf.Timestamp`. 5898 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 5899 # to allow the value "24:00:00" for scenarios like business closing time. 5900 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 5901 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 5902 # allow the value 60 if it allows leap-seconds. 5903 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 5904 }, 5905 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 5906 # and time zone are either specified elsewhere or are not significant. The date 5907 # is relative to the Proleptic Gregorian Calendar. This can represent: 5908 # 5909 # * A full date, with non-zero year, month and day values 5910 # * A month and day value, with a zero year, e.g. an anniversary 5911 # * A year on its own, with zero month and day values 5912 # * A year and month value, with a zero day, e.g. a credit card expiration date 5913 # 5914 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 5915 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 5916 # a year. 5917 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 5918 # if specifying a year by itself or a year and month where the day is not 5919 # significant. 5920 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 5921 # month and day. 5922 }, 5923 "stringValue": "A String", 5924 "booleanValue": True or False, 5925 "integerValue": "A String", 5926 }, 5927 "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided 5928 # the default behavior will be to hyphenate the min-max range. 5929 # Note that for the purposes of inspection or transformation, the number 5930 # of bytes considered to comprise a 'Value' is based on its representation 5931 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 5932 # 123456789, the number of bytes would be counted as 9, even though an 5933 # int64 only holds up to 8 bytes of data. 5934 "floatValue": 3.14, 5935 "timestampValue": "A String", 5936 "dayOfWeekValue": "A String", 5937 "timeValue": { # Represents a time of day. The date and time zone are either not significant 5938 # or are specified elsewhere. An API may choose to allow leap seconds. Related 5939 # types are google.type.Date and `google.protobuf.Timestamp`. 5940 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 5941 # to allow the value "24:00:00" for scenarios like business closing time. 5942 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 5943 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 5944 # allow the value 60 if it allows leap-seconds. 5945 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 5946 }, 5947 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 5948 # and time zone are either specified elsewhere or are not significant. The date 5949 # is relative to the Proleptic Gregorian Calendar. This can represent: 5950 # 5951 # * A full date, with non-zero year, month and day values 5952 # * A month and day value, with a zero year, e.g. an anniversary 5953 # * A year on its own, with zero month and day values 5954 # * A year and month value, with a zero day, e.g. a credit card expiration date 5955 # 5956 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 5957 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 5958 # a year. 5959 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 5960 # if specifying a year by itself or a year and month where the day is not 5961 # significant. 5962 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 5963 # month and day. 5964 }, 5965 "stringValue": "A String", 5966 "booleanValue": True or False, 5967 "integerValue": "A String", 5968 }, 5969 "min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if 5970 # used. 5971 # Note that for the purposes of inspection or transformation, the number 5972 # of bytes considered to comprise a 'Value' is based on its representation 5973 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 5974 # 123456789, the number of bytes would be counted as 9, even though an 5975 # int64 only holds up to 8 bytes of data. 5976 "floatValue": 3.14, 5977 "timestampValue": "A String", 5978 "dayOfWeekValue": "A String", 5979 "timeValue": { # Represents a time of day. The date and time zone are either not significant 5980 # or are specified elsewhere. An API may choose to allow leap seconds. Related 5981 # types are google.type.Date and `google.protobuf.Timestamp`. 5982 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 5983 # to allow the value "24:00:00" for scenarios like business closing time. 5984 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 5985 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 5986 # allow the value 60 if it allows leap-seconds. 5987 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 5988 }, 5989 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 5990 # and time zone are either specified elsewhere or are not significant. The date 5991 # is relative to the Proleptic Gregorian Calendar. This can represent: 5992 # 5993 # * A full date, with non-zero year, month and day values 5994 # * A month and day value, with a zero year, e.g. an anniversary 5995 # * A year on its own, with zero month and day values 5996 # * A year and month value, with a zero day, e.g. a credit card expiration date 5997 # 5998 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 5999 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 6000 # a year. 6001 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 6002 # if specifying a year by itself or a year and month where the day is not 6003 # significant. 6004 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 6005 # month and day. 6006 }, 6007 "stringValue": "A String", 6008 "booleanValue": True or False, 6009 "integerValue": "A String", 6010 }, 6011 }, 6012 ], 6013 }, 6014 "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption 6015 # (FPE) with the FFX mode of operation; however when used in the 6016 # `ReidentifyContent` API method, it serves the opposite function by reversing 6017 # the surrogate back into the original identifier. The identifier must be 6018 # encoded as ASCII. For a given crypto key and context, the same identifier 6019 # will be replaced with the same surrogate. Identifiers must be at least two 6020 # characters long. In the case that the identifier is the empty string, it will 6021 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn 6022 # more. 6023 # 6024 # Note: We recommend using CryptoDeterministicConfig for all use cases which 6025 # do not require preserving the input alphabet space and size, plus warrant 6026 # referential integrity. 6027 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption algorithm. [required] 6028 # a key encryption key (KEK) stored by KMS). 6029 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 6030 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 6031 # unwrap the data crypto key. 6032 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 6033 # The wrapped key must be a 128/192/256 bit key. 6034 # Authorization requires the following IAM permissions when sending a request 6035 # to perform a crypto transformation using a kms-wrapped crypto key: 6036 # dlp.kms.encrypt 6037 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 6038 "wrappedKey": "A String", # The wrapped data crypto key. [required] 6039 }, 6040 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 6041 # leaking the key. Choose another type of key if possible. 6042 "key": "A String", # A 128/192/256 bit key. [required] 6043 }, 6044 "transient": { # Use this to have a random data crypto key generated. 6045 # It will be discarded after the request finishes. 6046 "name": "A String", # Name of the key. [required] 6047 # This is an arbitrary string used to differentiate different keys. 6048 # A unique key is generated per name: two separate `TransientCryptoKey` 6049 # protos share the same generated key if their names are the same. 6050 # When the data crypto key is generated, this name is not used in any way 6051 # (repeating the api call will result in a different key being generated). 6052 }, 6053 }, 6054 "radix": 42, # The native way to select the alphabet. Must be in the range [2, 62]. 6055 "commonAlphabet": "A String", 6056 "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters 6057 # that the FFX mode natively supports. This happens before/after 6058 # encryption/decryption. 6059 # Each character listed must appear only once. 6060 # Number of characters must be in the range [2, 62]. 6061 # This must be encoded as ASCII. 6062 # The order of characters does not matter. 6063 "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same 6064 # identifier in two different contexts won't be given the same surrogate. If 6065 # the context is not set, a default tweak will be used. 6066 # 6067 # If the context is set but: 6068 # 6069 # 1. there is no record present when transforming a given value or 6070 # 1. the field is not present when transforming a given value, 6071 # 6072 # a default tweak will be used. 6073 # 6074 # Note that case (1) is expected when an `InfoTypeTransformation` is 6075 # applied to both structured and non-structured `ContentItem`s. 6076 # Currently, the referenced field may be of value type integer or string. 6077 # 6078 # The tweak is constructed as a sequence of bytes in big endian byte order 6079 # such that: 6080 # 6081 # - a 64 bit integer is encoded followed by a single byte of value 1 6082 # - a string is encoded in UTF-8 format followed by a single byte of value 2 6083 "name": "A String", # Name describing the field. 6084 }, 6085 "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. 6086 # This annotation will be applied to the surrogate by prefixing it with 6087 # the name of the custom infoType followed by the number of 6088 # characters comprising the surrogate. The following scheme defines the 6089 # format: info_type_name(surrogate_character_count):surrogate 6090 # 6091 # For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and 6092 # the surrogate is 'abc', the full replacement value 6093 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 6094 # 6095 # This annotation identifies the surrogate when inspecting content using the 6096 # custom infoType 6097 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). 6098 # This facilitates reversal of the surrogate when it occurs in free text. 6099 # 6100 # In order for inspection to work properly, the name of this infoType must 6101 # not occur naturally anywhere in your data; otherwise, inspection may 6102 # find a surrogate that does not correspond to an actual identifier. 6103 # Therefore, choose your custom infoType name carefully after considering 6104 # what your data looks like. One way to select a name that has a high chance 6105 # of yielding reliable detection is to include one or more unicode characters 6106 # that are highly improbable to exist in your data. 6107 # For example, assuming your data is entered from a regular ASCII keyboard, 6108 # the symbol with the hex code point 29DD might be used like so: 6109 # ⧝MY_TOKEN_TYPE 6110 "name": "A String", # Name of the information type. Either a name of your choosing when 6111 # creating a CustomInfoType, or one of the names listed 6112 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 6113 # a built-in type. InfoType names should conform to the pattern 6114 # [a-zA-Z0-9_]{1,64}. 6115 }, 6116 }, 6117 "replaceConfig": { # Replace each input value with a given `Value`. 6118 "newValue": { # Set of primitive values supported by the system. # Value to replace it with. 6119 # Note that for the purposes of inspection or transformation, the number 6120 # of bytes considered to comprise a 'Value' is based on its representation 6121 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 6122 # 123456789, the number of bytes would be counted as 9, even though an 6123 # int64 only holds up to 8 bytes of data. 6124 "floatValue": 3.14, 6125 "timestampValue": "A String", 6126 "dayOfWeekValue": "A String", 6127 "timeValue": { # Represents a time of day. The date and time zone are either not significant 6128 # or are specified elsewhere. An API may choose to allow leap seconds. Related 6129 # types are google.type.Date and `google.protobuf.Timestamp`. 6130 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 6131 # to allow the value "24:00:00" for scenarios like business closing time. 6132 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 6133 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 6134 # allow the value 60 if it allows leap-seconds. 6135 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 6136 }, 6137 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 6138 # and time zone are either specified elsewhere or are not significant. The date 6139 # is relative to the Proleptic Gregorian Calendar. This can represent: 6140 # 6141 # * A full date, with non-zero year, month and day values 6142 # * A month and day value, with a zero year, e.g. an anniversary 6143 # * A year on its own, with zero month and day values 6144 # * A year and month value, with a zero day, e.g. a credit card expiration date 6145 # 6146 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 6147 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 6148 # a year. 6149 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 6150 # if specifying a year by itself or a year and month where the day is not 6151 # significant. 6152 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 6153 # month and day. 6154 }, 6155 "stringValue": "A String", 6156 "booleanValue": True or False, 6157 "integerValue": "A String", 6158 }, 6159 }, 6160 }, 6161 "condition": { # A condition for determining whether a transformation should be applied to # Only apply the transformation if the condition evaluates to true for the 6162 # given `RecordCondition`. The conditions are allowed to reference fields 6163 # that are not used in the actual transformation. [optional] 6164 # 6165 # Example Use Cases: 6166 # 6167 # - Apply a different bucket transformation to an age column if the zip code 6168 # column for the same record is within a specific range. 6169 # - Redact a field if the date of birth field is greater than 85. 6170 # a field. 6171 "expressions": { # An expression, consisting or an operator and conditions. # An expression. 6172 "conditions": { # A collection of conditions. 6173 "conditions": [ 6174 { # The field type of `value` and `field` do not need to match to be 6175 # considered equal, but not all comparisons are possible. 6176 # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, 6177 # but all other comparisons are invalid with incompatible types. 6178 # A `value` of type: 6179 # 6180 # - `string` can be compared against all other types 6181 # - `boolean` can only be compared against other booleans 6182 # - `integer` can be compared against doubles or a string if the string value 6183 # can be parsed as an integer. 6184 # - `double` can be compared against integers or a string if the string can 6185 # be parsed as a double. 6186 # - `Timestamp` can be compared against strings in RFC 3339 date string 6187 # format. 6188 # - `TimeOfDay` can be compared against timestamps and strings in the format 6189 # of 'HH:mm:ss'. 6190 # 6191 # If we fail to compare do to type mismatch, a warning will be given and 6192 # the condition will evaluate to false. 6193 "operator": "A String", # Operator used to compare the field or infoType to the value. [required] 6194 "field": { # General identifier of a data field in a storage service. # Field within the record this condition is evaluated against. [required] 6195 "name": "A String", # Name describing the field. 6196 }, 6197 "value": { # Set of primitive values supported by the system. # Value to compare against. [Required, except for `EXISTS` tests.] 6198 # Note that for the purposes of inspection or transformation, the number 6199 # of bytes considered to comprise a 'Value' is based on its representation 6200 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 6201 # 123456789, the number of bytes would be counted as 9, even though an 6202 # int64 only holds up to 8 bytes of data. 6203 "floatValue": 3.14, 6204 "timestampValue": "A String", 6205 "dayOfWeekValue": "A String", 6206 "timeValue": { # Represents a time of day. The date and time zone are either not significant 6207 # or are specified elsewhere. An API may choose to allow leap seconds. Related 6208 # types are google.type.Date and `google.protobuf.Timestamp`. 6209 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 6210 # to allow the value "24:00:00" for scenarios like business closing time. 6211 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 6212 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 6213 # allow the value 60 if it allows leap-seconds. 6214 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 6215 }, 6216 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 6217 # and time zone are either specified elsewhere or are not significant. The date 6218 # is relative to the Proleptic Gregorian Calendar. This can represent: 6219 # 6220 # * A full date, with non-zero year, month and day values 6221 # * A month and day value, with a zero year, e.g. an anniversary 6222 # * A year on its own, with zero month and day values 6223 # * A year and month value, with a zero day, e.g. a credit card expiration date 6224 # 6225 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 6226 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 6227 # a year. 6228 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 6229 # if specifying a year by itself or a year and month where the day is not 6230 # significant. 6231 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 6232 # month and day. 6233 }, 6234 "stringValue": "A String", 6235 "booleanValue": True or False, 6236 "integerValue": "A String", 6237 }, 6238 }, 6239 ], 6240 }, 6241 "logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently 6242 # only supported value is `AND`. 6243 }, 6244 }, 6245 "fields": [ # Input field(s) to apply the transformation to. [required] 6246 { # General identifier of a data field in a storage service. 6247 "name": "A String", # Name describing the field. 6248 }, 6249 ], 6250 }, 6251 ], 6252 }, 6253 }, 6254 "createTime": "A String", # The creation timestamp of a inspectTemplate, output only field. 6255 "name": "A String", # The template name. Output only. 6256 # 6257 # The template will have one of the following formats: 6258 # `projects/PROJECT_ID/deidentifyTemplates/TEMPLATE_ID` OR 6259 # `organizations/ORGANIZATION_ID/deidentifyTemplates/TEMPLATE_ID` 6260 }</pre> 6261</div> 6262 6263<div class="method"> 6264 <code class="details" id="list">list(parent, orderBy=None, pageToken=None, x__xgafv=None, pageSize=None)</code> 6265 <pre>Lists DeidentifyTemplates. 6266See https://cloud.google.com/dlp/docs/creating-templates-deid to learn 6267more. 6268 6269Args: 6270 parent: string, The parent resource name, for example projects/my-project-id or 6271organizations/my-org-id. (required) 6272 orderBy: string, Optional comma separated list of fields to order by, 6273followed by `asc` or `desc` postfix. This list is case-insensitive, 6274default sorting order is ascending, redundant space characters are 6275insignificant. 6276 6277Example: `name asc,update_time, create_time desc` 6278 6279Supported fields are: 6280 6281- `create_time`: corresponds to time the template was created. 6282- `update_time`: corresponds to time the template was last updated. 6283- `name`: corresponds to template's name. 6284- `display_name`: corresponds to template's display name. 6285 pageToken: string, Optional page token to continue retrieval. Comes from previous call 6286to `ListDeidentifyTemplates`. 6287 x__xgafv: string, V1 error format. 6288 Allowed values 6289 1 - v1 error format 6290 2 - v2 error format 6291 pageSize: integer, Optional size of the page, can be limited by server. If zero server returns 6292a page of max size 100. 6293 6294Returns: 6295 An object of the form: 6296 6297 { # Response message for ListDeidentifyTemplates. 6298 "nextPageToken": "A String", # If the next page is available then the next page token to be used 6299 # in following ListDeidentifyTemplates request. 6300 "deidentifyTemplates": [ # List of deidentify templates, up to page_size in 6301 # ListDeidentifyTemplatesRequest. 6302 { # The DeidentifyTemplates contains instructions on how to deidentify content. 6303 # See https://cloud.google.com/dlp/docs/concepts-templates to learn more. 6304 "updateTime": "A String", # The last update timestamp of a inspectTemplate, output only field. 6305 "displayName": "A String", # Display name (max 256 chars). 6306 "description": "A String", # Short description (max 256 chars). 6307 "deidentifyConfig": { # The configuration that controls how the data will change. # ///////////// // The core content of the template // /////////////// 6308 "infoTypeTransformations": { # A type of transformation that will scan unstructured text and # Treat the dataset as free-form text and apply the same free text 6309 # transformation everywhere. 6310 # apply various `PrimitiveTransformation`s to each finding, where the 6311 # transformation is applied to only values that were identified as a specific 6312 # info_type. 6313 "transformations": [ # Transformation for each infoType. Cannot specify more than one 6314 # for a given infoType. [required] 6315 { # A transformation to apply to text that is identified as a specific 6316 # info_type. 6317 "primitiveTransformation": { # A rule for transforming a value. # Primitive transformation to apply to the infoType. [required] 6318 "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a 6319 # fixed character. Masking can start from the beginning or end of the string. 6320 # This can be used on data of any type (numbers, longs, and so on) and when 6321 # de-identifying structured data we'll attempt to preserve the original data's 6322 # type. (This allows you to take a long like 123 and modify it to a string like 6323 # **3. 6324 "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing. 6325 # For example, if your string is 555-555-5555 and you ask us to skip `-` and 6326 # mask 5 chars with * we would produce ***-*55-5555. 6327 { # Characters to skip when doing deidentification of a value. These will be left 6328 # alone and skipped. 6329 "commonCharactersToIgnore": "A String", 6330 "charactersToSkip": "A String", 6331 }, 6332 ], 6333 "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be 6334 # masked. Skipped characters do not count towards this tally. 6335 "maskingCharacter": "A String", # Character to mask the sensitive values—for example, "*" for an 6336 # alphabetic string such as name, or "0" for a numeric string such as ZIP 6337 # code or credit card number. String must have length 1. If not supplied, we 6338 # will default to "*" for strings, 0 for digits. 6339 "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is 6340 # '0', number_to_mask is 14, and `reverse_order` is false, then 6341 # 1234-5678-9012-3456 -> 00000000000000-3456 6342 # If `masking_character` is '*', `number_to_mask` is 3, and `reverse_order` 6343 # is true, then 12345 -> 12*** 6344 }, 6345 "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` 6346 # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the 6347 # output would be 'My phone number is '. 6348 }, 6349 "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given 6350 # input. Outputs a base64 encoded representation of the encrypted output. 6351 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. 6352 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function. 6353 # a key encryption key (KEK) stored by KMS). 6354 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 6355 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 6356 # unwrap the data crypto key. 6357 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 6358 # The wrapped key must be a 128/192/256 bit key. 6359 # Authorization requires the following IAM permissions when sending a request 6360 # to perform a crypto transformation using a kms-wrapped crypto key: 6361 # dlp.kms.encrypt 6362 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 6363 "wrappedKey": "A String", # The wrapped data crypto key. [required] 6364 }, 6365 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 6366 # leaking the key. Choose another type of key if possible. 6367 "key": "A String", # A 128/192/256 bit key. [required] 6368 }, 6369 "transient": { # Use this to have a random data crypto key generated. 6370 # It will be discarded after the request finishes. 6371 "name": "A String", # Name of the key. [required] 6372 # This is an arbitrary string used to differentiate different keys. 6373 # A unique key is generated per name: two separate `TransientCryptoKey` 6374 # protos share the same generated key if their names are the same. 6375 # When the data crypto key is generated, this name is not used in any way 6376 # (repeating the api call will result in a different key being generated). 6377 }, 6378 }, 6379 "context": { # General identifier of a data field in a storage service. # Optional. A context may be used for higher security and maintaining 6380 # referential integrity such that the same identifier in two different 6381 # contexts will be given a distinct surrogate. The context is appended to 6382 # plaintext value being encrypted. On decryption the provided context is 6383 # validated against the value used during encryption. If a context was 6384 # provided during encryption, same context must be provided during decryption 6385 # as well. 6386 # 6387 # If the context is not set, plaintext would be used as is for encryption. 6388 # If the context is set but: 6389 # 6390 # 1. there is no record present when transforming a given value or 6391 # 2. the field is not present when transforming a given value, 6392 # 6393 # plaintext would be used as is for encryption. 6394 # 6395 # Note that case (1) is expected when an `InfoTypeTransformation` is 6396 # applied to both structured and non-structured `ContentItem`s. 6397 "name": "A String", # Name describing the field. 6398 }, 6399 "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. 6400 # This annotation will be applied to the surrogate by prefixing it with 6401 # the name of the custom info type followed by the number of 6402 # characters comprising the surrogate. The following scheme defines the 6403 # format: <info type name>(<surrogate character count>):<surrogate> 6404 # 6405 # For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and 6406 # the surrogate is 'abc', the full replacement value 6407 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 6408 # 6409 # This annotation identifies the surrogate when inspecting content using the 6410 # custom info type 'Surrogate'. This facilitates reversal of the 6411 # surrogate when it occurs in free text. 6412 # 6413 # In order for inspection to work properly, the name of this info type must 6414 # not occur naturally anywhere in your data; otherwise, inspection may either 6415 # 6416 # - reverse a surrogate that does not correspond to an actual identifier 6417 # - be unable to parse the surrogate and result in an error 6418 # 6419 # Therefore, choose your custom info type name carefully after considering 6420 # what your data looks like. One way to select a name that has a high chance 6421 # of yielding reliable detection is to include one or more unicode characters 6422 # that are highly improbable to exist in your data. 6423 # For example, assuming your data is entered from a regular ASCII keyboard, 6424 # the symbol with the hex code point 29DD might be used like so: 6425 # ⧝MY_TOKEN_TYPE 6426 "name": "A String", # Name of the information type. Either a name of your choosing when 6427 # creating a CustomInfoType, or one of the names listed 6428 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 6429 # a built-in type. InfoType names should conform to the pattern 6430 # [a-zA-Z0-9_]{1,64}. 6431 }, 6432 }, 6433 "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The 6434 # Bucketing transformation can provide all of this functionality, 6435 # but requires more configuration. This message is provided as a convenience to 6436 # the user for simple bucketing strategies. 6437 # 6438 # The transformed value will be a hyphenated string of 6439 # <lower_bound>-<upper_bound>, i.e if lower_bound = 10 and upper_bound = 20 6440 # all values that are within this bucket will be replaced with "10-20". 6441 # 6442 # This can be used on data of type: double, long. 6443 # 6444 # If the bound Value type differs from the type of data 6445 # being transformed, we will first attempt converting the type of the data to 6446 # be transformed to match the type of the bound before comparing. 6447 # 6448 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 6449 "lowerBound": { # Set of primitive values supported by the system. # Lower bound value of buckets. All values less than `lower_bound` are 6450 # grouped together into a single bucket; for example if `lower_bound` = 10, 6451 # then all values less than 10 are replaced with the value “-10”. [Required]. 6452 # Note that for the purposes of inspection or transformation, the number 6453 # of bytes considered to comprise a 'Value' is based on its representation 6454 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 6455 # 123456789, the number of bytes would be counted as 9, even though an 6456 # int64 only holds up to 8 bytes of data. 6457 "floatValue": 3.14, 6458 "timestampValue": "A String", 6459 "dayOfWeekValue": "A String", 6460 "timeValue": { # Represents a time of day. The date and time zone are either not significant 6461 # or are specified elsewhere. An API may choose to allow leap seconds. Related 6462 # types are google.type.Date and `google.protobuf.Timestamp`. 6463 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 6464 # to allow the value "24:00:00" for scenarios like business closing time. 6465 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 6466 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 6467 # allow the value 60 if it allows leap-seconds. 6468 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 6469 }, 6470 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 6471 # and time zone are either specified elsewhere or are not significant. The date 6472 # is relative to the Proleptic Gregorian Calendar. This can represent: 6473 # 6474 # * A full date, with non-zero year, month and day values 6475 # * A month and day value, with a zero year, e.g. an anniversary 6476 # * A year on its own, with zero month and day values 6477 # * A year and month value, with a zero day, e.g. a credit card expiration date 6478 # 6479 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 6480 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 6481 # a year. 6482 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 6483 # if specifying a year by itself or a year and month where the day is not 6484 # significant. 6485 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 6486 # month and day. 6487 }, 6488 "stringValue": "A String", 6489 "booleanValue": True or False, 6490 "integerValue": "A String", 6491 }, 6492 "upperBound": { # Set of primitive values supported by the system. # Upper bound value of buckets. All values greater than upper_bound are 6493 # grouped together into a single bucket; for example if `upper_bound` = 89, 6494 # then all values greater than 89 are replaced with the value “89+”. 6495 # [Required]. 6496 # Note that for the purposes of inspection or transformation, the number 6497 # of bytes considered to comprise a 'Value' is based on its representation 6498 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 6499 # 123456789, the number of bytes would be counted as 9, even though an 6500 # int64 only holds up to 8 bytes of data. 6501 "floatValue": 3.14, 6502 "timestampValue": "A String", 6503 "dayOfWeekValue": "A String", 6504 "timeValue": { # Represents a time of day. The date and time zone are either not significant 6505 # or are specified elsewhere. An API may choose to allow leap seconds. Related 6506 # types are google.type.Date and `google.protobuf.Timestamp`. 6507 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 6508 # to allow the value "24:00:00" for scenarios like business closing time. 6509 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 6510 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 6511 # allow the value 60 if it allows leap-seconds. 6512 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 6513 }, 6514 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 6515 # and time zone are either specified elsewhere or are not significant. The date 6516 # is relative to the Proleptic Gregorian Calendar. This can represent: 6517 # 6518 # * A full date, with non-zero year, month and day values 6519 # * A month and day value, with a zero year, e.g. an anniversary 6520 # * A year on its own, with zero month and day values 6521 # * A year and month value, with a zero day, e.g. a credit card expiration date 6522 # 6523 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 6524 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 6525 # a year. 6526 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 6527 # if specifying a year by itself or a year and month where the day is not 6528 # significant. 6529 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 6530 # month and day. 6531 }, 6532 "stringValue": "A String", 6533 "booleanValue": True or False, 6534 "integerValue": "A String", 6535 }, 6536 "bucketSize": 3.14, # Size of each bucket (except for minimum and maximum buckets). So if 6537 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the 6538 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 6539 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. [Required]. 6540 }, 6541 "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. 6542 }, 6543 "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a 6544 # portion of the value. 6545 "partToExtract": "A String", 6546 }, 6547 "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. 6548 # Uses SHA-256. 6549 # The key size must be either 32 or 64 bytes. 6550 # Outputs a base64 encoded representation of the hashed output 6551 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). 6552 # Currently, only string and integer values can be hashed. 6553 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more. 6554 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function. 6555 # a key encryption key (KEK) stored by KMS). 6556 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 6557 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 6558 # unwrap the data crypto key. 6559 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 6560 # The wrapped key must be a 128/192/256 bit key. 6561 # Authorization requires the following IAM permissions when sending a request 6562 # to perform a crypto transformation using a kms-wrapped crypto key: 6563 # dlp.kms.encrypt 6564 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 6565 "wrappedKey": "A String", # The wrapped data crypto key. [required] 6566 }, 6567 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 6568 # leaking the key. Choose another type of key if possible. 6569 "key": "A String", # A 128/192/256 bit key. [required] 6570 }, 6571 "transient": { # Use this to have a random data crypto key generated. 6572 # It will be discarded after the request finishes. 6573 "name": "A String", # Name of the key. [required] 6574 # This is an arbitrary string used to differentiate different keys. 6575 # A unique key is generated per name: two separate `TransientCryptoKey` 6576 # protos share the same generated key if their names are the same. 6577 # When the data crypto key is generated, this name is not used in any way 6578 # (repeating the api call will result in a different key being generated). 6579 }, 6580 }, 6581 }, 6582 "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the 6583 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting 6584 # to learn more. 6585 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This 6586 # results in the same shift for the same context and crypto_key. 6587 # a key encryption key (KEK) stored by KMS). 6588 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 6589 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 6590 # unwrap the data crypto key. 6591 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 6592 # The wrapped key must be a 128/192/256 bit key. 6593 # Authorization requires the following IAM permissions when sending a request 6594 # to perform a crypto transformation using a kms-wrapped crypto key: 6595 # dlp.kms.encrypt 6596 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 6597 "wrappedKey": "A String", # The wrapped data crypto key. [required] 6598 }, 6599 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 6600 # leaking the key. Choose another type of key if possible. 6601 "key": "A String", # A 128/192/256 bit key. [required] 6602 }, 6603 "transient": { # Use this to have a random data crypto key generated. 6604 # It will be discarded after the request finishes. 6605 "name": "A String", # Name of the key. [required] 6606 # This is an arbitrary string used to differentiate different keys. 6607 # A unique key is generated per name: two separate `TransientCryptoKey` 6608 # protos share the same generated key if their names are the same. 6609 # When the data crypto key is generated, this name is not used in any way 6610 # (repeating the api call will result in a different key being generated). 6611 }, 6612 }, 6613 "lowerBoundDays": 42, # For example, -5 means shift date to at most 5 days back in the past. 6614 # [Required] 6615 "upperBoundDays": 42, # Range of shift in days. Actual shift will be selected at random within this 6616 # range (inclusive ends). Negative means shift to earlier in time. Must not 6617 # be more than 365250 days (1000 years) each direction. 6618 # 6619 # For example, 3 means shift date to at most 3 days into the future. 6620 # [Required] 6621 "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. 6622 # If set, must also set method. If set, shift will be consistent for the 6623 # given context. 6624 "name": "A String", # Name describing the field. 6625 }, 6626 }, 6627 "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and 6628 # replacement values are dynamically provided by the user for custom behavior, 6629 # such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH 6630 # This can be used on 6631 # data of type: number, long, string, timestamp. 6632 # If the bound `Value` type differs from the type of data being transformed, we 6633 # will first attempt converting the type of the data to be transformed to match 6634 # the type of the bound before comparing. 6635 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 6636 "buckets": [ # Set of buckets. Ranges must be non-overlapping. 6637 { # Bucket is represented as a range, along with replacement values. 6638 "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min. 6639 # Note that for the purposes of inspection or transformation, the number 6640 # of bytes considered to comprise a 'Value' is based on its representation 6641 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 6642 # 123456789, the number of bytes would be counted as 9, even though an 6643 # int64 only holds up to 8 bytes of data. 6644 "floatValue": 3.14, 6645 "timestampValue": "A String", 6646 "dayOfWeekValue": "A String", 6647 "timeValue": { # Represents a time of day. The date and time zone are either not significant 6648 # or are specified elsewhere. An API may choose to allow leap seconds. Related 6649 # types are google.type.Date and `google.protobuf.Timestamp`. 6650 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 6651 # to allow the value "24:00:00" for scenarios like business closing time. 6652 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 6653 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 6654 # allow the value 60 if it allows leap-seconds. 6655 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 6656 }, 6657 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 6658 # and time zone are either specified elsewhere or are not significant. The date 6659 # is relative to the Proleptic Gregorian Calendar. This can represent: 6660 # 6661 # * A full date, with non-zero year, month and day values 6662 # * A month and day value, with a zero year, e.g. an anniversary 6663 # * A year on its own, with zero month and day values 6664 # * A year and month value, with a zero day, e.g. a credit card expiration date 6665 # 6666 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 6667 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 6668 # a year. 6669 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 6670 # if specifying a year by itself or a year and month where the day is not 6671 # significant. 6672 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 6673 # month and day. 6674 }, 6675 "stringValue": "A String", 6676 "booleanValue": True or False, 6677 "integerValue": "A String", 6678 }, 6679 "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided 6680 # the default behavior will be to hyphenate the min-max range. 6681 # Note that for the purposes of inspection or transformation, the number 6682 # of bytes considered to comprise a 'Value' is based on its representation 6683 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 6684 # 123456789, the number of bytes would be counted as 9, even though an 6685 # int64 only holds up to 8 bytes of data. 6686 "floatValue": 3.14, 6687 "timestampValue": "A String", 6688 "dayOfWeekValue": "A String", 6689 "timeValue": { # Represents a time of day. The date and time zone are either not significant 6690 # or are specified elsewhere. An API may choose to allow leap seconds. Related 6691 # types are google.type.Date and `google.protobuf.Timestamp`. 6692 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 6693 # to allow the value "24:00:00" for scenarios like business closing time. 6694 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 6695 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 6696 # allow the value 60 if it allows leap-seconds. 6697 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 6698 }, 6699 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 6700 # and time zone are either specified elsewhere or are not significant. The date 6701 # is relative to the Proleptic Gregorian Calendar. This can represent: 6702 # 6703 # * A full date, with non-zero year, month and day values 6704 # * A month and day value, with a zero year, e.g. an anniversary 6705 # * A year on its own, with zero month and day values 6706 # * A year and month value, with a zero day, e.g. a credit card expiration date 6707 # 6708 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 6709 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 6710 # a year. 6711 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 6712 # if specifying a year by itself or a year and month where the day is not 6713 # significant. 6714 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 6715 # month and day. 6716 }, 6717 "stringValue": "A String", 6718 "booleanValue": True or False, 6719 "integerValue": "A String", 6720 }, 6721 "min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if 6722 # used. 6723 # Note that for the purposes of inspection or transformation, the number 6724 # of bytes considered to comprise a 'Value' is based on its representation 6725 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 6726 # 123456789, the number of bytes would be counted as 9, even though an 6727 # int64 only holds up to 8 bytes of data. 6728 "floatValue": 3.14, 6729 "timestampValue": "A String", 6730 "dayOfWeekValue": "A String", 6731 "timeValue": { # Represents a time of day. The date and time zone are either not significant 6732 # or are specified elsewhere. An API may choose to allow leap seconds. Related 6733 # types are google.type.Date and `google.protobuf.Timestamp`. 6734 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 6735 # to allow the value "24:00:00" for scenarios like business closing time. 6736 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 6737 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 6738 # allow the value 60 if it allows leap-seconds. 6739 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 6740 }, 6741 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 6742 # and time zone are either specified elsewhere or are not significant. The date 6743 # is relative to the Proleptic Gregorian Calendar. This can represent: 6744 # 6745 # * A full date, with non-zero year, month and day values 6746 # * A month and day value, with a zero year, e.g. an anniversary 6747 # * A year on its own, with zero month and day values 6748 # * A year and month value, with a zero day, e.g. a credit card expiration date 6749 # 6750 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 6751 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 6752 # a year. 6753 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 6754 # if specifying a year by itself or a year and month where the day is not 6755 # significant. 6756 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 6757 # month and day. 6758 }, 6759 "stringValue": "A String", 6760 "booleanValue": True or False, 6761 "integerValue": "A String", 6762 }, 6763 }, 6764 ], 6765 }, 6766 "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption 6767 # (FPE) with the FFX mode of operation; however when used in the 6768 # `ReidentifyContent` API method, it serves the opposite function by reversing 6769 # the surrogate back into the original identifier. The identifier must be 6770 # encoded as ASCII. For a given crypto key and context, the same identifier 6771 # will be replaced with the same surrogate. Identifiers must be at least two 6772 # characters long. In the case that the identifier is the empty string, it will 6773 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn 6774 # more. 6775 # 6776 # Note: We recommend using CryptoDeterministicConfig for all use cases which 6777 # do not require preserving the input alphabet space and size, plus warrant 6778 # referential integrity. 6779 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption algorithm. [required] 6780 # a key encryption key (KEK) stored by KMS). 6781 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 6782 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 6783 # unwrap the data crypto key. 6784 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 6785 # The wrapped key must be a 128/192/256 bit key. 6786 # Authorization requires the following IAM permissions when sending a request 6787 # to perform a crypto transformation using a kms-wrapped crypto key: 6788 # dlp.kms.encrypt 6789 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 6790 "wrappedKey": "A String", # The wrapped data crypto key. [required] 6791 }, 6792 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 6793 # leaking the key. Choose another type of key if possible. 6794 "key": "A String", # A 128/192/256 bit key. [required] 6795 }, 6796 "transient": { # Use this to have a random data crypto key generated. 6797 # It will be discarded after the request finishes. 6798 "name": "A String", # Name of the key. [required] 6799 # This is an arbitrary string used to differentiate different keys. 6800 # A unique key is generated per name: two separate `TransientCryptoKey` 6801 # protos share the same generated key if their names are the same. 6802 # When the data crypto key is generated, this name is not used in any way 6803 # (repeating the api call will result in a different key being generated). 6804 }, 6805 }, 6806 "radix": 42, # The native way to select the alphabet. Must be in the range [2, 62]. 6807 "commonAlphabet": "A String", 6808 "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters 6809 # that the FFX mode natively supports. This happens before/after 6810 # encryption/decryption. 6811 # Each character listed must appear only once. 6812 # Number of characters must be in the range [2, 62]. 6813 # This must be encoded as ASCII. 6814 # The order of characters does not matter. 6815 "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same 6816 # identifier in two different contexts won't be given the same surrogate. If 6817 # the context is not set, a default tweak will be used. 6818 # 6819 # If the context is set but: 6820 # 6821 # 1. there is no record present when transforming a given value or 6822 # 1. the field is not present when transforming a given value, 6823 # 6824 # a default tweak will be used. 6825 # 6826 # Note that case (1) is expected when an `InfoTypeTransformation` is 6827 # applied to both structured and non-structured `ContentItem`s. 6828 # Currently, the referenced field may be of value type integer or string. 6829 # 6830 # The tweak is constructed as a sequence of bytes in big endian byte order 6831 # such that: 6832 # 6833 # - a 64 bit integer is encoded followed by a single byte of value 1 6834 # - a string is encoded in UTF-8 format followed by a single byte of value 2 6835 "name": "A String", # Name describing the field. 6836 }, 6837 "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. 6838 # This annotation will be applied to the surrogate by prefixing it with 6839 # the name of the custom infoType followed by the number of 6840 # characters comprising the surrogate. The following scheme defines the 6841 # format: info_type_name(surrogate_character_count):surrogate 6842 # 6843 # For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and 6844 # the surrogate is 'abc', the full replacement value 6845 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 6846 # 6847 # This annotation identifies the surrogate when inspecting content using the 6848 # custom infoType 6849 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). 6850 # This facilitates reversal of the surrogate when it occurs in free text. 6851 # 6852 # In order for inspection to work properly, the name of this infoType must 6853 # not occur naturally anywhere in your data; otherwise, inspection may 6854 # find a surrogate that does not correspond to an actual identifier. 6855 # Therefore, choose your custom infoType name carefully after considering 6856 # what your data looks like. One way to select a name that has a high chance 6857 # of yielding reliable detection is to include one or more unicode characters 6858 # that are highly improbable to exist in your data. 6859 # For example, assuming your data is entered from a regular ASCII keyboard, 6860 # the symbol with the hex code point 29DD might be used like so: 6861 # ⧝MY_TOKEN_TYPE 6862 "name": "A String", # Name of the information type. Either a name of your choosing when 6863 # creating a CustomInfoType, or one of the names listed 6864 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 6865 # a built-in type. InfoType names should conform to the pattern 6866 # [a-zA-Z0-9_]{1,64}. 6867 }, 6868 }, 6869 "replaceConfig": { # Replace each input value with a given `Value`. 6870 "newValue": { # Set of primitive values supported by the system. # Value to replace it with. 6871 # Note that for the purposes of inspection or transformation, the number 6872 # of bytes considered to comprise a 'Value' is based on its representation 6873 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 6874 # 123456789, the number of bytes would be counted as 9, even though an 6875 # int64 only holds up to 8 bytes of data. 6876 "floatValue": 3.14, 6877 "timestampValue": "A String", 6878 "dayOfWeekValue": "A String", 6879 "timeValue": { # Represents a time of day. The date and time zone are either not significant 6880 # or are specified elsewhere. An API may choose to allow leap seconds. Related 6881 # types are google.type.Date and `google.protobuf.Timestamp`. 6882 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 6883 # to allow the value "24:00:00" for scenarios like business closing time. 6884 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 6885 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 6886 # allow the value 60 if it allows leap-seconds. 6887 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 6888 }, 6889 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 6890 # and time zone are either specified elsewhere or are not significant. The date 6891 # is relative to the Proleptic Gregorian Calendar. This can represent: 6892 # 6893 # * A full date, with non-zero year, month and day values 6894 # * A month and day value, with a zero year, e.g. an anniversary 6895 # * A year on its own, with zero month and day values 6896 # * A year and month value, with a zero day, e.g. a credit card expiration date 6897 # 6898 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 6899 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 6900 # a year. 6901 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 6902 # if specifying a year by itself or a year and month where the day is not 6903 # significant. 6904 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 6905 # month and day. 6906 }, 6907 "stringValue": "A String", 6908 "booleanValue": True or False, 6909 "integerValue": "A String", 6910 }, 6911 }, 6912 }, 6913 "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause 6914 # this transformation to apply to all findings that correspond to 6915 # infoTypes that were requested in `InspectConfig`. 6916 { # Type of information detected by the API. 6917 "name": "A String", # Name of the information type. Either a name of your choosing when 6918 # creating a CustomInfoType, or one of the names listed 6919 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 6920 # a built-in type. InfoType names should conform to the pattern 6921 # [a-zA-Z0-9_]{1,64}. 6922 }, 6923 ], 6924 }, 6925 ], 6926 }, 6927 "recordTransformations": { # A type of transformation that is applied over structured data such as a # Treat the dataset as structured. Transformations can be applied to 6928 # specific locations within structured datasets, such as transforming 6929 # a column within a table. 6930 # table. 6931 "recordSuppressions": [ # Configuration defining which records get suppressed entirely. Records that 6932 # match any suppression rule are omitted from the output [optional]. 6933 { # Configuration to suppress records whose suppression conditions evaluate to 6934 # true. 6935 "condition": { # A condition for determining whether a transformation should be applied to # A condition that when it evaluates to true will result in the record being 6936 # evaluated to be suppressed from the transformed content. 6937 # a field. 6938 "expressions": { # An expression, consisting or an operator and conditions. # An expression. 6939 "conditions": { # A collection of conditions. 6940 "conditions": [ 6941 { # The field type of `value` and `field` do not need to match to be 6942 # considered equal, but not all comparisons are possible. 6943 # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, 6944 # but all other comparisons are invalid with incompatible types. 6945 # A `value` of type: 6946 # 6947 # - `string` can be compared against all other types 6948 # - `boolean` can only be compared against other booleans 6949 # - `integer` can be compared against doubles or a string if the string value 6950 # can be parsed as an integer. 6951 # - `double` can be compared against integers or a string if the string can 6952 # be parsed as a double. 6953 # - `Timestamp` can be compared against strings in RFC 3339 date string 6954 # format. 6955 # - `TimeOfDay` can be compared against timestamps and strings in the format 6956 # of 'HH:mm:ss'. 6957 # 6958 # If we fail to compare do to type mismatch, a warning will be given and 6959 # the condition will evaluate to false. 6960 "operator": "A String", # Operator used to compare the field or infoType to the value. [required] 6961 "field": { # General identifier of a data field in a storage service. # Field within the record this condition is evaluated against. [required] 6962 "name": "A String", # Name describing the field. 6963 }, 6964 "value": { # Set of primitive values supported by the system. # Value to compare against. [Required, except for `EXISTS` tests.] 6965 # Note that for the purposes of inspection or transformation, the number 6966 # of bytes considered to comprise a 'Value' is based on its representation 6967 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 6968 # 123456789, the number of bytes would be counted as 9, even though an 6969 # int64 only holds up to 8 bytes of data. 6970 "floatValue": 3.14, 6971 "timestampValue": "A String", 6972 "dayOfWeekValue": "A String", 6973 "timeValue": { # Represents a time of day. The date and time zone are either not significant 6974 # or are specified elsewhere. An API may choose to allow leap seconds. Related 6975 # types are google.type.Date and `google.protobuf.Timestamp`. 6976 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 6977 # to allow the value "24:00:00" for scenarios like business closing time. 6978 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 6979 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 6980 # allow the value 60 if it allows leap-seconds. 6981 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 6982 }, 6983 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 6984 # and time zone are either specified elsewhere or are not significant. The date 6985 # is relative to the Proleptic Gregorian Calendar. This can represent: 6986 # 6987 # * A full date, with non-zero year, month and day values 6988 # * A month and day value, with a zero year, e.g. an anniversary 6989 # * A year on its own, with zero month and day values 6990 # * A year and month value, with a zero day, e.g. a credit card expiration date 6991 # 6992 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 6993 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 6994 # a year. 6995 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 6996 # if specifying a year by itself or a year and month where the day is not 6997 # significant. 6998 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 6999 # month and day. 7000 }, 7001 "stringValue": "A String", 7002 "booleanValue": True or False, 7003 "integerValue": "A String", 7004 }, 7005 }, 7006 ], 7007 }, 7008 "logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently 7009 # only supported value is `AND`. 7010 }, 7011 }, 7012 }, 7013 ], 7014 "fieldTransformations": [ # Transform the record by applying various field transformations. 7015 { # The transformation to apply to the field. 7016 "infoTypeTransformations": { # A type of transformation that will scan unstructured text and # Treat the contents of the field as free text, and selectively 7017 # transform content that matches an `InfoType`. 7018 # apply various `PrimitiveTransformation`s to each finding, where the 7019 # transformation is applied to only values that were identified as a specific 7020 # info_type. 7021 "transformations": [ # Transformation for each infoType. Cannot specify more than one 7022 # for a given infoType. [required] 7023 { # A transformation to apply to text that is identified as a specific 7024 # info_type. 7025 "primitiveTransformation": { # A rule for transforming a value. # Primitive transformation to apply to the infoType. [required] 7026 "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a 7027 # fixed character. Masking can start from the beginning or end of the string. 7028 # This can be used on data of any type (numbers, longs, and so on) and when 7029 # de-identifying structured data we'll attempt to preserve the original data's 7030 # type. (This allows you to take a long like 123 and modify it to a string like 7031 # **3. 7032 "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing. 7033 # For example, if your string is 555-555-5555 and you ask us to skip `-` and 7034 # mask 5 chars with * we would produce ***-*55-5555. 7035 { # Characters to skip when doing deidentification of a value. These will be left 7036 # alone and skipped. 7037 "commonCharactersToIgnore": "A String", 7038 "charactersToSkip": "A String", 7039 }, 7040 ], 7041 "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be 7042 # masked. Skipped characters do not count towards this tally. 7043 "maskingCharacter": "A String", # Character to mask the sensitive values—for example, "*" for an 7044 # alphabetic string such as name, or "0" for a numeric string such as ZIP 7045 # code or credit card number. String must have length 1. If not supplied, we 7046 # will default to "*" for strings, 0 for digits. 7047 "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is 7048 # '0', number_to_mask is 14, and `reverse_order` is false, then 7049 # 1234-5678-9012-3456 -> 00000000000000-3456 7050 # If `masking_character` is '*', `number_to_mask` is 3, and `reverse_order` 7051 # is true, then 12345 -> 12*** 7052 }, 7053 "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` 7054 # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the 7055 # output would be 'My phone number is '. 7056 }, 7057 "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given 7058 # input. Outputs a base64 encoded representation of the encrypted output. 7059 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. 7060 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function. 7061 # a key encryption key (KEK) stored by KMS). 7062 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 7063 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 7064 # unwrap the data crypto key. 7065 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 7066 # The wrapped key must be a 128/192/256 bit key. 7067 # Authorization requires the following IAM permissions when sending a request 7068 # to perform a crypto transformation using a kms-wrapped crypto key: 7069 # dlp.kms.encrypt 7070 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 7071 "wrappedKey": "A String", # The wrapped data crypto key. [required] 7072 }, 7073 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 7074 # leaking the key. Choose another type of key if possible. 7075 "key": "A String", # A 128/192/256 bit key. [required] 7076 }, 7077 "transient": { # Use this to have a random data crypto key generated. 7078 # It will be discarded after the request finishes. 7079 "name": "A String", # Name of the key. [required] 7080 # This is an arbitrary string used to differentiate different keys. 7081 # A unique key is generated per name: two separate `TransientCryptoKey` 7082 # protos share the same generated key if their names are the same. 7083 # When the data crypto key is generated, this name is not used in any way 7084 # (repeating the api call will result in a different key being generated). 7085 }, 7086 }, 7087 "context": { # General identifier of a data field in a storage service. # Optional. A context may be used for higher security and maintaining 7088 # referential integrity such that the same identifier in two different 7089 # contexts will be given a distinct surrogate. The context is appended to 7090 # plaintext value being encrypted. On decryption the provided context is 7091 # validated against the value used during encryption. If a context was 7092 # provided during encryption, same context must be provided during decryption 7093 # as well. 7094 # 7095 # If the context is not set, plaintext would be used as is for encryption. 7096 # If the context is set but: 7097 # 7098 # 1. there is no record present when transforming a given value or 7099 # 2. the field is not present when transforming a given value, 7100 # 7101 # plaintext would be used as is for encryption. 7102 # 7103 # Note that case (1) is expected when an `InfoTypeTransformation` is 7104 # applied to both structured and non-structured `ContentItem`s. 7105 "name": "A String", # Name describing the field. 7106 }, 7107 "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. 7108 # This annotation will be applied to the surrogate by prefixing it with 7109 # the name of the custom info type followed by the number of 7110 # characters comprising the surrogate. The following scheme defines the 7111 # format: <info type name>(<surrogate character count>):<surrogate> 7112 # 7113 # For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and 7114 # the surrogate is 'abc', the full replacement value 7115 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 7116 # 7117 # This annotation identifies the surrogate when inspecting content using the 7118 # custom info type 'Surrogate'. This facilitates reversal of the 7119 # surrogate when it occurs in free text. 7120 # 7121 # In order for inspection to work properly, the name of this info type must 7122 # not occur naturally anywhere in your data; otherwise, inspection may either 7123 # 7124 # - reverse a surrogate that does not correspond to an actual identifier 7125 # - be unable to parse the surrogate and result in an error 7126 # 7127 # Therefore, choose your custom info type name carefully after considering 7128 # what your data looks like. One way to select a name that has a high chance 7129 # of yielding reliable detection is to include one or more unicode characters 7130 # that are highly improbable to exist in your data. 7131 # For example, assuming your data is entered from a regular ASCII keyboard, 7132 # the symbol with the hex code point 29DD might be used like so: 7133 # ⧝MY_TOKEN_TYPE 7134 "name": "A String", # Name of the information type. Either a name of your choosing when 7135 # creating a CustomInfoType, or one of the names listed 7136 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 7137 # a built-in type. InfoType names should conform to the pattern 7138 # [a-zA-Z0-9_]{1,64}. 7139 }, 7140 }, 7141 "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The 7142 # Bucketing transformation can provide all of this functionality, 7143 # but requires more configuration. This message is provided as a convenience to 7144 # the user for simple bucketing strategies. 7145 # 7146 # The transformed value will be a hyphenated string of 7147 # <lower_bound>-<upper_bound>, i.e if lower_bound = 10 and upper_bound = 20 7148 # all values that are within this bucket will be replaced with "10-20". 7149 # 7150 # This can be used on data of type: double, long. 7151 # 7152 # If the bound Value type differs from the type of data 7153 # being transformed, we will first attempt converting the type of the data to 7154 # be transformed to match the type of the bound before comparing. 7155 # 7156 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 7157 "lowerBound": { # Set of primitive values supported by the system. # Lower bound value of buckets. All values less than `lower_bound` are 7158 # grouped together into a single bucket; for example if `lower_bound` = 10, 7159 # then all values less than 10 are replaced with the value “-10”. [Required]. 7160 # Note that for the purposes of inspection or transformation, the number 7161 # of bytes considered to comprise a 'Value' is based on its representation 7162 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 7163 # 123456789, the number of bytes would be counted as 9, even though an 7164 # int64 only holds up to 8 bytes of data. 7165 "floatValue": 3.14, 7166 "timestampValue": "A String", 7167 "dayOfWeekValue": "A String", 7168 "timeValue": { # Represents a time of day. The date and time zone are either not significant 7169 # or are specified elsewhere. An API may choose to allow leap seconds. Related 7170 # types are google.type.Date and `google.protobuf.Timestamp`. 7171 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 7172 # to allow the value "24:00:00" for scenarios like business closing time. 7173 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 7174 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 7175 # allow the value 60 if it allows leap-seconds. 7176 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 7177 }, 7178 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 7179 # and time zone are either specified elsewhere or are not significant. The date 7180 # is relative to the Proleptic Gregorian Calendar. This can represent: 7181 # 7182 # * A full date, with non-zero year, month and day values 7183 # * A month and day value, with a zero year, e.g. an anniversary 7184 # * A year on its own, with zero month and day values 7185 # * A year and month value, with a zero day, e.g. a credit card expiration date 7186 # 7187 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 7188 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 7189 # a year. 7190 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 7191 # if specifying a year by itself or a year and month where the day is not 7192 # significant. 7193 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 7194 # month and day. 7195 }, 7196 "stringValue": "A String", 7197 "booleanValue": True or False, 7198 "integerValue": "A String", 7199 }, 7200 "upperBound": { # Set of primitive values supported by the system. # Upper bound value of buckets. All values greater than upper_bound are 7201 # grouped together into a single bucket; for example if `upper_bound` = 89, 7202 # then all values greater than 89 are replaced with the value “89+”. 7203 # [Required]. 7204 # Note that for the purposes of inspection or transformation, the number 7205 # of bytes considered to comprise a 'Value' is based on its representation 7206 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 7207 # 123456789, the number of bytes would be counted as 9, even though an 7208 # int64 only holds up to 8 bytes of data. 7209 "floatValue": 3.14, 7210 "timestampValue": "A String", 7211 "dayOfWeekValue": "A String", 7212 "timeValue": { # Represents a time of day. The date and time zone are either not significant 7213 # or are specified elsewhere. An API may choose to allow leap seconds. Related 7214 # types are google.type.Date and `google.protobuf.Timestamp`. 7215 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 7216 # to allow the value "24:00:00" for scenarios like business closing time. 7217 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 7218 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 7219 # allow the value 60 if it allows leap-seconds. 7220 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 7221 }, 7222 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 7223 # and time zone are either specified elsewhere or are not significant. The date 7224 # is relative to the Proleptic Gregorian Calendar. This can represent: 7225 # 7226 # * A full date, with non-zero year, month and day values 7227 # * A month and day value, with a zero year, e.g. an anniversary 7228 # * A year on its own, with zero month and day values 7229 # * A year and month value, with a zero day, e.g. a credit card expiration date 7230 # 7231 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 7232 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 7233 # a year. 7234 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 7235 # if specifying a year by itself or a year and month where the day is not 7236 # significant. 7237 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 7238 # month and day. 7239 }, 7240 "stringValue": "A String", 7241 "booleanValue": True or False, 7242 "integerValue": "A String", 7243 }, 7244 "bucketSize": 3.14, # Size of each bucket (except for minimum and maximum buckets). So if 7245 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the 7246 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 7247 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. [Required]. 7248 }, 7249 "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. 7250 }, 7251 "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a 7252 # portion of the value. 7253 "partToExtract": "A String", 7254 }, 7255 "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. 7256 # Uses SHA-256. 7257 # The key size must be either 32 or 64 bytes. 7258 # Outputs a base64 encoded representation of the hashed output 7259 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). 7260 # Currently, only string and integer values can be hashed. 7261 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more. 7262 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function. 7263 # a key encryption key (KEK) stored by KMS). 7264 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 7265 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 7266 # unwrap the data crypto key. 7267 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 7268 # The wrapped key must be a 128/192/256 bit key. 7269 # Authorization requires the following IAM permissions when sending a request 7270 # to perform a crypto transformation using a kms-wrapped crypto key: 7271 # dlp.kms.encrypt 7272 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 7273 "wrappedKey": "A String", # The wrapped data crypto key. [required] 7274 }, 7275 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 7276 # leaking the key. Choose another type of key if possible. 7277 "key": "A String", # A 128/192/256 bit key. [required] 7278 }, 7279 "transient": { # Use this to have a random data crypto key generated. 7280 # It will be discarded after the request finishes. 7281 "name": "A String", # Name of the key. [required] 7282 # This is an arbitrary string used to differentiate different keys. 7283 # A unique key is generated per name: two separate `TransientCryptoKey` 7284 # protos share the same generated key if their names are the same. 7285 # When the data crypto key is generated, this name is not used in any way 7286 # (repeating the api call will result in a different key being generated). 7287 }, 7288 }, 7289 }, 7290 "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the 7291 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting 7292 # to learn more. 7293 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This 7294 # results in the same shift for the same context and crypto_key. 7295 # a key encryption key (KEK) stored by KMS). 7296 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 7297 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 7298 # unwrap the data crypto key. 7299 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 7300 # The wrapped key must be a 128/192/256 bit key. 7301 # Authorization requires the following IAM permissions when sending a request 7302 # to perform a crypto transformation using a kms-wrapped crypto key: 7303 # dlp.kms.encrypt 7304 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 7305 "wrappedKey": "A String", # The wrapped data crypto key. [required] 7306 }, 7307 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 7308 # leaking the key. Choose another type of key if possible. 7309 "key": "A String", # A 128/192/256 bit key. [required] 7310 }, 7311 "transient": { # Use this to have a random data crypto key generated. 7312 # It will be discarded after the request finishes. 7313 "name": "A String", # Name of the key. [required] 7314 # This is an arbitrary string used to differentiate different keys. 7315 # A unique key is generated per name: two separate `TransientCryptoKey` 7316 # protos share the same generated key if their names are the same. 7317 # When the data crypto key is generated, this name is not used in any way 7318 # (repeating the api call will result in a different key being generated). 7319 }, 7320 }, 7321 "lowerBoundDays": 42, # For example, -5 means shift date to at most 5 days back in the past. 7322 # [Required] 7323 "upperBoundDays": 42, # Range of shift in days. Actual shift will be selected at random within this 7324 # range (inclusive ends). Negative means shift to earlier in time. Must not 7325 # be more than 365250 days (1000 years) each direction. 7326 # 7327 # For example, 3 means shift date to at most 3 days into the future. 7328 # [Required] 7329 "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. 7330 # If set, must also set method. If set, shift will be consistent for the 7331 # given context. 7332 "name": "A String", # Name describing the field. 7333 }, 7334 }, 7335 "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and 7336 # replacement values are dynamically provided by the user for custom behavior, 7337 # such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH 7338 # This can be used on 7339 # data of type: number, long, string, timestamp. 7340 # If the bound `Value` type differs from the type of data being transformed, we 7341 # will first attempt converting the type of the data to be transformed to match 7342 # the type of the bound before comparing. 7343 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 7344 "buckets": [ # Set of buckets. Ranges must be non-overlapping. 7345 { # Bucket is represented as a range, along with replacement values. 7346 "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min. 7347 # Note that for the purposes of inspection or transformation, the number 7348 # of bytes considered to comprise a 'Value' is based on its representation 7349 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 7350 # 123456789, the number of bytes would be counted as 9, even though an 7351 # int64 only holds up to 8 bytes of data. 7352 "floatValue": 3.14, 7353 "timestampValue": "A String", 7354 "dayOfWeekValue": "A String", 7355 "timeValue": { # Represents a time of day. The date and time zone are either not significant 7356 # or are specified elsewhere. An API may choose to allow leap seconds. Related 7357 # types are google.type.Date and `google.protobuf.Timestamp`. 7358 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 7359 # to allow the value "24:00:00" for scenarios like business closing time. 7360 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 7361 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 7362 # allow the value 60 if it allows leap-seconds. 7363 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 7364 }, 7365 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 7366 # and time zone are either specified elsewhere or are not significant. The date 7367 # is relative to the Proleptic Gregorian Calendar. This can represent: 7368 # 7369 # * A full date, with non-zero year, month and day values 7370 # * A month and day value, with a zero year, e.g. an anniversary 7371 # * A year on its own, with zero month and day values 7372 # * A year and month value, with a zero day, e.g. a credit card expiration date 7373 # 7374 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 7375 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 7376 # a year. 7377 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 7378 # if specifying a year by itself or a year and month where the day is not 7379 # significant. 7380 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 7381 # month and day. 7382 }, 7383 "stringValue": "A String", 7384 "booleanValue": True or False, 7385 "integerValue": "A String", 7386 }, 7387 "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided 7388 # the default behavior will be to hyphenate the min-max range. 7389 # Note that for the purposes of inspection or transformation, the number 7390 # of bytes considered to comprise a 'Value' is based on its representation 7391 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 7392 # 123456789, the number of bytes would be counted as 9, even though an 7393 # int64 only holds up to 8 bytes of data. 7394 "floatValue": 3.14, 7395 "timestampValue": "A String", 7396 "dayOfWeekValue": "A String", 7397 "timeValue": { # Represents a time of day. The date and time zone are either not significant 7398 # or are specified elsewhere. An API may choose to allow leap seconds. Related 7399 # types are google.type.Date and `google.protobuf.Timestamp`. 7400 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 7401 # to allow the value "24:00:00" for scenarios like business closing time. 7402 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 7403 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 7404 # allow the value 60 if it allows leap-seconds. 7405 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 7406 }, 7407 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 7408 # and time zone are either specified elsewhere or are not significant. The date 7409 # is relative to the Proleptic Gregorian Calendar. This can represent: 7410 # 7411 # * A full date, with non-zero year, month and day values 7412 # * A month and day value, with a zero year, e.g. an anniversary 7413 # * A year on its own, with zero month and day values 7414 # * A year and month value, with a zero day, e.g. a credit card expiration date 7415 # 7416 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 7417 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 7418 # a year. 7419 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 7420 # if specifying a year by itself or a year and month where the day is not 7421 # significant. 7422 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 7423 # month and day. 7424 }, 7425 "stringValue": "A String", 7426 "booleanValue": True or False, 7427 "integerValue": "A String", 7428 }, 7429 "min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if 7430 # used. 7431 # Note that for the purposes of inspection or transformation, the number 7432 # of bytes considered to comprise a 'Value' is based on its representation 7433 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 7434 # 123456789, the number of bytes would be counted as 9, even though an 7435 # int64 only holds up to 8 bytes of data. 7436 "floatValue": 3.14, 7437 "timestampValue": "A String", 7438 "dayOfWeekValue": "A String", 7439 "timeValue": { # Represents a time of day. The date and time zone are either not significant 7440 # or are specified elsewhere. An API may choose to allow leap seconds. Related 7441 # types are google.type.Date and `google.protobuf.Timestamp`. 7442 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 7443 # to allow the value "24:00:00" for scenarios like business closing time. 7444 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 7445 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 7446 # allow the value 60 if it allows leap-seconds. 7447 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 7448 }, 7449 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 7450 # and time zone are either specified elsewhere or are not significant. The date 7451 # is relative to the Proleptic Gregorian Calendar. This can represent: 7452 # 7453 # * A full date, with non-zero year, month and day values 7454 # * A month and day value, with a zero year, e.g. an anniversary 7455 # * A year on its own, with zero month and day values 7456 # * A year and month value, with a zero day, e.g. a credit card expiration date 7457 # 7458 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 7459 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 7460 # a year. 7461 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 7462 # if specifying a year by itself or a year and month where the day is not 7463 # significant. 7464 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 7465 # month and day. 7466 }, 7467 "stringValue": "A String", 7468 "booleanValue": True or False, 7469 "integerValue": "A String", 7470 }, 7471 }, 7472 ], 7473 }, 7474 "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption 7475 # (FPE) with the FFX mode of operation; however when used in the 7476 # `ReidentifyContent` API method, it serves the opposite function by reversing 7477 # the surrogate back into the original identifier. The identifier must be 7478 # encoded as ASCII. For a given crypto key and context, the same identifier 7479 # will be replaced with the same surrogate. Identifiers must be at least two 7480 # characters long. In the case that the identifier is the empty string, it will 7481 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn 7482 # more. 7483 # 7484 # Note: We recommend using CryptoDeterministicConfig for all use cases which 7485 # do not require preserving the input alphabet space and size, plus warrant 7486 # referential integrity. 7487 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption algorithm. [required] 7488 # a key encryption key (KEK) stored by KMS). 7489 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 7490 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 7491 # unwrap the data crypto key. 7492 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 7493 # The wrapped key must be a 128/192/256 bit key. 7494 # Authorization requires the following IAM permissions when sending a request 7495 # to perform a crypto transformation using a kms-wrapped crypto key: 7496 # dlp.kms.encrypt 7497 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 7498 "wrappedKey": "A String", # The wrapped data crypto key. [required] 7499 }, 7500 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 7501 # leaking the key. Choose another type of key if possible. 7502 "key": "A String", # A 128/192/256 bit key. [required] 7503 }, 7504 "transient": { # Use this to have a random data crypto key generated. 7505 # It will be discarded after the request finishes. 7506 "name": "A String", # Name of the key. [required] 7507 # This is an arbitrary string used to differentiate different keys. 7508 # A unique key is generated per name: two separate `TransientCryptoKey` 7509 # protos share the same generated key if their names are the same. 7510 # When the data crypto key is generated, this name is not used in any way 7511 # (repeating the api call will result in a different key being generated). 7512 }, 7513 }, 7514 "radix": 42, # The native way to select the alphabet. Must be in the range [2, 62]. 7515 "commonAlphabet": "A String", 7516 "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters 7517 # that the FFX mode natively supports. This happens before/after 7518 # encryption/decryption. 7519 # Each character listed must appear only once. 7520 # Number of characters must be in the range [2, 62]. 7521 # This must be encoded as ASCII. 7522 # The order of characters does not matter. 7523 "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same 7524 # identifier in two different contexts won't be given the same surrogate. If 7525 # the context is not set, a default tweak will be used. 7526 # 7527 # If the context is set but: 7528 # 7529 # 1. there is no record present when transforming a given value or 7530 # 1. the field is not present when transforming a given value, 7531 # 7532 # a default tweak will be used. 7533 # 7534 # Note that case (1) is expected when an `InfoTypeTransformation` is 7535 # applied to both structured and non-structured `ContentItem`s. 7536 # Currently, the referenced field may be of value type integer or string. 7537 # 7538 # The tweak is constructed as a sequence of bytes in big endian byte order 7539 # such that: 7540 # 7541 # - a 64 bit integer is encoded followed by a single byte of value 1 7542 # - a string is encoded in UTF-8 format followed by a single byte of value 2 7543 "name": "A String", # Name describing the field. 7544 }, 7545 "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. 7546 # This annotation will be applied to the surrogate by prefixing it with 7547 # the name of the custom infoType followed by the number of 7548 # characters comprising the surrogate. The following scheme defines the 7549 # format: info_type_name(surrogate_character_count):surrogate 7550 # 7551 # For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and 7552 # the surrogate is 'abc', the full replacement value 7553 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 7554 # 7555 # This annotation identifies the surrogate when inspecting content using the 7556 # custom infoType 7557 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). 7558 # This facilitates reversal of the surrogate when it occurs in free text. 7559 # 7560 # In order for inspection to work properly, the name of this infoType must 7561 # not occur naturally anywhere in your data; otherwise, inspection may 7562 # find a surrogate that does not correspond to an actual identifier. 7563 # Therefore, choose your custom infoType name carefully after considering 7564 # what your data looks like. One way to select a name that has a high chance 7565 # of yielding reliable detection is to include one or more unicode characters 7566 # that are highly improbable to exist in your data. 7567 # For example, assuming your data is entered from a regular ASCII keyboard, 7568 # the symbol with the hex code point 29DD might be used like so: 7569 # ⧝MY_TOKEN_TYPE 7570 "name": "A String", # Name of the information type. Either a name of your choosing when 7571 # creating a CustomInfoType, or one of the names listed 7572 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 7573 # a built-in type. InfoType names should conform to the pattern 7574 # [a-zA-Z0-9_]{1,64}. 7575 }, 7576 }, 7577 "replaceConfig": { # Replace each input value with a given `Value`. 7578 "newValue": { # Set of primitive values supported by the system. # Value to replace it with. 7579 # Note that for the purposes of inspection or transformation, the number 7580 # of bytes considered to comprise a 'Value' is based on its representation 7581 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 7582 # 123456789, the number of bytes would be counted as 9, even though an 7583 # int64 only holds up to 8 bytes of data. 7584 "floatValue": 3.14, 7585 "timestampValue": "A String", 7586 "dayOfWeekValue": "A String", 7587 "timeValue": { # Represents a time of day. The date and time zone are either not significant 7588 # or are specified elsewhere. An API may choose to allow leap seconds. Related 7589 # types are google.type.Date and `google.protobuf.Timestamp`. 7590 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 7591 # to allow the value "24:00:00" for scenarios like business closing time. 7592 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 7593 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 7594 # allow the value 60 if it allows leap-seconds. 7595 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 7596 }, 7597 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 7598 # and time zone are either specified elsewhere or are not significant. The date 7599 # is relative to the Proleptic Gregorian Calendar. This can represent: 7600 # 7601 # * A full date, with non-zero year, month and day values 7602 # * A month and day value, with a zero year, e.g. an anniversary 7603 # * A year on its own, with zero month and day values 7604 # * A year and month value, with a zero day, e.g. a credit card expiration date 7605 # 7606 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 7607 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 7608 # a year. 7609 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 7610 # if specifying a year by itself or a year and month where the day is not 7611 # significant. 7612 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 7613 # month and day. 7614 }, 7615 "stringValue": "A String", 7616 "booleanValue": True or False, 7617 "integerValue": "A String", 7618 }, 7619 }, 7620 }, 7621 "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause 7622 # this transformation to apply to all findings that correspond to 7623 # infoTypes that were requested in `InspectConfig`. 7624 { # Type of information detected by the API. 7625 "name": "A String", # Name of the information type. Either a name of your choosing when 7626 # creating a CustomInfoType, or one of the names listed 7627 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 7628 # a built-in type. InfoType names should conform to the pattern 7629 # [a-zA-Z0-9_]{1,64}. 7630 }, 7631 ], 7632 }, 7633 ], 7634 }, 7635 "primitiveTransformation": { # A rule for transforming a value. # Apply the transformation to the entire field. 7636 "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a 7637 # fixed character. Masking can start from the beginning or end of the string. 7638 # This can be used on data of any type (numbers, longs, and so on) and when 7639 # de-identifying structured data we'll attempt to preserve the original data's 7640 # type. (This allows you to take a long like 123 and modify it to a string like 7641 # **3. 7642 "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing. 7643 # For example, if your string is 555-555-5555 and you ask us to skip `-` and 7644 # mask 5 chars with * we would produce ***-*55-5555. 7645 { # Characters to skip when doing deidentification of a value. These will be left 7646 # alone and skipped. 7647 "commonCharactersToIgnore": "A String", 7648 "charactersToSkip": "A String", 7649 }, 7650 ], 7651 "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be 7652 # masked. Skipped characters do not count towards this tally. 7653 "maskingCharacter": "A String", # Character to mask the sensitive values—for example, "*" for an 7654 # alphabetic string such as name, or "0" for a numeric string such as ZIP 7655 # code or credit card number. String must have length 1. If not supplied, we 7656 # will default to "*" for strings, 0 for digits. 7657 "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is 7658 # '0', number_to_mask is 14, and `reverse_order` is false, then 7659 # 1234-5678-9012-3456 -> 00000000000000-3456 7660 # If `masking_character` is '*', `number_to_mask` is 3, and `reverse_order` 7661 # is true, then 12345 -> 12*** 7662 }, 7663 "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` 7664 # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the 7665 # output would be 'My phone number is '. 7666 }, 7667 "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given 7668 # input. Outputs a base64 encoded representation of the encrypted output. 7669 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. 7670 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function. 7671 # a key encryption key (KEK) stored by KMS). 7672 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 7673 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 7674 # unwrap the data crypto key. 7675 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 7676 # The wrapped key must be a 128/192/256 bit key. 7677 # Authorization requires the following IAM permissions when sending a request 7678 # to perform a crypto transformation using a kms-wrapped crypto key: 7679 # dlp.kms.encrypt 7680 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 7681 "wrappedKey": "A String", # The wrapped data crypto key. [required] 7682 }, 7683 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 7684 # leaking the key. Choose another type of key if possible. 7685 "key": "A String", # A 128/192/256 bit key. [required] 7686 }, 7687 "transient": { # Use this to have a random data crypto key generated. 7688 # It will be discarded after the request finishes. 7689 "name": "A String", # Name of the key. [required] 7690 # This is an arbitrary string used to differentiate different keys. 7691 # A unique key is generated per name: two separate `TransientCryptoKey` 7692 # protos share the same generated key if their names are the same. 7693 # When the data crypto key is generated, this name is not used in any way 7694 # (repeating the api call will result in a different key being generated). 7695 }, 7696 }, 7697 "context": { # General identifier of a data field in a storage service. # Optional. A context may be used for higher security and maintaining 7698 # referential integrity such that the same identifier in two different 7699 # contexts will be given a distinct surrogate. The context is appended to 7700 # plaintext value being encrypted. On decryption the provided context is 7701 # validated against the value used during encryption. If a context was 7702 # provided during encryption, same context must be provided during decryption 7703 # as well. 7704 # 7705 # If the context is not set, plaintext would be used as is for encryption. 7706 # If the context is set but: 7707 # 7708 # 1. there is no record present when transforming a given value or 7709 # 2. the field is not present when transforming a given value, 7710 # 7711 # plaintext would be used as is for encryption. 7712 # 7713 # Note that case (1) is expected when an `InfoTypeTransformation` is 7714 # applied to both structured and non-structured `ContentItem`s. 7715 "name": "A String", # Name describing the field. 7716 }, 7717 "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. 7718 # This annotation will be applied to the surrogate by prefixing it with 7719 # the name of the custom info type followed by the number of 7720 # characters comprising the surrogate. The following scheme defines the 7721 # format: <info type name>(<surrogate character count>):<surrogate> 7722 # 7723 # For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and 7724 # the surrogate is 'abc', the full replacement value 7725 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 7726 # 7727 # This annotation identifies the surrogate when inspecting content using the 7728 # custom info type 'Surrogate'. This facilitates reversal of the 7729 # surrogate when it occurs in free text. 7730 # 7731 # In order for inspection to work properly, the name of this info type must 7732 # not occur naturally anywhere in your data; otherwise, inspection may either 7733 # 7734 # - reverse a surrogate that does not correspond to an actual identifier 7735 # - be unable to parse the surrogate and result in an error 7736 # 7737 # Therefore, choose your custom info type name carefully after considering 7738 # what your data looks like. One way to select a name that has a high chance 7739 # of yielding reliable detection is to include one or more unicode characters 7740 # that are highly improbable to exist in your data. 7741 # For example, assuming your data is entered from a regular ASCII keyboard, 7742 # the symbol with the hex code point 29DD might be used like so: 7743 # ⧝MY_TOKEN_TYPE 7744 "name": "A String", # Name of the information type. Either a name of your choosing when 7745 # creating a CustomInfoType, or one of the names listed 7746 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 7747 # a built-in type. InfoType names should conform to the pattern 7748 # [a-zA-Z0-9_]{1,64}. 7749 }, 7750 }, 7751 "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The 7752 # Bucketing transformation can provide all of this functionality, 7753 # but requires more configuration. This message is provided as a convenience to 7754 # the user for simple bucketing strategies. 7755 # 7756 # The transformed value will be a hyphenated string of 7757 # <lower_bound>-<upper_bound>, i.e if lower_bound = 10 and upper_bound = 20 7758 # all values that are within this bucket will be replaced with "10-20". 7759 # 7760 # This can be used on data of type: double, long. 7761 # 7762 # If the bound Value type differs from the type of data 7763 # being transformed, we will first attempt converting the type of the data to 7764 # be transformed to match the type of the bound before comparing. 7765 # 7766 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 7767 "lowerBound": { # Set of primitive values supported by the system. # Lower bound value of buckets. All values less than `lower_bound` are 7768 # grouped together into a single bucket; for example if `lower_bound` = 10, 7769 # then all values less than 10 are replaced with the value “-10”. [Required]. 7770 # Note that for the purposes of inspection or transformation, the number 7771 # of bytes considered to comprise a 'Value' is based on its representation 7772 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 7773 # 123456789, the number of bytes would be counted as 9, even though an 7774 # int64 only holds up to 8 bytes of data. 7775 "floatValue": 3.14, 7776 "timestampValue": "A String", 7777 "dayOfWeekValue": "A String", 7778 "timeValue": { # Represents a time of day. The date and time zone are either not significant 7779 # or are specified elsewhere. An API may choose to allow leap seconds. Related 7780 # types are google.type.Date and `google.protobuf.Timestamp`. 7781 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 7782 # to allow the value "24:00:00" for scenarios like business closing time. 7783 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 7784 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 7785 # allow the value 60 if it allows leap-seconds. 7786 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 7787 }, 7788 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 7789 # and time zone are either specified elsewhere or are not significant. The date 7790 # is relative to the Proleptic Gregorian Calendar. This can represent: 7791 # 7792 # * A full date, with non-zero year, month and day values 7793 # * A month and day value, with a zero year, e.g. an anniversary 7794 # * A year on its own, with zero month and day values 7795 # * A year and month value, with a zero day, e.g. a credit card expiration date 7796 # 7797 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 7798 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 7799 # a year. 7800 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 7801 # if specifying a year by itself or a year and month where the day is not 7802 # significant. 7803 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 7804 # month and day. 7805 }, 7806 "stringValue": "A String", 7807 "booleanValue": True or False, 7808 "integerValue": "A String", 7809 }, 7810 "upperBound": { # Set of primitive values supported by the system. # Upper bound value of buckets. All values greater than upper_bound are 7811 # grouped together into a single bucket; for example if `upper_bound` = 89, 7812 # then all values greater than 89 are replaced with the value “89+”. 7813 # [Required]. 7814 # Note that for the purposes of inspection or transformation, the number 7815 # of bytes considered to comprise a 'Value' is based on its representation 7816 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 7817 # 123456789, the number of bytes would be counted as 9, even though an 7818 # int64 only holds up to 8 bytes of data. 7819 "floatValue": 3.14, 7820 "timestampValue": "A String", 7821 "dayOfWeekValue": "A String", 7822 "timeValue": { # Represents a time of day. The date and time zone are either not significant 7823 # or are specified elsewhere. An API may choose to allow leap seconds. Related 7824 # types are google.type.Date and `google.protobuf.Timestamp`. 7825 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 7826 # to allow the value "24:00:00" for scenarios like business closing time. 7827 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 7828 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 7829 # allow the value 60 if it allows leap-seconds. 7830 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 7831 }, 7832 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 7833 # and time zone are either specified elsewhere or are not significant. The date 7834 # is relative to the Proleptic Gregorian Calendar. This can represent: 7835 # 7836 # * A full date, with non-zero year, month and day values 7837 # * A month and day value, with a zero year, e.g. an anniversary 7838 # * A year on its own, with zero month and day values 7839 # * A year and month value, with a zero day, e.g. a credit card expiration date 7840 # 7841 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 7842 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 7843 # a year. 7844 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 7845 # if specifying a year by itself or a year and month where the day is not 7846 # significant. 7847 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 7848 # month and day. 7849 }, 7850 "stringValue": "A String", 7851 "booleanValue": True or False, 7852 "integerValue": "A String", 7853 }, 7854 "bucketSize": 3.14, # Size of each bucket (except for minimum and maximum buckets). So if 7855 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the 7856 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 7857 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. [Required]. 7858 }, 7859 "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. 7860 }, 7861 "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a 7862 # portion of the value. 7863 "partToExtract": "A String", 7864 }, 7865 "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. 7866 # Uses SHA-256. 7867 # The key size must be either 32 or 64 bytes. 7868 # Outputs a base64 encoded representation of the hashed output 7869 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). 7870 # Currently, only string and integer values can be hashed. 7871 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more. 7872 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function. 7873 # a key encryption key (KEK) stored by KMS). 7874 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 7875 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 7876 # unwrap the data crypto key. 7877 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 7878 # The wrapped key must be a 128/192/256 bit key. 7879 # Authorization requires the following IAM permissions when sending a request 7880 # to perform a crypto transformation using a kms-wrapped crypto key: 7881 # dlp.kms.encrypt 7882 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 7883 "wrappedKey": "A String", # The wrapped data crypto key. [required] 7884 }, 7885 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 7886 # leaking the key. Choose another type of key if possible. 7887 "key": "A String", # A 128/192/256 bit key. [required] 7888 }, 7889 "transient": { # Use this to have a random data crypto key generated. 7890 # It will be discarded after the request finishes. 7891 "name": "A String", # Name of the key. [required] 7892 # This is an arbitrary string used to differentiate different keys. 7893 # A unique key is generated per name: two separate `TransientCryptoKey` 7894 # protos share the same generated key if their names are the same. 7895 # When the data crypto key is generated, this name is not used in any way 7896 # (repeating the api call will result in a different key being generated). 7897 }, 7898 }, 7899 }, 7900 "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the 7901 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting 7902 # to learn more. 7903 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This 7904 # results in the same shift for the same context and crypto_key. 7905 # a key encryption key (KEK) stored by KMS). 7906 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 7907 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 7908 # unwrap the data crypto key. 7909 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 7910 # The wrapped key must be a 128/192/256 bit key. 7911 # Authorization requires the following IAM permissions when sending a request 7912 # to perform a crypto transformation using a kms-wrapped crypto key: 7913 # dlp.kms.encrypt 7914 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 7915 "wrappedKey": "A String", # The wrapped data crypto key. [required] 7916 }, 7917 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 7918 # leaking the key. Choose another type of key if possible. 7919 "key": "A String", # A 128/192/256 bit key. [required] 7920 }, 7921 "transient": { # Use this to have a random data crypto key generated. 7922 # It will be discarded after the request finishes. 7923 "name": "A String", # Name of the key. [required] 7924 # This is an arbitrary string used to differentiate different keys. 7925 # A unique key is generated per name: two separate `TransientCryptoKey` 7926 # protos share the same generated key if their names are the same. 7927 # When the data crypto key is generated, this name is not used in any way 7928 # (repeating the api call will result in a different key being generated). 7929 }, 7930 }, 7931 "lowerBoundDays": 42, # For example, -5 means shift date to at most 5 days back in the past. 7932 # [Required] 7933 "upperBoundDays": 42, # Range of shift in days. Actual shift will be selected at random within this 7934 # range (inclusive ends). Negative means shift to earlier in time. Must not 7935 # be more than 365250 days (1000 years) each direction. 7936 # 7937 # For example, 3 means shift date to at most 3 days into the future. 7938 # [Required] 7939 "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. 7940 # If set, must also set method. If set, shift will be consistent for the 7941 # given context. 7942 "name": "A String", # Name describing the field. 7943 }, 7944 }, 7945 "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and 7946 # replacement values are dynamically provided by the user for custom behavior, 7947 # such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH 7948 # This can be used on 7949 # data of type: number, long, string, timestamp. 7950 # If the bound `Value` type differs from the type of data being transformed, we 7951 # will first attempt converting the type of the data to be transformed to match 7952 # the type of the bound before comparing. 7953 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 7954 "buckets": [ # Set of buckets. Ranges must be non-overlapping. 7955 { # Bucket is represented as a range, along with replacement values. 7956 "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min. 7957 # Note that for the purposes of inspection or transformation, the number 7958 # of bytes considered to comprise a 'Value' is based on its representation 7959 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 7960 # 123456789, the number of bytes would be counted as 9, even though an 7961 # int64 only holds up to 8 bytes of data. 7962 "floatValue": 3.14, 7963 "timestampValue": "A String", 7964 "dayOfWeekValue": "A String", 7965 "timeValue": { # Represents a time of day. The date and time zone are either not significant 7966 # or are specified elsewhere. An API may choose to allow leap seconds. Related 7967 # types are google.type.Date and `google.protobuf.Timestamp`. 7968 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 7969 # to allow the value "24:00:00" for scenarios like business closing time. 7970 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 7971 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 7972 # allow the value 60 if it allows leap-seconds. 7973 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 7974 }, 7975 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 7976 # and time zone are either specified elsewhere or are not significant. The date 7977 # is relative to the Proleptic Gregorian Calendar. This can represent: 7978 # 7979 # * A full date, with non-zero year, month and day values 7980 # * A month and day value, with a zero year, e.g. an anniversary 7981 # * A year on its own, with zero month and day values 7982 # * A year and month value, with a zero day, e.g. a credit card expiration date 7983 # 7984 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 7985 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 7986 # a year. 7987 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 7988 # if specifying a year by itself or a year and month where the day is not 7989 # significant. 7990 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 7991 # month and day. 7992 }, 7993 "stringValue": "A String", 7994 "booleanValue": True or False, 7995 "integerValue": "A String", 7996 }, 7997 "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided 7998 # the default behavior will be to hyphenate the min-max range. 7999 # Note that for the purposes of inspection or transformation, the number 8000 # of bytes considered to comprise a 'Value' is based on its representation 8001 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 8002 # 123456789, the number of bytes would be counted as 9, even though an 8003 # int64 only holds up to 8 bytes of data. 8004 "floatValue": 3.14, 8005 "timestampValue": "A String", 8006 "dayOfWeekValue": "A String", 8007 "timeValue": { # Represents a time of day. The date and time zone are either not significant 8008 # or are specified elsewhere. An API may choose to allow leap seconds. Related 8009 # types are google.type.Date and `google.protobuf.Timestamp`. 8010 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 8011 # to allow the value "24:00:00" for scenarios like business closing time. 8012 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 8013 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 8014 # allow the value 60 if it allows leap-seconds. 8015 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 8016 }, 8017 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 8018 # and time zone are either specified elsewhere or are not significant. The date 8019 # is relative to the Proleptic Gregorian Calendar. This can represent: 8020 # 8021 # * A full date, with non-zero year, month and day values 8022 # * A month and day value, with a zero year, e.g. an anniversary 8023 # * A year on its own, with zero month and day values 8024 # * A year and month value, with a zero day, e.g. a credit card expiration date 8025 # 8026 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 8027 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 8028 # a year. 8029 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 8030 # if specifying a year by itself or a year and month where the day is not 8031 # significant. 8032 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 8033 # month and day. 8034 }, 8035 "stringValue": "A String", 8036 "booleanValue": True or False, 8037 "integerValue": "A String", 8038 }, 8039 "min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if 8040 # used. 8041 # Note that for the purposes of inspection or transformation, the number 8042 # of bytes considered to comprise a 'Value' is based on its representation 8043 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 8044 # 123456789, the number of bytes would be counted as 9, even though an 8045 # int64 only holds up to 8 bytes of data. 8046 "floatValue": 3.14, 8047 "timestampValue": "A String", 8048 "dayOfWeekValue": "A String", 8049 "timeValue": { # Represents a time of day. The date and time zone are either not significant 8050 # or are specified elsewhere. An API may choose to allow leap seconds. Related 8051 # types are google.type.Date and `google.protobuf.Timestamp`. 8052 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 8053 # to allow the value "24:00:00" for scenarios like business closing time. 8054 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 8055 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 8056 # allow the value 60 if it allows leap-seconds. 8057 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 8058 }, 8059 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 8060 # and time zone are either specified elsewhere or are not significant. The date 8061 # is relative to the Proleptic Gregorian Calendar. This can represent: 8062 # 8063 # * A full date, with non-zero year, month and day values 8064 # * A month and day value, with a zero year, e.g. an anniversary 8065 # * A year on its own, with zero month and day values 8066 # * A year and month value, with a zero day, e.g. a credit card expiration date 8067 # 8068 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 8069 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 8070 # a year. 8071 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 8072 # if specifying a year by itself or a year and month where the day is not 8073 # significant. 8074 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 8075 # month and day. 8076 }, 8077 "stringValue": "A String", 8078 "booleanValue": True or False, 8079 "integerValue": "A String", 8080 }, 8081 }, 8082 ], 8083 }, 8084 "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption 8085 # (FPE) with the FFX mode of operation; however when used in the 8086 # `ReidentifyContent` API method, it serves the opposite function by reversing 8087 # the surrogate back into the original identifier. The identifier must be 8088 # encoded as ASCII. For a given crypto key and context, the same identifier 8089 # will be replaced with the same surrogate. Identifiers must be at least two 8090 # characters long. In the case that the identifier is the empty string, it will 8091 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn 8092 # more. 8093 # 8094 # Note: We recommend using CryptoDeterministicConfig for all use cases which 8095 # do not require preserving the input alphabet space and size, plus warrant 8096 # referential integrity. 8097 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption algorithm. [required] 8098 # a key encryption key (KEK) stored by KMS). 8099 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 8100 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 8101 # unwrap the data crypto key. 8102 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 8103 # The wrapped key must be a 128/192/256 bit key. 8104 # Authorization requires the following IAM permissions when sending a request 8105 # to perform a crypto transformation using a kms-wrapped crypto key: 8106 # dlp.kms.encrypt 8107 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 8108 "wrappedKey": "A String", # The wrapped data crypto key. [required] 8109 }, 8110 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 8111 # leaking the key. Choose another type of key if possible. 8112 "key": "A String", # A 128/192/256 bit key. [required] 8113 }, 8114 "transient": { # Use this to have a random data crypto key generated. 8115 # It will be discarded after the request finishes. 8116 "name": "A String", # Name of the key. [required] 8117 # This is an arbitrary string used to differentiate different keys. 8118 # A unique key is generated per name: two separate `TransientCryptoKey` 8119 # protos share the same generated key if their names are the same. 8120 # When the data crypto key is generated, this name is not used in any way 8121 # (repeating the api call will result in a different key being generated). 8122 }, 8123 }, 8124 "radix": 42, # The native way to select the alphabet. Must be in the range [2, 62]. 8125 "commonAlphabet": "A String", 8126 "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters 8127 # that the FFX mode natively supports. This happens before/after 8128 # encryption/decryption. 8129 # Each character listed must appear only once. 8130 # Number of characters must be in the range [2, 62]. 8131 # This must be encoded as ASCII. 8132 # The order of characters does not matter. 8133 "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same 8134 # identifier in two different contexts won't be given the same surrogate. If 8135 # the context is not set, a default tweak will be used. 8136 # 8137 # If the context is set but: 8138 # 8139 # 1. there is no record present when transforming a given value or 8140 # 1. the field is not present when transforming a given value, 8141 # 8142 # a default tweak will be used. 8143 # 8144 # Note that case (1) is expected when an `InfoTypeTransformation` is 8145 # applied to both structured and non-structured `ContentItem`s. 8146 # Currently, the referenced field may be of value type integer or string. 8147 # 8148 # The tweak is constructed as a sequence of bytes in big endian byte order 8149 # such that: 8150 # 8151 # - a 64 bit integer is encoded followed by a single byte of value 1 8152 # - a string is encoded in UTF-8 format followed by a single byte of value 2 8153 "name": "A String", # Name describing the field. 8154 }, 8155 "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. 8156 # This annotation will be applied to the surrogate by prefixing it with 8157 # the name of the custom infoType followed by the number of 8158 # characters comprising the surrogate. The following scheme defines the 8159 # format: info_type_name(surrogate_character_count):surrogate 8160 # 8161 # For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and 8162 # the surrogate is 'abc', the full replacement value 8163 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 8164 # 8165 # This annotation identifies the surrogate when inspecting content using the 8166 # custom infoType 8167 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). 8168 # This facilitates reversal of the surrogate when it occurs in free text. 8169 # 8170 # In order for inspection to work properly, the name of this infoType must 8171 # not occur naturally anywhere in your data; otherwise, inspection may 8172 # find a surrogate that does not correspond to an actual identifier. 8173 # Therefore, choose your custom infoType name carefully after considering 8174 # what your data looks like. One way to select a name that has a high chance 8175 # of yielding reliable detection is to include one or more unicode characters 8176 # that are highly improbable to exist in your data. 8177 # For example, assuming your data is entered from a regular ASCII keyboard, 8178 # the symbol with the hex code point 29DD might be used like so: 8179 # ⧝MY_TOKEN_TYPE 8180 "name": "A String", # Name of the information type. Either a name of your choosing when 8181 # creating a CustomInfoType, or one of the names listed 8182 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 8183 # a built-in type. InfoType names should conform to the pattern 8184 # [a-zA-Z0-9_]{1,64}. 8185 }, 8186 }, 8187 "replaceConfig": { # Replace each input value with a given `Value`. 8188 "newValue": { # Set of primitive values supported by the system. # Value to replace it with. 8189 # Note that for the purposes of inspection or transformation, the number 8190 # of bytes considered to comprise a 'Value' is based on its representation 8191 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 8192 # 123456789, the number of bytes would be counted as 9, even though an 8193 # int64 only holds up to 8 bytes of data. 8194 "floatValue": 3.14, 8195 "timestampValue": "A String", 8196 "dayOfWeekValue": "A String", 8197 "timeValue": { # Represents a time of day. The date and time zone are either not significant 8198 # or are specified elsewhere. An API may choose to allow leap seconds. Related 8199 # types are google.type.Date and `google.protobuf.Timestamp`. 8200 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 8201 # to allow the value "24:00:00" for scenarios like business closing time. 8202 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 8203 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 8204 # allow the value 60 if it allows leap-seconds. 8205 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 8206 }, 8207 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 8208 # and time zone are either specified elsewhere or are not significant. The date 8209 # is relative to the Proleptic Gregorian Calendar. This can represent: 8210 # 8211 # * A full date, with non-zero year, month and day values 8212 # * A month and day value, with a zero year, e.g. an anniversary 8213 # * A year on its own, with zero month and day values 8214 # * A year and month value, with a zero day, e.g. a credit card expiration date 8215 # 8216 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 8217 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 8218 # a year. 8219 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 8220 # if specifying a year by itself or a year and month where the day is not 8221 # significant. 8222 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 8223 # month and day. 8224 }, 8225 "stringValue": "A String", 8226 "booleanValue": True or False, 8227 "integerValue": "A String", 8228 }, 8229 }, 8230 }, 8231 "condition": { # A condition for determining whether a transformation should be applied to # Only apply the transformation if the condition evaluates to true for the 8232 # given `RecordCondition`. The conditions are allowed to reference fields 8233 # that are not used in the actual transformation. [optional] 8234 # 8235 # Example Use Cases: 8236 # 8237 # - Apply a different bucket transformation to an age column if the zip code 8238 # column for the same record is within a specific range. 8239 # - Redact a field if the date of birth field is greater than 85. 8240 # a field. 8241 "expressions": { # An expression, consisting or an operator and conditions. # An expression. 8242 "conditions": { # A collection of conditions. 8243 "conditions": [ 8244 { # The field type of `value` and `field` do not need to match to be 8245 # considered equal, but not all comparisons are possible. 8246 # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, 8247 # but all other comparisons are invalid with incompatible types. 8248 # A `value` of type: 8249 # 8250 # - `string` can be compared against all other types 8251 # - `boolean` can only be compared against other booleans 8252 # - `integer` can be compared against doubles or a string if the string value 8253 # can be parsed as an integer. 8254 # - `double` can be compared against integers or a string if the string can 8255 # be parsed as a double. 8256 # - `Timestamp` can be compared against strings in RFC 3339 date string 8257 # format. 8258 # - `TimeOfDay` can be compared against timestamps and strings in the format 8259 # of 'HH:mm:ss'. 8260 # 8261 # If we fail to compare do to type mismatch, a warning will be given and 8262 # the condition will evaluate to false. 8263 "operator": "A String", # Operator used to compare the field or infoType to the value. [required] 8264 "field": { # General identifier of a data field in a storage service. # Field within the record this condition is evaluated against. [required] 8265 "name": "A String", # Name describing the field. 8266 }, 8267 "value": { # Set of primitive values supported by the system. # Value to compare against. [Required, except for `EXISTS` tests.] 8268 # Note that for the purposes of inspection or transformation, the number 8269 # of bytes considered to comprise a 'Value' is based on its representation 8270 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 8271 # 123456789, the number of bytes would be counted as 9, even though an 8272 # int64 only holds up to 8 bytes of data. 8273 "floatValue": 3.14, 8274 "timestampValue": "A String", 8275 "dayOfWeekValue": "A String", 8276 "timeValue": { # Represents a time of day. The date and time zone are either not significant 8277 # or are specified elsewhere. An API may choose to allow leap seconds. Related 8278 # types are google.type.Date and `google.protobuf.Timestamp`. 8279 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 8280 # to allow the value "24:00:00" for scenarios like business closing time. 8281 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 8282 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 8283 # allow the value 60 if it allows leap-seconds. 8284 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 8285 }, 8286 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 8287 # and time zone are either specified elsewhere or are not significant. The date 8288 # is relative to the Proleptic Gregorian Calendar. This can represent: 8289 # 8290 # * A full date, with non-zero year, month and day values 8291 # * A month and day value, with a zero year, e.g. an anniversary 8292 # * A year on its own, with zero month and day values 8293 # * A year and month value, with a zero day, e.g. a credit card expiration date 8294 # 8295 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 8296 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 8297 # a year. 8298 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 8299 # if specifying a year by itself or a year and month where the day is not 8300 # significant. 8301 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 8302 # month and day. 8303 }, 8304 "stringValue": "A String", 8305 "booleanValue": True or False, 8306 "integerValue": "A String", 8307 }, 8308 }, 8309 ], 8310 }, 8311 "logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently 8312 # only supported value is `AND`. 8313 }, 8314 }, 8315 "fields": [ # Input field(s) to apply the transformation to. [required] 8316 { # General identifier of a data field in a storage service. 8317 "name": "A String", # Name describing the field. 8318 }, 8319 ], 8320 }, 8321 ], 8322 }, 8323 }, 8324 "createTime": "A String", # The creation timestamp of a inspectTemplate, output only field. 8325 "name": "A String", # The template name. Output only. 8326 # 8327 # The template will have one of the following formats: 8328 # `projects/PROJECT_ID/deidentifyTemplates/TEMPLATE_ID` OR 8329 # `organizations/ORGANIZATION_ID/deidentifyTemplates/TEMPLATE_ID` 8330 }, 8331 ], 8332 }</pre> 8333</div> 8334 8335<div class="method"> 8336 <code class="details" id="list_next">list_next(previous_request, previous_response)</code> 8337 <pre>Retrieves the next page of results. 8338 8339Args: 8340 previous_request: The request for the previous page. (required) 8341 previous_response: The response from the request for the previous page. (required) 8342 8343Returns: 8344 A request object that you can call 'execute()' on to request the next 8345 page. Returns None if there are no more items in the collection. 8346 </pre> 8347</div> 8348 8349<div class="method"> 8350 <code class="details" id="patch">patch(name, body, x__xgafv=None)</code> 8351 <pre>Updates the DeidentifyTemplate. 8352See https://cloud.google.com/dlp/docs/creating-templates-deid to learn 8353more. 8354 8355Args: 8356 name: string, Resource name of organization and deidentify template to be updated, for 8357example `organizations/433245324/deidentifyTemplates/432452342` or 8358projects/project-id/deidentifyTemplates/432452342. (required) 8359 body: object, The request body. (required) 8360 The object takes the form of: 8361 8362{ # Request message for UpdateDeidentifyTemplate. 8363 "deidentifyTemplate": { # The DeidentifyTemplates contains instructions on how to deidentify content. # New DeidentifyTemplate value. 8364 # See https://cloud.google.com/dlp/docs/concepts-templates to learn more. 8365 "updateTime": "A String", # The last update timestamp of a inspectTemplate, output only field. 8366 "displayName": "A String", # Display name (max 256 chars). 8367 "description": "A String", # Short description (max 256 chars). 8368 "deidentifyConfig": { # The configuration that controls how the data will change. # ///////////// // The core content of the template // /////////////// 8369 "infoTypeTransformations": { # A type of transformation that will scan unstructured text and # Treat the dataset as free-form text and apply the same free text 8370 # transformation everywhere. 8371 # apply various `PrimitiveTransformation`s to each finding, where the 8372 # transformation is applied to only values that were identified as a specific 8373 # info_type. 8374 "transformations": [ # Transformation for each infoType. Cannot specify more than one 8375 # for a given infoType. [required] 8376 { # A transformation to apply to text that is identified as a specific 8377 # info_type. 8378 "primitiveTransformation": { # A rule for transforming a value. # Primitive transformation to apply to the infoType. [required] 8379 "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a 8380 # fixed character. Masking can start from the beginning or end of the string. 8381 # This can be used on data of any type (numbers, longs, and so on) and when 8382 # de-identifying structured data we'll attempt to preserve the original data's 8383 # type. (This allows you to take a long like 123 and modify it to a string like 8384 # **3. 8385 "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing. 8386 # For example, if your string is 555-555-5555 and you ask us to skip `-` and 8387 # mask 5 chars with * we would produce ***-*55-5555. 8388 { # Characters to skip when doing deidentification of a value. These will be left 8389 # alone and skipped. 8390 "commonCharactersToIgnore": "A String", 8391 "charactersToSkip": "A String", 8392 }, 8393 ], 8394 "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be 8395 # masked. Skipped characters do not count towards this tally. 8396 "maskingCharacter": "A String", # Character to mask the sensitive values—for example, "*" for an 8397 # alphabetic string such as name, or "0" for a numeric string such as ZIP 8398 # code or credit card number. String must have length 1. If not supplied, we 8399 # will default to "*" for strings, 0 for digits. 8400 "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is 8401 # '0', number_to_mask is 14, and `reverse_order` is false, then 8402 # 1234-5678-9012-3456 -> 00000000000000-3456 8403 # If `masking_character` is '*', `number_to_mask` is 3, and `reverse_order` 8404 # is true, then 12345 -> 12*** 8405 }, 8406 "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` 8407 # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the 8408 # output would be 'My phone number is '. 8409 }, 8410 "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given 8411 # input. Outputs a base64 encoded representation of the encrypted output. 8412 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. 8413 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function. 8414 # a key encryption key (KEK) stored by KMS). 8415 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 8416 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 8417 # unwrap the data crypto key. 8418 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 8419 # The wrapped key must be a 128/192/256 bit key. 8420 # Authorization requires the following IAM permissions when sending a request 8421 # to perform a crypto transformation using a kms-wrapped crypto key: 8422 # dlp.kms.encrypt 8423 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 8424 "wrappedKey": "A String", # The wrapped data crypto key. [required] 8425 }, 8426 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 8427 # leaking the key. Choose another type of key if possible. 8428 "key": "A String", # A 128/192/256 bit key. [required] 8429 }, 8430 "transient": { # Use this to have a random data crypto key generated. 8431 # It will be discarded after the request finishes. 8432 "name": "A String", # Name of the key. [required] 8433 # This is an arbitrary string used to differentiate different keys. 8434 # A unique key is generated per name: two separate `TransientCryptoKey` 8435 # protos share the same generated key if their names are the same. 8436 # When the data crypto key is generated, this name is not used in any way 8437 # (repeating the api call will result in a different key being generated). 8438 }, 8439 }, 8440 "context": { # General identifier of a data field in a storage service. # Optional. A context may be used for higher security and maintaining 8441 # referential integrity such that the same identifier in two different 8442 # contexts will be given a distinct surrogate. The context is appended to 8443 # plaintext value being encrypted. On decryption the provided context is 8444 # validated against the value used during encryption. If a context was 8445 # provided during encryption, same context must be provided during decryption 8446 # as well. 8447 # 8448 # If the context is not set, plaintext would be used as is for encryption. 8449 # If the context is set but: 8450 # 8451 # 1. there is no record present when transforming a given value or 8452 # 2. the field is not present when transforming a given value, 8453 # 8454 # plaintext would be used as is for encryption. 8455 # 8456 # Note that case (1) is expected when an `InfoTypeTransformation` is 8457 # applied to both structured and non-structured `ContentItem`s. 8458 "name": "A String", # Name describing the field. 8459 }, 8460 "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. 8461 # This annotation will be applied to the surrogate by prefixing it with 8462 # the name of the custom info type followed by the number of 8463 # characters comprising the surrogate. The following scheme defines the 8464 # format: <info type name>(<surrogate character count>):<surrogate> 8465 # 8466 # For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and 8467 # the surrogate is 'abc', the full replacement value 8468 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 8469 # 8470 # This annotation identifies the surrogate when inspecting content using the 8471 # custom info type 'Surrogate'. This facilitates reversal of the 8472 # surrogate when it occurs in free text. 8473 # 8474 # In order for inspection to work properly, the name of this info type must 8475 # not occur naturally anywhere in your data; otherwise, inspection may either 8476 # 8477 # - reverse a surrogate that does not correspond to an actual identifier 8478 # - be unable to parse the surrogate and result in an error 8479 # 8480 # Therefore, choose your custom info type name carefully after considering 8481 # what your data looks like. One way to select a name that has a high chance 8482 # of yielding reliable detection is to include one or more unicode characters 8483 # that are highly improbable to exist in your data. 8484 # For example, assuming your data is entered from a regular ASCII keyboard, 8485 # the symbol with the hex code point 29DD might be used like so: 8486 # ⧝MY_TOKEN_TYPE 8487 "name": "A String", # Name of the information type. Either a name of your choosing when 8488 # creating a CustomInfoType, or one of the names listed 8489 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 8490 # a built-in type. InfoType names should conform to the pattern 8491 # [a-zA-Z0-9_]{1,64}. 8492 }, 8493 }, 8494 "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The 8495 # Bucketing transformation can provide all of this functionality, 8496 # but requires more configuration. This message is provided as a convenience to 8497 # the user for simple bucketing strategies. 8498 # 8499 # The transformed value will be a hyphenated string of 8500 # <lower_bound>-<upper_bound>, i.e if lower_bound = 10 and upper_bound = 20 8501 # all values that are within this bucket will be replaced with "10-20". 8502 # 8503 # This can be used on data of type: double, long. 8504 # 8505 # If the bound Value type differs from the type of data 8506 # being transformed, we will first attempt converting the type of the data to 8507 # be transformed to match the type of the bound before comparing. 8508 # 8509 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 8510 "lowerBound": { # Set of primitive values supported by the system. # Lower bound value of buckets. All values less than `lower_bound` are 8511 # grouped together into a single bucket; for example if `lower_bound` = 10, 8512 # then all values less than 10 are replaced with the value “-10”. [Required]. 8513 # Note that for the purposes of inspection or transformation, the number 8514 # of bytes considered to comprise a 'Value' is based on its representation 8515 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 8516 # 123456789, the number of bytes would be counted as 9, even though an 8517 # int64 only holds up to 8 bytes of data. 8518 "floatValue": 3.14, 8519 "timestampValue": "A String", 8520 "dayOfWeekValue": "A String", 8521 "timeValue": { # Represents a time of day. The date and time zone are either not significant 8522 # or are specified elsewhere. An API may choose to allow leap seconds. Related 8523 # types are google.type.Date and `google.protobuf.Timestamp`. 8524 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 8525 # to allow the value "24:00:00" for scenarios like business closing time. 8526 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 8527 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 8528 # allow the value 60 if it allows leap-seconds. 8529 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 8530 }, 8531 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 8532 # and time zone are either specified elsewhere or are not significant. The date 8533 # is relative to the Proleptic Gregorian Calendar. This can represent: 8534 # 8535 # * A full date, with non-zero year, month and day values 8536 # * A month and day value, with a zero year, e.g. an anniversary 8537 # * A year on its own, with zero month and day values 8538 # * A year and month value, with a zero day, e.g. a credit card expiration date 8539 # 8540 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 8541 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 8542 # a year. 8543 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 8544 # if specifying a year by itself or a year and month where the day is not 8545 # significant. 8546 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 8547 # month and day. 8548 }, 8549 "stringValue": "A String", 8550 "booleanValue": True or False, 8551 "integerValue": "A String", 8552 }, 8553 "upperBound": { # Set of primitive values supported by the system. # Upper bound value of buckets. All values greater than upper_bound are 8554 # grouped together into a single bucket; for example if `upper_bound` = 89, 8555 # then all values greater than 89 are replaced with the value “89+”. 8556 # [Required]. 8557 # Note that for the purposes of inspection or transformation, the number 8558 # of bytes considered to comprise a 'Value' is based on its representation 8559 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 8560 # 123456789, the number of bytes would be counted as 9, even though an 8561 # int64 only holds up to 8 bytes of data. 8562 "floatValue": 3.14, 8563 "timestampValue": "A String", 8564 "dayOfWeekValue": "A String", 8565 "timeValue": { # Represents a time of day. The date and time zone are either not significant 8566 # or are specified elsewhere. An API may choose to allow leap seconds. Related 8567 # types are google.type.Date and `google.protobuf.Timestamp`. 8568 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 8569 # to allow the value "24:00:00" for scenarios like business closing time. 8570 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 8571 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 8572 # allow the value 60 if it allows leap-seconds. 8573 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 8574 }, 8575 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 8576 # and time zone are either specified elsewhere or are not significant. The date 8577 # is relative to the Proleptic Gregorian Calendar. This can represent: 8578 # 8579 # * A full date, with non-zero year, month and day values 8580 # * A month and day value, with a zero year, e.g. an anniversary 8581 # * A year on its own, with zero month and day values 8582 # * A year and month value, with a zero day, e.g. a credit card expiration date 8583 # 8584 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 8585 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 8586 # a year. 8587 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 8588 # if specifying a year by itself or a year and month where the day is not 8589 # significant. 8590 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 8591 # month and day. 8592 }, 8593 "stringValue": "A String", 8594 "booleanValue": True or False, 8595 "integerValue": "A String", 8596 }, 8597 "bucketSize": 3.14, # Size of each bucket (except for minimum and maximum buckets). So if 8598 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the 8599 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 8600 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. [Required]. 8601 }, 8602 "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. 8603 }, 8604 "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a 8605 # portion of the value. 8606 "partToExtract": "A String", 8607 }, 8608 "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. 8609 # Uses SHA-256. 8610 # The key size must be either 32 or 64 bytes. 8611 # Outputs a base64 encoded representation of the hashed output 8612 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). 8613 # Currently, only string and integer values can be hashed. 8614 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more. 8615 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function. 8616 # a key encryption key (KEK) stored by KMS). 8617 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 8618 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 8619 # unwrap the data crypto key. 8620 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 8621 # The wrapped key must be a 128/192/256 bit key. 8622 # Authorization requires the following IAM permissions when sending a request 8623 # to perform a crypto transformation using a kms-wrapped crypto key: 8624 # dlp.kms.encrypt 8625 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 8626 "wrappedKey": "A String", # The wrapped data crypto key. [required] 8627 }, 8628 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 8629 # leaking the key. Choose another type of key if possible. 8630 "key": "A String", # A 128/192/256 bit key. [required] 8631 }, 8632 "transient": { # Use this to have a random data crypto key generated. 8633 # It will be discarded after the request finishes. 8634 "name": "A String", # Name of the key. [required] 8635 # This is an arbitrary string used to differentiate different keys. 8636 # A unique key is generated per name: two separate `TransientCryptoKey` 8637 # protos share the same generated key if their names are the same. 8638 # When the data crypto key is generated, this name is not used in any way 8639 # (repeating the api call will result in a different key being generated). 8640 }, 8641 }, 8642 }, 8643 "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the 8644 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting 8645 # to learn more. 8646 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This 8647 # results in the same shift for the same context and crypto_key. 8648 # a key encryption key (KEK) stored by KMS). 8649 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 8650 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 8651 # unwrap the data crypto key. 8652 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 8653 # The wrapped key must be a 128/192/256 bit key. 8654 # Authorization requires the following IAM permissions when sending a request 8655 # to perform a crypto transformation using a kms-wrapped crypto key: 8656 # dlp.kms.encrypt 8657 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 8658 "wrappedKey": "A String", # The wrapped data crypto key. [required] 8659 }, 8660 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 8661 # leaking the key. Choose another type of key if possible. 8662 "key": "A String", # A 128/192/256 bit key. [required] 8663 }, 8664 "transient": { # Use this to have a random data crypto key generated. 8665 # It will be discarded after the request finishes. 8666 "name": "A String", # Name of the key. [required] 8667 # This is an arbitrary string used to differentiate different keys. 8668 # A unique key is generated per name: two separate `TransientCryptoKey` 8669 # protos share the same generated key if their names are the same. 8670 # When the data crypto key is generated, this name is not used in any way 8671 # (repeating the api call will result in a different key being generated). 8672 }, 8673 }, 8674 "lowerBoundDays": 42, # For example, -5 means shift date to at most 5 days back in the past. 8675 # [Required] 8676 "upperBoundDays": 42, # Range of shift in days. Actual shift will be selected at random within this 8677 # range (inclusive ends). Negative means shift to earlier in time. Must not 8678 # be more than 365250 days (1000 years) each direction. 8679 # 8680 # For example, 3 means shift date to at most 3 days into the future. 8681 # [Required] 8682 "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. 8683 # If set, must also set method. If set, shift will be consistent for the 8684 # given context. 8685 "name": "A String", # Name describing the field. 8686 }, 8687 }, 8688 "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and 8689 # replacement values are dynamically provided by the user for custom behavior, 8690 # such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH 8691 # This can be used on 8692 # data of type: number, long, string, timestamp. 8693 # If the bound `Value` type differs from the type of data being transformed, we 8694 # will first attempt converting the type of the data to be transformed to match 8695 # the type of the bound before comparing. 8696 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 8697 "buckets": [ # Set of buckets. Ranges must be non-overlapping. 8698 { # Bucket is represented as a range, along with replacement values. 8699 "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min. 8700 # Note that for the purposes of inspection or transformation, the number 8701 # of bytes considered to comprise a 'Value' is based on its representation 8702 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 8703 # 123456789, the number of bytes would be counted as 9, even though an 8704 # int64 only holds up to 8 bytes of data. 8705 "floatValue": 3.14, 8706 "timestampValue": "A String", 8707 "dayOfWeekValue": "A String", 8708 "timeValue": { # Represents a time of day. The date and time zone are either not significant 8709 # or are specified elsewhere. An API may choose to allow leap seconds. Related 8710 # types are google.type.Date and `google.protobuf.Timestamp`. 8711 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 8712 # to allow the value "24:00:00" for scenarios like business closing time. 8713 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 8714 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 8715 # allow the value 60 if it allows leap-seconds. 8716 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 8717 }, 8718 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 8719 # and time zone are either specified elsewhere or are not significant. The date 8720 # is relative to the Proleptic Gregorian Calendar. This can represent: 8721 # 8722 # * A full date, with non-zero year, month and day values 8723 # * A month and day value, with a zero year, e.g. an anniversary 8724 # * A year on its own, with zero month and day values 8725 # * A year and month value, with a zero day, e.g. a credit card expiration date 8726 # 8727 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 8728 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 8729 # a year. 8730 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 8731 # if specifying a year by itself or a year and month where the day is not 8732 # significant. 8733 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 8734 # month and day. 8735 }, 8736 "stringValue": "A String", 8737 "booleanValue": True or False, 8738 "integerValue": "A String", 8739 }, 8740 "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided 8741 # the default behavior will be to hyphenate the min-max range. 8742 # Note that for the purposes of inspection or transformation, the number 8743 # of bytes considered to comprise a 'Value' is based on its representation 8744 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 8745 # 123456789, the number of bytes would be counted as 9, even though an 8746 # int64 only holds up to 8 bytes of data. 8747 "floatValue": 3.14, 8748 "timestampValue": "A String", 8749 "dayOfWeekValue": "A String", 8750 "timeValue": { # Represents a time of day. The date and time zone are either not significant 8751 # or are specified elsewhere. An API may choose to allow leap seconds. Related 8752 # types are google.type.Date and `google.protobuf.Timestamp`. 8753 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 8754 # to allow the value "24:00:00" for scenarios like business closing time. 8755 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 8756 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 8757 # allow the value 60 if it allows leap-seconds. 8758 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 8759 }, 8760 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 8761 # and time zone are either specified elsewhere or are not significant. The date 8762 # is relative to the Proleptic Gregorian Calendar. This can represent: 8763 # 8764 # * A full date, with non-zero year, month and day values 8765 # * A month and day value, with a zero year, e.g. an anniversary 8766 # * A year on its own, with zero month and day values 8767 # * A year and month value, with a zero day, e.g. a credit card expiration date 8768 # 8769 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 8770 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 8771 # a year. 8772 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 8773 # if specifying a year by itself or a year and month where the day is not 8774 # significant. 8775 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 8776 # month and day. 8777 }, 8778 "stringValue": "A String", 8779 "booleanValue": True or False, 8780 "integerValue": "A String", 8781 }, 8782 "min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if 8783 # used. 8784 # Note that for the purposes of inspection or transformation, the number 8785 # of bytes considered to comprise a 'Value' is based on its representation 8786 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 8787 # 123456789, the number of bytes would be counted as 9, even though an 8788 # int64 only holds up to 8 bytes of data. 8789 "floatValue": 3.14, 8790 "timestampValue": "A String", 8791 "dayOfWeekValue": "A String", 8792 "timeValue": { # Represents a time of day. The date and time zone are either not significant 8793 # or are specified elsewhere. An API may choose to allow leap seconds. Related 8794 # types are google.type.Date and `google.protobuf.Timestamp`. 8795 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 8796 # to allow the value "24:00:00" for scenarios like business closing time. 8797 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 8798 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 8799 # allow the value 60 if it allows leap-seconds. 8800 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 8801 }, 8802 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 8803 # and time zone are either specified elsewhere or are not significant. The date 8804 # is relative to the Proleptic Gregorian Calendar. This can represent: 8805 # 8806 # * A full date, with non-zero year, month and day values 8807 # * A month and day value, with a zero year, e.g. an anniversary 8808 # * A year on its own, with zero month and day values 8809 # * A year and month value, with a zero day, e.g. a credit card expiration date 8810 # 8811 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 8812 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 8813 # a year. 8814 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 8815 # if specifying a year by itself or a year and month where the day is not 8816 # significant. 8817 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 8818 # month and day. 8819 }, 8820 "stringValue": "A String", 8821 "booleanValue": True or False, 8822 "integerValue": "A String", 8823 }, 8824 }, 8825 ], 8826 }, 8827 "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption 8828 # (FPE) with the FFX mode of operation; however when used in the 8829 # `ReidentifyContent` API method, it serves the opposite function by reversing 8830 # the surrogate back into the original identifier. The identifier must be 8831 # encoded as ASCII. For a given crypto key and context, the same identifier 8832 # will be replaced with the same surrogate. Identifiers must be at least two 8833 # characters long. In the case that the identifier is the empty string, it will 8834 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn 8835 # more. 8836 # 8837 # Note: We recommend using CryptoDeterministicConfig for all use cases which 8838 # do not require preserving the input alphabet space and size, plus warrant 8839 # referential integrity. 8840 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption algorithm. [required] 8841 # a key encryption key (KEK) stored by KMS). 8842 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 8843 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 8844 # unwrap the data crypto key. 8845 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 8846 # The wrapped key must be a 128/192/256 bit key. 8847 # Authorization requires the following IAM permissions when sending a request 8848 # to perform a crypto transformation using a kms-wrapped crypto key: 8849 # dlp.kms.encrypt 8850 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 8851 "wrappedKey": "A String", # The wrapped data crypto key. [required] 8852 }, 8853 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 8854 # leaking the key. Choose another type of key if possible. 8855 "key": "A String", # A 128/192/256 bit key. [required] 8856 }, 8857 "transient": { # Use this to have a random data crypto key generated. 8858 # It will be discarded after the request finishes. 8859 "name": "A String", # Name of the key. [required] 8860 # This is an arbitrary string used to differentiate different keys. 8861 # A unique key is generated per name: two separate `TransientCryptoKey` 8862 # protos share the same generated key if their names are the same. 8863 # When the data crypto key is generated, this name is not used in any way 8864 # (repeating the api call will result in a different key being generated). 8865 }, 8866 }, 8867 "radix": 42, # The native way to select the alphabet. Must be in the range [2, 62]. 8868 "commonAlphabet": "A String", 8869 "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters 8870 # that the FFX mode natively supports. This happens before/after 8871 # encryption/decryption. 8872 # Each character listed must appear only once. 8873 # Number of characters must be in the range [2, 62]. 8874 # This must be encoded as ASCII. 8875 # The order of characters does not matter. 8876 "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same 8877 # identifier in two different contexts won't be given the same surrogate. If 8878 # the context is not set, a default tweak will be used. 8879 # 8880 # If the context is set but: 8881 # 8882 # 1. there is no record present when transforming a given value or 8883 # 1. the field is not present when transforming a given value, 8884 # 8885 # a default tweak will be used. 8886 # 8887 # Note that case (1) is expected when an `InfoTypeTransformation` is 8888 # applied to both structured and non-structured `ContentItem`s. 8889 # Currently, the referenced field may be of value type integer or string. 8890 # 8891 # The tweak is constructed as a sequence of bytes in big endian byte order 8892 # such that: 8893 # 8894 # - a 64 bit integer is encoded followed by a single byte of value 1 8895 # - a string is encoded in UTF-8 format followed by a single byte of value 2 8896 "name": "A String", # Name describing the field. 8897 }, 8898 "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. 8899 # This annotation will be applied to the surrogate by prefixing it with 8900 # the name of the custom infoType followed by the number of 8901 # characters comprising the surrogate. The following scheme defines the 8902 # format: info_type_name(surrogate_character_count):surrogate 8903 # 8904 # For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and 8905 # the surrogate is 'abc', the full replacement value 8906 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 8907 # 8908 # This annotation identifies the surrogate when inspecting content using the 8909 # custom infoType 8910 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). 8911 # This facilitates reversal of the surrogate when it occurs in free text. 8912 # 8913 # In order for inspection to work properly, the name of this infoType must 8914 # not occur naturally anywhere in your data; otherwise, inspection may 8915 # find a surrogate that does not correspond to an actual identifier. 8916 # Therefore, choose your custom infoType name carefully after considering 8917 # what your data looks like. One way to select a name that has a high chance 8918 # of yielding reliable detection is to include one or more unicode characters 8919 # that are highly improbable to exist in your data. 8920 # For example, assuming your data is entered from a regular ASCII keyboard, 8921 # the symbol with the hex code point 29DD might be used like so: 8922 # ⧝MY_TOKEN_TYPE 8923 "name": "A String", # Name of the information type. Either a name of your choosing when 8924 # creating a CustomInfoType, or one of the names listed 8925 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 8926 # a built-in type. InfoType names should conform to the pattern 8927 # [a-zA-Z0-9_]{1,64}. 8928 }, 8929 }, 8930 "replaceConfig": { # Replace each input value with a given `Value`. 8931 "newValue": { # Set of primitive values supported by the system. # Value to replace it with. 8932 # Note that for the purposes of inspection or transformation, the number 8933 # of bytes considered to comprise a 'Value' is based on its representation 8934 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 8935 # 123456789, the number of bytes would be counted as 9, even though an 8936 # int64 only holds up to 8 bytes of data. 8937 "floatValue": 3.14, 8938 "timestampValue": "A String", 8939 "dayOfWeekValue": "A String", 8940 "timeValue": { # Represents a time of day. The date and time zone are either not significant 8941 # or are specified elsewhere. An API may choose to allow leap seconds. Related 8942 # types are google.type.Date and `google.protobuf.Timestamp`. 8943 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 8944 # to allow the value "24:00:00" for scenarios like business closing time. 8945 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 8946 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 8947 # allow the value 60 if it allows leap-seconds. 8948 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 8949 }, 8950 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 8951 # and time zone are either specified elsewhere or are not significant. The date 8952 # is relative to the Proleptic Gregorian Calendar. This can represent: 8953 # 8954 # * A full date, with non-zero year, month and day values 8955 # * A month and day value, with a zero year, e.g. an anniversary 8956 # * A year on its own, with zero month and day values 8957 # * A year and month value, with a zero day, e.g. a credit card expiration date 8958 # 8959 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 8960 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 8961 # a year. 8962 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 8963 # if specifying a year by itself or a year and month where the day is not 8964 # significant. 8965 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 8966 # month and day. 8967 }, 8968 "stringValue": "A String", 8969 "booleanValue": True or False, 8970 "integerValue": "A String", 8971 }, 8972 }, 8973 }, 8974 "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause 8975 # this transformation to apply to all findings that correspond to 8976 # infoTypes that were requested in `InspectConfig`. 8977 { # Type of information detected by the API. 8978 "name": "A String", # Name of the information type. Either a name of your choosing when 8979 # creating a CustomInfoType, or one of the names listed 8980 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 8981 # a built-in type. InfoType names should conform to the pattern 8982 # [a-zA-Z0-9_]{1,64}. 8983 }, 8984 ], 8985 }, 8986 ], 8987 }, 8988 "recordTransformations": { # A type of transformation that is applied over structured data such as a # Treat the dataset as structured. Transformations can be applied to 8989 # specific locations within structured datasets, such as transforming 8990 # a column within a table. 8991 # table. 8992 "recordSuppressions": [ # Configuration defining which records get suppressed entirely. Records that 8993 # match any suppression rule are omitted from the output [optional]. 8994 { # Configuration to suppress records whose suppression conditions evaluate to 8995 # true. 8996 "condition": { # A condition for determining whether a transformation should be applied to # A condition that when it evaluates to true will result in the record being 8997 # evaluated to be suppressed from the transformed content. 8998 # a field. 8999 "expressions": { # An expression, consisting or an operator and conditions. # An expression. 9000 "conditions": { # A collection of conditions. 9001 "conditions": [ 9002 { # The field type of `value` and `field` do not need to match to be 9003 # considered equal, but not all comparisons are possible. 9004 # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, 9005 # but all other comparisons are invalid with incompatible types. 9006 # A `value` of type: 9007 # 9008 # - `string` can be compared against all other types 9009 # - `boolean` can only be compared against other booleans 9010 # - `integer` can be compared against doubles or a string if the string value 9011 # can be parsed as an integer. 9012 # - `double` can be compared against integers or a string if the string can 9013 # be parsed as a double. 9014 # - `Timestamp` can be compared against strings in RFC 3339 date string 9015 # format. 9016 # - `TimeOfDay` can be compared against timestamps and strings in the format 9017 # of 'HH:mm:ss'. 9018 # 9019 # If we fail to compare do to type mismatch, a warning will be given and 9020 # the condition will evaluate to false. 9021 "operator": "A String", # Operator used to compare the field or infoType to the value. [required] 9022 "field": { # General identifier of a data field in a storage service. # Field within the record this condition is evaluated against. [required] 9023 "name": "A String", # Name describing the field. 9024 }, 9025 "value": { # Set of primitive values supported by the system. # Value to compare against. [Required, except for `EXISTS` tests.] 9026 # Note that for the purposes of inspection or transformation, the number 9027 # of bytes considered to comprise a 'Value' is based on its representation 9028 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 9029 # 123456789, the number of bytes would be counted as 9, even though an 9030 # int64 only holds up to 8 bytes of data. 9031 "floatValue": 3.14, 9032 "timestampValue": "A String", 9033 "dayOfWeekValue": "A String", 9034 "timeValue": { # Represents a time of day. The date and time zone are either not significant 9035 # or are specified elsewhere. An API may choose to allow leap seconds. Related 9036 # types are google.type.Date and `google.protobuf.Timestamp`. 9037 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 9038 # to allow the value "24:00:00" for scenarios like business closing time. 9039 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 9040 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 9041 # allow the value 60 if it allows leap-seconds. 9042 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 9043 }, 9044 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 9045 # and time zone are either specified elsewhere or are not significant. The date 9046 # is relative to the Proleptic Gregorian Calendar. This can represent: 9047 # 9048 # * A full date, with non-zero year, month and day values 9049 # * A month and day value, with a zero year, e.g. an anniversary 9050 # * A year on its own, with zero month and day values 9051 # * A year and month value, with a zero day, e.g. a credit card expiration date 9052 # 9053 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 9054 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 9055 # a year. 9056 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 9057 # if specifying a year by itself or a year and month where the day is not 9058 # significant. 9059 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 9060 # month and day. 9061 }, 9062 "stringValue": "A String", 9063 "booleanValue": True or False, 9064 "integerValue": "A String", 9065 }, 9066 }, 9067 ], 9068 }, 9069 "logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently 9070 # only supported value is `AND`. 9071 }, 9072 }, 9073 }, 9074 ], 9075 "fieldTransformations": [ # Transform the record by applying various field transformations. 9076 { # The transformation to apply to the field. 9077 "infoTypeTransformations": { # A type of transformation that will scan unstructured text and # Treat the contents of the field as free text, and selectively 9078 # transform content that matches an `InfoType`. 9079 # apply various `PrimitiveTransformation`s to each finding, where the 9080 # transformation is applied to only values that were identified as a specific 9081 # info_type. 9082 "transformations": [ # Transformation for each infoType. Cannot specify more than one 9083 # for a given infoType. [required] 9084 { # A transformation to apply to text that is identified as a specific 9085 # info_type. 9086 "primitiveTransformation": { # A rule for transforming a value. # Primitive transformation to apply to the infoType. [required] 9087 "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a 9088 # fixed character. Masking can start from the beginning or end of the string. 9089 # This can be used on data of any type (numbers, longs, and so on) and when 9090 # de-identifying structured data we'll attempt to preserve the original data's 9091 # type. (This allows you to take a long like 123 and modify it to a string like 9092 # **3. 9093 "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing. 9094 # For example, if your string is 555-555-5555 and you ask us to skip `-` and 9095 # mask 5 chars with * we would produce ***-*55-5555. 9096 { # Characters to skip when doing deidentification of a value. These will be left 9097 # alone and skipped. 9098 "commonCharactersToIgnore": "A String", 9099 "charactersToSkip": "A String", 9100 }, 9101 ], 9102 "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be 9103 # masked. Skipped characters do not count towards this tally. 9104 "maskingCharacter": "A String", # Character to mask the sensitive values—for example, "*" for an 9105 # alphabetic string such as name, or "0" for a numeric string such as ZIP 9106 # code or credit card number. String must have length 1. If not supplied, we 9107 # will default to "*" for strings, 0 for digits. 9108 "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is 9109 # '0', number_to_mask is 14, and `reverse_order` is false, then 9110 # 1234-5678-9012-3456 -> 00000000000000-3456 9111 # If `masking_character` is '*', `number_to_mask` is 3, and `reverse_order` 9112 # is true, then 12345 -> 12*** 9113 }, 9114 "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` 9115 # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the 9116 # output would be 'My phone number is '. 9117 }, 9118 "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given 9119 # input. Outputs a base64 encoded representation of the encrypted output. 9120 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. 9121 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function. 9122 # a key encryption key (KEK) stored by KMS). 9123 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 9124 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 9125 # unwrap the data crypto key. 9126 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 9127 # The wrapped key must be a 128/192/256 bit key. 9128 # Authorization requires the following IAM permissions when sending a request 9129 # to perform a crypto transformation using a kms-wrapped crypto key: 9130 # dlp.kms.encrypt 9131 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 9132 "wrappedKey": "A String", # The wrapped data crypto key. [required] 9133 }, 9134 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 9135 # leaking the key. Choose another type of key if possible. 9136 "key": "A String", # A 128/192/256 bit key. [required] 9137 }, 9138 "transient": { # Use this to have a random data crypto key generated. 9139 # It will be discarded after the request finishes. 9140 "name": "A String", # Name of the key. [required] 9141 # This is an arbitrary string used to differentiate different keys. 9142 # A unique key is generated per name: two separate `TransientCryptoKey` 9143 # protos share the same generated key if their names are the same. 9144 # When the data crypto key is generated, this name is not used in any way 9145 # (repeating the api call will result in a different key being generated). 9146 }, 9147 }, 9148 "context": { # General identifier of a data field in a storage service. # Optional. A context may be used for higher security and maintaining 9149 # referential integrity such that the same identifier in two different 9150 # contexts will be given a distinct surrogate. The context is appended to 9151 # plaintext value being encrypted. On decryption the provided context is 9152 # validated against the value used during encryption. If a context was 9153 # provided during encryption, same context must be provided during decryption 9154 # as well. 9155 # 9156 # If the context is not set, plaintext would be used as is for encryption. 9157 # If the context is set but: 9158 # 9159 # 1. there is no record present when transforming a given value or 9160 # 2. the field is not present when transforming a given value, 9161 # 9162 # plaintext would be used as is for encryption. 9163 # 9164 # Note that case (1) is expected when an `InfoTypeTransformation` is 9165 # applied to both structured and non-structured `ContentItem`s. 9166 "name": "A String", # Name describing the field. 9167 }, 9168 "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. 9169 # This annotation will be applied to the surrogate by prefixing it with 9170 # the name of the custom info type followed by the number of 9171 # characters comprising the surrogate. The following scheme defines the 9172 # format: <info type name>(<surrogate character count>):<surrogate> 9173 # 9174 # For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and 9175 # the surrogate is 'abc', the full replacement value 9176 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 9177 # 9178 # This annotation identifies the surrogate when inspecting content using the 9179 # custom info type 'Surrogate'. This facilitates reversal of the 9180 # surrogate when it occurs in free text. 9181 # 9182 # In order for inspection to work properly, the name of this info type must 9183 # not occur naturally anywhere in your data; otherwise, inspection may either 9184 # 9185 # - reverse a surrogate that does not correspond to an actual identifier 9186 # - be unable to parse the surrogate and result in an error 9187 # 9188 # Therefore, choose your custom info type name carefully after considering 9189 # what your data looks like. One way to select a name that has a high chance 9190 # of yielding reliable detection is to include one or more unicode characters 9191 # that are highly improbable to exist in your data. 9192 # For example, assuming your data is entered from a regular ASCII keyboard, 9193 # the symbol with the hex code point 29DD might be used like so: 9194 # ⧝MY_TOKEN_TYPE 9195 "name": "A String", # Name of the information type. Either a name of your choosing when 9196 # creating a CustomInfoType, or one of the names listed 9197 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 9198 # a built-in type. InfoType names should conform to the pattern 9199 # [a-zA-Z0-9_]{1,64}. 9200 }, 9201 }, 9202 "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The 9203 # Bucketing transformation can provide all of this functionality, 9204 # but requires more configuration. This message is provided as a convenience to 9205 # the user for simple bucketing strategies. 9206 # 9207 # The transformed value will be a hyphenated string of 9208 # <lower_bound>-<upper_bound>, i.e if lower_bound = 10 and upper_bound = 20 9209 # all values that are within this bucket will be replaced with "10-20". 9210 # 9211 # This can be used on data of type: double, long. 9212 # 9213 # If the bound Value type differs from the type of data 9214 # being transformed, we will first attempt converting the type of the data to 9215 # be transformed to match the type of the bound before comparing. 9216 # 9217 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 9218 "lowerBound": { # Set of primitive values supported by the system. # Lower bound value of buckets. All values less than `lower_bound` are 9219 # grouped together into a single bucket; for example if `lower_bound` = 10, 9220 # then all values less than 10 are replaced with the value “-10”. [Required]. 9221 # Note that for the purposes of inspection or transformation, the number 9222 # of bytes considered to comprise a 'Value' is based on its representation 9223 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 9224 # 123456789, the number of bytes would be counted as 9, even though an 9225 # int64 only holds up to 8 bytes of data. 9226 "floatValue": 3.14, 9227 "timestampValue": "A String", 9228 "dayOfWeekValue": "A String", 9229 "timeValue": { # Represents a time of day. The date and time zone are either not significant 9230 # or are specified elsewhere. An API may choose to allow leap seconds. Related 9231 # types are google.type.Date and `google.protobuf.Timestamp`. 9232 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 9233 # to allow the value "24:00:00" for scenarios like business closing time. 9234 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 9235 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 9236 # allow the value 60 if it allows leap-seconds. 9237 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 9238 }, 9239 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 9240 # and time zone are either specified elsewhere or are not significant. The date 9241 # is relative to the Proleptic Gregorian Calendar. This can represent: 9242 # 9243 # * A full date, with non-zero year, month and day values 9244 # * A month and day value, with a zero year, e.g. an anniversary 9245 # * A year on its own, with zero month and day values 9246 # * A year and month value, with a zero day, e.g. a credit card expiration date 9247 # 9248 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 9249 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 9250 # a year. 9251 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 9252 # if specifying a year by itself or a year and month where the day is not 9253 # significant. 9254 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 9255 # month and day. 9256 }, 9257 "stringValue": "A String", 9258 "booleanValue": True or False, 9259 "integerValue": "A String", 9260 }, 9261 "upperBound": { # Set of primitive values supported by the system. # Upper bound value of buckets. All values greater than upper_bound are 9262 # grouped together into a single bucket; for example if `upper_bound` = 89, 9263 # then all values greater than 89 are replaced with the value “89+”. 9264 # [Required]. 9265 # Note that for the purposes of inspection or transformation, the number 9266 # of bytes considered to comprise a 'Value' is based on its representation 9267 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 9268 # 123456789, the number of bytes would be counted as 9, even though an 9269 # int64 only holds up to 8 bytes of data. 9270 "floatValue": 3.14, 9271 "timestampValue": "A String", 9272 "dayOfWeekValue": "A String", 9273 "timeValue": { # Represents a time of day. The date and time zone are either not significant 9274 # or are specified elsewhere. An API may choose to allow leap seconds. Related 9275 # types are google.type.Date and `google.protobuf.Timestamp`. 9276 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 9277 # to allow the value "24:00:00" for scenarios like business closing time. 9278 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 9279 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 9280 # allow the value 60 if it allows leap-seconds. 9281 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 9282 }, 9283 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 9284 # and time zone are either specified elsewhere or are not significant. The date 9285 # is relative to the Proleptic Gregorian Calendar. This can represent: 9286 # 9287 # * A full date, with non-zero year, month and day values 9288 # * A month and day value, with a zero year, e.g. an anniversary 9289 # * A year on its own, with zero month and day values 9290 # * A year and month value, with a zero day, e.g. a credit card expiration date 9291 # 9292 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 9293 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 9294 # a year. 9295 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 9296 # if specifying a year by itself or a year and month where the day is not 9297 # significant. 9298 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 9299 # month and day. 9300 }, 9301 "stringValue": "A String", 9302 "booleanValue": True or False, 9303 "integerValue": "A String", 9304 }, 9305 "bucketSize": 3.14, # Size of each bucket (except for minimum and maximum buckets). So if 9306 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the 9307 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 9308 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. [Required]. 9309 }, 9310 "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. 9311 }, 9312 "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a 9313 # portion of the value. 9314 "partToExtract": "A String", 9315 }, 9316 "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. 9317 # Uses SHA-256. 9318 # The key size must be either 32 or 64 bytes. 9319 # Outputs a base64 encoded representation of the hashed output 9320 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). 9321 # Currently, only string and integer values can be hashed. 9322 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more. 9323 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function. 9324 # a key encryption key (KEK) stored by KMS). 9325 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 9326 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 9327 # unwrap the data crypto key. 9328 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 9329 # The wrapped key must be a 128/192/256 bit key. 9330 # Authorization requires the following IAM permissions when sending a request 9331 # to perform a crypto transformation using a kms-wrapped crypto key: 9332 # dlp.kms.encrypt 9333 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 9334 "wrappedKey": "A String", # The wrapped data crypto key. [required] 9335 }, 9336 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 9337 # leaking the key. Choose another type of key if possible. 9338 "key": "A String", # A 128/192/256 bit key. [required] 9339 }, 9340 "transient": { # Use this to have a random data crypto key generated. 9341 # It will be discarded after the request finishes. 9342 "name": "A String", # Name of the key. [required] 9343 # This is an arbitrary string used to differentiate different keys. 9344 # A unique key is generated per name: two separate `TransientCryptoKey` 9345 # protos share the same generated key if their names are the same. 9346 # When the data crypto key is generated, this name is not used in any way 9347 # (repeating the api call will result in a different key being generated). 9348 }, 9349 }, 9350 }, 9351 "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the 9352 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting 9353 # to learn more. 9354 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This 9355 # results in the same shift for the same context and crypto_key. 9356 # a key encryption key (KEK) stored by KMS). 9357 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 9358 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 9359 # unwrap the data crypto key. 9360 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 9361 # The wrapped key must be a 128/192/256 bit key. 9362 # Authorization requires the following IAM permissions when sending a request 9363 # to perform a crypto transformation using a kms-wrapped crypto key: 9364 # dlp.kms.encrypt 9365 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 9366 "wrappedKey": "A String", # The wrapped data crypto key. [required] 9367 }, 9368 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 9369 # leaking the key. Choose another type of key if possible. 9370 "key": "A String", # A 128/192/256 bit key. [required] 9371 }, 9372 "transient": { # Use this to have a random data crypto key generated. 9373 # It will be discarded after the request finishes. 9374 "name": "A String", # Name of the key. [required] 9375 # This is an arbitrary string used to differentiate different keys. 9376 # A unique key is generated per name: two separate `TransientCryptoKey` 9377 # protos share the same generated key if their names are the same. 9378 # When the data crypto key is generated, this name is not used in any way 9379 # (repeating the api call will result in a different key being generated). 9380 }, 9381 }, 9382 "lowerBoundDays": 42, # For example, -5 means shift date to at most 5 days back in the past. 9383 # [Required] 9384 "upperBoundDays": 42, # Range of shift in days. Actual shift will be selected at random within this 9385 # range (inclusive ends). Negative means shift to earlier in time. Must not 9386 # be more than 365250 days (1000 years) each direction. 9387 # 9388 # For example, 3 means shift date to at most 3 days into the future. 9389 # [Required] 9390 "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. 9391 # If set, must also set method. If set, shift will be consistent for the 9392 # given context. 9393 "name": "A String", # Name describing the field. 9394 }, 9395 }, 9396 "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and 9397 # replacement values are dynamically provided by the user for custom behavior, 9398 # such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH 9399 # This can be used on 9400 # data of type: number, long, string, timestamp. 9401 # If the bound `Value` type differs from the type of data being transformed, we 9402 # will first attempt converting the type of the data to be transformed to match 9403 # the type of the bound before comparing. 9404 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 9405 "buckets": [ # Set of buckets. Ranges must be non-overlapping. 9406 { # Bucket is represented as a range, along with replacement values. 9407 "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min. 9408 # Note that for the purposes of inspection or transformation, the number 9409 # of bytes considered to comprise a 'Value' is based on its representation 9410 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 9411 # 123456789, the number of bytes would be counted as 9, even though an 9412 # int64 only holds up to 8 bytes of data. 9413 "floatValue": 3.14, 9414 "timestampValue": "A String", 9415 "dayOfWeekValue": "A String", 9416 "timeValue": { # Represents a time of day. The date and time zone are either not significant 9417 # or are specified elsewhere. An API may choose to allow leap seconds. Related 9418 # types are google.type.Date and `google.protobuf.Timestamp`. 9419 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 9420 # to allow the value "24:00:00" for scenarios like business closing time. 9421 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 9422 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 9423 # allow the value 60 if it allows leap-seconds. 9424 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 9425 }, 9426 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 9427 # and time zone are either specified elsewhere or are not significant. The date 9428 # is relative to the Proleptic Gregorian Calendar. This can represent: 9429 # 9430 # * A full date, with non-zero year, month and day values 9431 # * A month and day value, with a zero year, e.g. an anniversary 9432 # * A year on its own, with zero month and day values 9433 # * A year and month value, with a zero day, e.g. a credit card expiration date 9434 # 9435 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 9436 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 9437 # a year. 9438 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 9439 # if specifying a year by itself or a year and month where the day is not 9440 # significant. 9441 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 9442 # month and day. 9443 }, 9444 "stringValue": "A String", 9445 "booleanValue": True or False, 9446 "integerValue": "A String", 9447 }, 9448 "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided 9449 # the default behavior will be to hyphenate the min-max range. 9450 # Note that for the purposes of inspection or transformation, the number 9451 # of bytes considered to comprise a 'Value' is based on its representation 9452 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 9453 # 123456789, the number of bytes would be counted as 9, even though an 9454 # int64 only holds up to 8 bytes of data. 9455 "floatValue": 3.14, 9456 "timestampValue": "A String", 9457 "dayOfWeekValue": "A String", 9458 "timeValue": { # Represents a time of day. The date and time zone are either not significant 9459 # or are specified elsewhere. An API may choose to allow leap seconds. Related 9460 # types are google.type.Date and `google.protobuf.Timestamp`. 9461 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 9462 # to allow the value "24:00:00" for scenarios like business closing time. 9463 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 9464 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 9465 # allow the value 60 if it allows leap-seconds. 9466 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 9467 }, 9468 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 9469 # and time zone are either specified elsewhere or are not significant. The date 9470 # is relative to the Proleptic Gregorian Calendar. This can represent: 9471 # 9472 # * A full date, with non-zero year, month and day values 9473 # * A month and day value, with a zero year, e.g. an anniversary 9474 # * A year on its own, with zero month and day values 9475 # * A year and month value, with a zero day, e.g. a credit card expiration date 9476 # 9477 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 9478 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 9479 # a year. 9480 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 9481 # if specifying a year by itself or a year and month where the day is not 9482 # significant. 9483 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 9484 # month and day. 9485 }, 9486 "stringValue": "A String", 9487 "booleanValue": True or False, 9488 "integerValue": "A String", 9489 }, 9490 "min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if 9491 # used. 9492 # Note that for the purposes of inspection or transformation, the number 9493 # of bytes considered to comprise a 'Value' is based on its representation 9494 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 9495 # 123456789, the number of bytes would be counted as 9, even though an 9496 # int64 only holds up to 8 bytes of data. 9497 "floatValue": 3.14, 9498 "timestampValue": "A String", 9499 "dayOfWeekValue": "A String", 9500 "timeValue": { # Represents a time of day. The date and time zone are either not significant 9501 # or are specified elsewhere. An API may choose to allow leap seconds. Related 9502 # types are google.type.Date and `google.protobuf.Timestamp`. 9503 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 9504 # to allow the value "24:00:00" for scenarios like business closing time. 9505 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 9506 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 9507 # allow the value 60 if it allows leap-seconds. 9508 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 9509 }, 9510 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 9511 # and time zone are either specified elsewhere or are not significant. The date 9512 # is relative to the Proleptic Gregorian Calendar. This can represent: 9513 # 9514 # * A full date, with non-zero year, month and day values 9515 # * A month and day value, with a zero year, e.g. an anniversary 9516 # * A year on its own, with zero month and day values 9517 # * A year and month value, with a zero day, e.g. a credit card expiration date 9518 # 9519 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 9520 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 9521 # a year. 9522 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 9523 # if specifying a year by itself or a year and month where the day is not 9524 # significant. 9525 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 9526 # month and day. 9527 }, 9528 "stringValue": "A String", 9529 "booleanValue": True or False, 9530 "integerValue": "A String", 9531 }, 9532 }, 9533 ], 9534 }, 9535 "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption 9536 # (FPE) with the FFX mode of operation; however when used in the 9537 # `ReidentifyContent` API method, it serves the opposite function by reversing 9538 # the surrogate back into the original identifier. The identifier must be 9539 # encoded as ASCII. For a given crypto key and context, the same identifier 9540 # will be replaced with the same surrogate. Identifiers must be at least two 9541 # characters long. In the case that the identifier is the empty string, it will 9542 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn 9543 # more. 9544 # 9545 # Note: We recommend using CryptoDeterministicConfig for all use cases which 9546 # do not require preserving the input alphabet space and size, plus warrant 9547 # referential integrity. 9548 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption algorithm. [required] 9549 # a key encryption key (KEK) stored by KMS). 9550 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 9551 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 9552 # unwrap the data crypto key. 9553 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 9554 # The wrapped key must be a 128/192/256 bit key. 9555 # Authorization requires the following IAM permissions when sending a request 9556 # to perform a crypto transformation using a kms-wrapped crypto key: 9557 # dlp.kms.encrypt 9558 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 9559 "wrappedKey": "A String", # The wrapped data crypto key. [required] 9560 }, 9561 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 9562 # leaking the key. Choose another type of key if possible. 9563 "key": "A String", # A 128/192/256 bit key. [required] 9564 }, 9565 "transient": { # Use this to have a random data crypto key generated. 9566 # It will be discarded after the request finishes. 9567 "name": "A String", # Name of the key. [required] 9568 # This is an arbitrary string used to differentiate different keys. 9569 # A unique key is generated per name: two separate `TransientCryptoKey` 9570 # protos share the same generated key if their names are the same. 9571 # When the data crypto key is generated, this name is not used in any way 9572 # (repeating the api call will result in a different key being generated). 9573 }, 9574 }, 9575 "radix": 42, # The native way to select the alphabet. Must be in the range [2, 62]. 9576 "commonAlphabet": "A String", 9577 "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters 9578 # that the FFX mode natively supports. This happens before/after 9579 # encryption/decryption. 9580 # Each character listed must appear only once. 9581 # Number of characters must be in the range [2, 62]. 9582 # This must be encoded as ASCII. 9583 # The order of characters does not matter. 9584 "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same 9585 # identifier in two different contexts won't be given the same surrogate. If 9586 # the context is not set, a default tweak will be used. 9587 # 9588 # If the context is set but: 9589 # 9590 # 1. there is no record present when transforming a given value or 9591 # 1. the field is not present when transforming a given value, 9592 # 9593 # a default tweak will be used. 9594 # 9595 # Note that case (1) is expected when an `InfoTypeTransformation` is 9596 # applied to both structured and non-structured `ContentItem`s. 9597 # Currently, the referenced field may be of value type integer or string. 9598 # 9599 # The tweak is constructed as a sequence of bytes in big endian byte order 9600 # such that: 9601 # 9602 # - a 64 bit integer is encoded followed by a single byte of value 1 9603 # - a string is encoded in UTF-8 format followed by a single byte of value 2 9604 "name": "A String", # Name describing the field. 9605 }, 9606 "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. 9607 # This annotation will be applied to the surrogate by prefixing it with 9608 # the name of the custom infoType followed by the number of 9609 # characters comprising the surrogate. The following scheme defines the 9610 # format: info_type_name(surrogate_character_count):surrogate 9611 # 9612 # For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and 9613 # the surrogate is 'abc', the full replacement value 9614 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 9615 # 9616 # This annotation identifies the surrogate when inspecting content using the 9617 # custom infoType 9618 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). 9619 # This facilitates reversal of the surrogate when it occurs in free text. 9620 # 9621 # In order for inspection to work properly, the name of this infoType must 9622 # not occur naturally anywhere in your data; otherwise, inspection may 9623 # find a surrogate that does not correspond to an actual identifier. 9624 # Therefore, choose your custom infoType name carefully after considering 9625 # what your data looks like. One way to select a name that has a high chance 9626 # of yielding reliable detection is to include one or more unicode characters 9627 # that are highly improbable to exist in your data. 9628 # For example, assuming your data is entered from a regular ASCII keyboard, 9629 # the symbol with the hex code point 29DD might be used like so: 9630 # ⧝MY_TOKEN_TYPE 9631 "name": "A String", # Name of the information type. Either a name of your choosing when 9632 # creating a CustomInfoType, or one of the names listed 9633 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 9634 # a built-in type. InfoType names should conform to the pattern 9635 # [a-zA-Z0-9_]{1,64}. 9636 }, 9637 }, 9638 "replaceConfig": { # Replace each input value with a given `Value`. 9639 "newValue": { # Set of primitive values supported by the system. # Value to replace it with. 9640 # Note that for the purposes of inspection or transformation, the number 9641 # of bytes considered to comprise a 'Value' is based on its representation 9642 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 9643 # 123456789, the number of bytes would be counted as 9, even though an 9644 # int64 only holds up to 8 bytes of data. 9645 "floatValue": 3.14, 9646 "timestampValue": "A String", 9647 "dayOfWeekValue": "A String", 9648 "timeValue": { # Represents a time of day. The date and time zone are either not significant 9649 # or are specified elsewhere. An API may choose to allow leap seconds. Related 9650 # types are google.type.Date and `google.protobuf.Timestamp`. 9651 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 9652 # to allow the value "24:00:00" for scenarios like business closing time. 9653 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 9654 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 9655 # allow the value 60 if it allows leap-seconds. 9656 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 9657 }, 9658 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 9659 # and time zone are either specified elsewhere or are not significant. The date 9660 # is relative to the Proleptic Gregorian Calendar. This can represent: 9661 # 9662 # * A full date, with non-zero year, month and day values 9663 # * A month and day value, with a zero year, e.g. an anniversary 9664 # * A year on its own, with zero month and day values 9665 # * A year and month value, with a zero day, e.g. a credit card expiration date 9666 # 9667 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 9668 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 9669 # a year. 9670 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 9671 # if specifying a year by itself or a year and month where the day is not 9672 # significant. 9673 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 9674 # month and day. 9675 }, 9676 "stringValue": "A String", 9677 "booleanValue": True or False, 9678 "integerValue": "A String", 9679 }, 9680 }, 9681 }, 9682 "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause 9683 # this transformation to apply to all findings that correspond to 9684 # infoTypes that were requested in `InspectConfig`. 9685 { # Type of information detected by the API. 9686 "name": "A String", # Name of the information type. Either a name of your choosing when 9687 # creating a CustomInfoType, or one of the names listed 9688 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 9689 # a built-in type. InfoType names should conform to the pattern 9690 # [a-zA-Z0-9_]{1,64}. 9691 }, 9692 ], 9693 }, 9694 ], 9695 }, 9696 "primitiveTransformation": { # A rule for transforming a value. # Apply the transformation to the entire field. 9697 "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a 9698 # fixed character. Masking can start from the beginning or end of the string. 9699 # This can be used on data of any type (numbers, longs, and so on) and when 9700 # de-identifying structured data we'll attempt to preserve the original data's 9701 # type. (This allows you to take a long like 123 and modify it to a string like 9702 # **3. 9703 "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing. 9704 # For example, if your string is 555-555-5555 and you ask us to skip `-` and 9705 # mask 5 chars with * we would produce ***-*55-5555. 9706 { # Characters to skip when doing deidentification of a value. These will be left 9707 # alone and skipped. 9708 "commonCharactersToIgnore": "A String", 9709 "charactersToSkip": "A String", 9710 }, 9711 ], 9712 "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be 9713 # masked. Skipped characters do not count towards this tally. 9714 "maskingCharacter": "A String", # Character to mask the sensitive values—for example, "*" for an 9715 # alphabetic string such as name, or "0" for a numeric string such as ZIP 9716 # code or credit card number. String must have length 1. If not supplied, we 9717 # will default to "*" for strings, 0 for digits. 9718 "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is 9719 # '0', number_to_mask is 14, and `reverse_order` is false, then 9720 # 1234-5678-9012-3456 -> 00000000000000-3456 9721 # If `masking_character` is '*', `number_to_mask` is 3, and `reverse_order` 9722 # is true, then 12345 -> 12*** 9723 }, 9724 "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` 9725 # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the 9726 # output would be 'My phone number is '. 9727 }, 9728 "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given 9729 # input. Outputs a base64 encoded representation of the encrypted output. 9730 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. 9731 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function. 9732 # a key encryption key (KEK) stored by KMS). 9733 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 9734 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 9735 # unwrap the data crypto key. 9736 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 9737 # The wrapped key must be a 128/192/256 bit key. 9738 # Authorization requires the following IAM permissions when sending a request 9739 # to perform a crypto transformation using a kms-wrapped crypto key: 9740 # dlp.kms.encrypt 9741 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 9742 "wrappedKey": "A String", # The wrapped data crypto key. [required] 9743 }, 9744 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 9745 # leaking the key. Choose another type of key if possible. 9746 "key": "A String", # A 128/192/256 bit key. [required] 9747 }, 9748 "transient": { # Use this to have a random data crypto key generated. 9749 # It will be discarded after the request finishes. 9750 "name": "A String", # Name of the key. [required] 9751 # This is an arbitrary string used to differentiate different keys. 9752 # A unique key is generated per name: two separate `TransientCryptoKey` 9753 # protos share the same generated key if their names are the same. 9754 # When the data crypto key is generated, this name is not used in any way 9755 # (repeating the api call will result in a different key being generated). 9756 }, 9757 }, 9758 "context": { # General identifier of a data field in a storage service. # Optional. A context may be used for higher security and maintaining 9759 # referential integrity such that the same identifier in two different 9760 # contexts will be given a distinct surrogate. The context is appended to 9761 # plaintext value being encrypted. On decryption the provided context is 9762 # validated against the value used during encryption. If a context was 9763 # provided during encryption, same context must be provided during decryption 9764 # as well. 9765 # 9766 # If the context is not set, plaintext would be used as is for encryption. 9767 # If the context is set but: 9768 # 9769 # 1. there is no record present when transforming a given value or 9770 # 2. the field is not present when transforming a given value, 9771 # 9772 # plaintext would be used as is for encryption. 9773 # 9774 # Note that case (1) is expected when an `InfoTypeTransformation` is 9775 # applied to both structured and non-structured `ContentItem`s. 9776 "name": "A String", # Name describing the field. 9777 }, 9778 "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. 9779 # This annotation will be applied to the surrogate by prefixing it with 9780 # the name of the custom info type followed by the number of 9781 # characters comprising the surrogate. The following scheme defines the 9782 # format: <info type name>(<surrogate character count>):<surrogate> 9783 # 9784 # For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and 9785 # the surrogate is 'abc', the full replacement value 9786 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 9787 # 9788 # This annotation identifies the surrogate when inspecting content using the 9789 # custom info type 'Surrogate'. This facilitates reversal of the 9790 # surrogate when it occurs in free text. 9791 # 9792 # In order for inspection to work properly, the name of this info type must 9793 # not occur naturally anywhere in your data; otherwise, inspection may either 9794 # 9795 # - reverse a surrogate that does not correspond to an actual identifier 9796 # - be unable to parse the surrogate and result in an error 9797 # 9798 # Therefore, choose your custom info type name carefully after considering 9799 # what your data looks like. One way to select a name that has a high chance 9800 # of yielding reliable detection is to include one or more unicode characters 9801 # that are highly improbable to exist in your data. 9802 # For example, assuming your data is entered from a regular ASCII keyboard, 9803 # the symbol with the hex code point 29DD might be used like so: 9804 # ⧝MY_TOKEN_TYPE 9805 "name": "A String", # Name of the information type. Either a name of your choosing when 9806 # creating a CustomInfoType, or one of the names listed 9807 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 9808 # a built-in type. InfoType names should conform to the pattern 9809 # [a-zA-Z0-9_]{1,64}. 9810 }, 9811 }, 9812 "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The 9813 # Bucketing transformation can provide all of this functionality, 9814 # but requires more configuration. This message is provided as a convenience to 9815 # the user for simple bucketing strategies. 9816 # 9817 # The transformed value will be a hyphenated string of 9818 # <lower_bound>-<upper_bound>, i.e if lower_bound = 10 and upper_bound = 20 9819 # all values that are within this bucket will be replaced with "10-20". 9820 # 9821 # This can be used on data of type: double, long. 9822 # 9823 # If the bound Value type differs from the type of data 9824 # being transformed, we will first attempt converting the type of the data to 9825 # be transformed to match the type of the bound before comparing. 9826 # 9827 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 9828 "lowerBound": { # Set of primitive values supported by the system. # Lower bound value of buckets. All values less than `lower_bound` are 9829 # grouped together into a single bucket; for example if `lower_bound` = 10, 9830 # then all values less than 10 are replaced with the value “-10”. [Required]. 9831 # Note that for the purposes of inspection or transformation, the number 9832 # of bytes considered to comprise a 'Value' is based on its representation 9833 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 9834 # 123456789, the number of bytes would be counted as 9, even though an 9835 # int64 only holds up to 8 bytes of data. 9836 "floatValue": 3.14, 9837 "timestampValue": "A String", 9838 "dayOfWeekValue": "A String", 9839 "timeValue": { # Represents a time of day. The date and time zone are either not significant 9840 # or are specified elsewhere. An API may choose to allow leap seconds. Related 9841 # types are google.type.Date and `google.protobuf.Timestamp`. 9842 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 9843 # to allow the value "24:00:00" for scenarios like business closing time. 9844 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 9845 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 9846 # allow the value 60 if it allows leap-seconds. 9847 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 9848 }, 9849 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 9850 # and time zone are either specified elsewhere or are not significant. The date 9851 # is relative to the Proleptic Gregorian Calendar. This can represent: 9852 # 9853 # * A full date, with non-zero year, month and day values 9854 # * A month and day value, with a zero year, e.g. an anniversary 9855 # * A year on its own, with zero month and day values 9856 # * A year and month value, with a zero day, e.g. a credit card expiration date 9857 # 9858 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 9859 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 9860 # a year. 9861 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 9862 # if specifying a year by itself or a year and month where the day is not 9863 # significant. 9864 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 9865 # month and day. 9866 }, 9867 "stringValue": "A String", 9868 "booleanValue": True or False, 9869 "integerValue": "A String", 9870 }, 9871 "upperBound": { # Set of primitive values supported by the system. # Upper bound value of buckets. All values greater than upper_bound are 9872 # grouped together into a single bucket; for example if `upper_bound` = 89, 9873 # then all values greater than 89 are replaced with the value “89+”. 9874 # [Required]. 9875 # Note that for the purposes of inspection or transformation, the number 9876 # of bytes considered to comprise a 'Value' is based on its representation 9877 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 9878 # 123456789, the number of bytes would be counted as 9, even though an 9879 # int64 only holds up to 8 bytes of data. 9880 "floatValue": 3.14, 9881 "timestampValue": "A String", 9882 "dayOfWeekValue": "A String", 9883 "timeValue": { # Represents a time of day. The date and time zone are either not significant 9884 # or are specified elsewhere. An API may choose to allow leap seconds. Related 9885 # types are google.type.Date and `google.protobuf.Timestamp`. 9886 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 9887 # to allow the value "24:00:00" for scenarios like business closing time. 9888 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 9889 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 9890 # allow the value 60 if it allows leap-seconds. 9891 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 9892 }, 9893 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 9894 # and time zone are either specified elsewhere or are not significant. The date 9895 # is relative to the Proleptic Gregorian Calendar. This can represent: 9896 # 9897 # * A full date, with non-zero year, month and day values 9898 # * A month and day value, with a zero year, e.g. an anniversary 9899 # * A year on its own, with zero month and day values 9900 # * A year and month value, with a zero day, e.g. a credit card expiration date 9901 # 9902 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 9903 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 9904 # a year. 9905 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 9906 # if specifying a year by itself or a year and month where the day is not 9907 # significant. 9908 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 9909 # month and day. 9910 }, 9911 "stringValue": "A String", 9912 "booleanValue": True or False, 9913 "integerValue": "A String", 9914 }, 9915 "bucketSize": 3.14, # Size of each bucket (except for minimum and maximum buckets). So if 9916 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the 9917 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 9918 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. [Required]. 9919 }, 9920 "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. 9921 }, 9922 "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a 9923 # portion of the value. 9924 "partToExtract": "A String", 9925 }, 9926 "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. 9927 # Uses SHA-256. 9928 # The key size must be either 32 or 64 bytes. 9929 # Outputs a base64 encoded representation of the hashed output 9930 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). 9931 # Currently, only string and integer values can be hashed. 9932 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more. 9933 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function. 9934 # a key encryption key (KEK) stored by KMS). 9935 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 9936 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 9937 # unwrap the data crypto key. 9938 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 9939 # The wrapped key must be a 128/192/256 bit key. 9940 # Authorization requires the following IAM permissions when sending a request 9941 # to perform a crypto transformation using a kms-wrapped crypto key: 9942 # dlp.kms.encrypt 9943 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 9944 "wrappedKey": "A String", # The wrapped data crypto key. [required] 9945 }, 9946 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 9947 # leaking the key. Choose another type of key if possible. 9948 "key": "A String", # A 128/192/256 bit key. [required] 9949 }, 9950 "transient": { # Use this to have a random data crypto key generated. 9951 # It will be discarded after the request finishes. 9952 "name": "A String", # Name of the key. [required] 9953 # This is an arbitrary string used to differentiate different keys. 9954 # A unique key is generated per name: two separate `TransientCryptoKey` 9955 # protos share the same generated key if their names are the same. 9956 # When the data crypto key is generated, this name is not used in any way 9957 # (repeating the api call will result in a different key being generated). 9958 }, 9959 }, 9960 }, 9961 "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the 9962 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting 9963 # to learn more. 9964 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This 9965 # results in the same shift for the same context and crypto_key. 9966 # a key encryption key (KEK) stored by KMS). 9967 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 9968 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 9969 # unwrap the data crypto key. 9970 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 9971 # The wrapped key must be a 128/192/256 bit key. 9972 # Authorization requires the following IAM permissions when sending a request 9973 # to perform a crypto transformation using a kms-wrapped crypto key: 9974 # dlp.kms.encrypt 9975 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 9976 "wrappedKey": "A String", # The wrapped data crypto key. [required] 9977 }, 9978 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 9979 # leaking the key. Choose another type of key if possible. 9980 "key": "A String", # A 128/192/256 bit key. [required] 9981 }, 9982 "transient": { # Use this to have a random data crypto key generated. 9983 # It will be discarded after the request finishes. 9984 "name": "A String", # Name of the key. [required] 9985 # This is an arbitrary string used to differentiate different keys. 9986 # A unique key is generated per name: two separate `TransientCryptoKey` 9987 # protos share the same generated key if their names are the same. 9988 # When the data crypto key is generated, this name is not used in any way 9989 # (repeating the api call will result in a different key being generated). 9990 }, 9991 }, 9992 "lowerBoundDays": 42, # For example, -5 means shift date to at most 5 days back in the past. 9993 # [Required] 9994 "upperBoundDays": 42, # Range of shift in days. Actual shift will be selected at random within this 9995 # range (inclusive ends). Negative means shift to earlier in time. Must not 9996 # be more than 365250 days (1000 years) each direction. 9997 # 9998 # For example, 3 means shift date to at most 3 days into the future. 9999 # [Required] 10000 "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. 10001 # If set, must also set method. If set, shift will be consistent for the 10002 # given context. 10003 "name": "A String", # Name describing the field. 10004 }, 10005 }, 10006 "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and 10007 # replacement values are dynamically provided by the user for custom behavior, 10008 # such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH 10009 # This can be used on 10010 # data of type: number, long, string, timestamp. 10011 # If the bound `Value` type differs from the type of data being transformed, we 10012 # will first attempt converting the type of the data to be transformed to match 10013 # the type of the bound before comparing. 10014 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 10015 "buckets": [ # Set of buckets. Ranges must be non-overlapping. 10016 { # Bucket is represented as a range, along with replacement values. 10017 "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min. 10018 # Note that for the purposes of inspection or transformation, the number 10019 # of bytes considered to comprise a 'Value' is based on its representation 10020 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 10021 # 123456789, the number of bytes would be counted as 9, even though an 10022 # int64 only holds up to 8 bytes of data. 10023 "floatValue": 3.14, 10024 "timestampValue": "A String", 10025 "dayOfWeekValue": "A String", 10026 "timeValue": { # Represents a time of day. The date and time zone are either not significant 10027 # or are specified elsewhere. An API may choose to allow leap seconds. Related 10028 # types are google.type.Date and `google.protobuf.Timestamp`. 10029 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 10030 # to allow the value "24:00:00" for scenarios like business closing time. 10031 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 10032 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 10033 # allow the value 60 if it allows leap-seconds. 10034 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 10035 }, 10036 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 10037 # and time zone are either specified elsewhere or are not significant. The date 10038 # is relative to the Proleptic Gregorian Calendar. This can represent: 10039 # 10040 # * A full date, with non-zero year, month and day values 10041 # * A month and day value, with a zero year, e.g. an anniversary 10042 # * A year on its own, with zero month and day values 10043 # * A year and month value, with a zero day, e.g. a credit card expiration date 10044 # 10045 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 10046 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 10047 # a year. 10048 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 10049 # if specifying a year by itself or a year and month where the day is not 10050 # significant. 10051 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 10052 # month and day. 10053 }, 10054 "stringValue": "A String", 10055 "booleanValue": True or False, 10056 "integerValue": "A String", 10057 }, 10058 "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided 10059 # the default behavior will be to hyphenate the min-max range. 10060 # Note that for the purposes of inspection or transformation, the number 10061 # of bytes considered to comprise a 'Value' is based on its representation 10062 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 10063 # 123456789, the number of bytes would be counted as 9, even though an 10064 # int64 only holds up to 8 bytes of data. 10065 "floatValue": 3.14, 10066 "timestampValue": "A String", 10067 "dayOfWeekValue": "A String", 10068 "timeValue": { # Represents a time of day. The date and time zone are either not significant 10069 # or are specified elsewhere. An API may choose to allow leap seconds. Related 10070 # types are google.type.Date and `google.protobuf.Timestamp`. 10071 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 10072 # to allow the value "24:00:00" for scenarios like business closing time. 10073 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 10074 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 10075 # allow the value 60 if it allows leap-seconds. 10076 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 10077 }, 10078 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 10079 # and time zone are either specified elsewhere or are not significant. The date 10080 # is relative to the Proleptic Gregorian Calendar. This can represent: 10081 # 10082 # * A full date, with non-zero year, month and day values 10083 # * A month and day value, with a zero year, e.g. an anniversary 10084 # * A year on its own, with zero month and day values 10085 # * A year and month value, with a zero day, e.g. a credit card expiration date 10086 # 10087 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 10088 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 10089 # a year. 10090 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 10091 # if specifying a year by itself or a year and month where the day is not 10092 # significant. 10093 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 10094 # month and day. 10095 }, 10096 "stringValue": "A String", 10097 "booleanValue": True or False, 10098 "integerValue": "A String", 10099 }, 10100 "min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if 10101 # used. 10102 # Note that for the purposes of inspection or transformation, the number 10103 # of bytes considered to comprise a 'Value' is based on its representation 10104 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 10105 # 123456789, the number of bytes would be counted as 9, even though an 10106 # int64 only holds up to 8 bytes of data. 10107 "floatValue": 3.14, 10108 "timestampValue": "A String", 10109 "dayOfWeekValue": "A String", 10110 "timeValue": { # Represents a time of day. The date and time zone are either not significant 10111 # or are specified elsewhere. An API may choose to allow leap seconds. Related 10112 # types are google.type.Date and `google.protobuf.Timestamp`. 10113 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 10114 # to allow the value "24:00:00" for scenarios like business closing time. 10115 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 10116 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 10117 # allow the value 60 if it allows leap-seconds. 10118 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 10119 }, 10120 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 10121 # and time zone are either specified elsewhere or are not significant. The date 10122 # is relative to the Proleptic Gregorian Calendar. This can represent: 10123 # 10124 # * A full date, with non-zero year, month and day values 10125 # * A month and day value, with a zero year, e.g. an anniversary 10126 # * A year on its own, with zero month and day values 10127 # * A year and month value, with a zero day, e.g. a credit card expiration date 10128 # 10129 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 10130 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 10131 # a year. 10132 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 10133 # if specifying a year by itself or a year and month where the day is not 10134 # significant. 10135 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 10136 # month and day. 10137 }, 10138 "stringValue": "A String", 10139 "booleanValue": True or False, 10140 "integerValue": "A String", 10141 }, 10142 }, 10143 ], 10144 }, 10145 "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption 10146 # (FPE) with the FFX mode of operation; however when used in the 10147 # `ReidentifyContent` API method, it serves the opposite function by reversing 10148 # the surrogate back into the original identifier. The identifier must be 10149 # encoded as ASCII. For a given crypto key and context, the same identifier 10150 # will be replaced with the same surrogate. Identifiers must be at least two 10151 # characters long. In the case that the identifier is the empty string, it will 10152 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn 10153 # more. 10154 # 10155 # Note: We recommend using CryptoDeterministicConfig for all use cases which 10156 # do not require preserving the input alphabet space and size, plus warrant 10157 # referential integrity. 10158 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption algorithm. [required] 10159 # a key encryption key (KEK) stored by KMS). 10160 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 10161 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 10162 # unwrap the data crypto key. 10163 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 10164 # The wrapped key must be a 128/192/256 bit key. 10165 # Authorization requires the following IAM permissions when sending a request 10166 # to perform a crypto transformation using a kms-wrapped crypto key: 10167 # dlp.kms.encrypt 10168 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 10169 "wrappedKey": "A String", # The wrapped data crypto key. [required] 10170 }, 10171 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 10172 # leaking the key. Choose another type of key if possible. 10173 "key": "A String", # A 128/192/256 bit key. [required] 10174 }, 10175 "transient": { # Use this to have a random data crypto key generated. 10176 # It will be discarded after the request finishes. 10177 "name": "A String", # Name of the key. [required] 10178 # This is an arbitrary string used to differentiate different keys. 10179 # A unique key is generated per name: two separate `TransientCryptoKey` 10180 # protos share the same generated key if their names are the same. 10181 # When the data crypto key is generated, this name is not used in any way 10182 # (repeating the api call will result in a different key being generated). 10183 }, 10184 }, 10185 "radix": 42, # The native way to select the alphabet. Must be in the range [2, 62]. 10186 "commonAlphabet": "A String", 10187 "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters 10188 # that the FFX mode natively supports. This happens before/after 10189 # encryption/decryption. 10190 # Each character listed must appear only once. 10191 # Number of characters must be in the range [2, 62]. 10192 # This must be encoded as ASCII. 10193 # The order of characters does not matter. 10194 "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same 10195 # identifier in two different contexts won't be given the same surrogate. If 10196 # the context is not set, a default tweak will be used. 10197 # 10198 # If the context is set but: 10199 # 10200 # 1. there is no record present when transforming a given value or 10201 # 1. the field is not present when transforming a given value, 10202 # 10203 # a default tweak will be used. 10204 # 10205 # Note that case (1) is expected when an `InfoTypeTransformation` is 10206 # applied to both structured and non-structured `ContentItem`s. 10207 # Currently, the referenced field may be of value type integer or string. 10208 # 10209 # The tweak is constructed as a sequence of bytes in big endian byte order 10210 # such that: 10211 # 10212 # - a 64 bit integer is encoded followed by a single byte of value 1 10213 # - a string is encoded in UTF-8 format followed by a single byte of value 2 10214 "name": "A String", # Name describing the field. 10215 }, 10216 "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. 10217 # This annotation will be applied to the surrogate by prefixing it with 10218 # the name of the custom infoType followed by the number of 10219 # characters comprising the surrogate. The following scheme defines the 10220 # format: info_type_name(surrogate_character_count):surrogate 10221 # 10222 # For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and 10223 # the surrogate is 'abc', the full replacement value 10224 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 10225 # 10226 # This annotation identifies the surrogate when inspecting content using the 10227 # custom infoType 10228 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). 10229 # This facilitates reversal of the surrogate when it occurs in free text. 10230 # 10231 # In order for inspection to work properly, the name of this infoType must 10232 # not occur naturally anywhere in your data; otherwise, inspection may 10233 # find a surrogate that does not correspond to an actual identifier. 10234 # Therefore, choose your custom infoType name carefully after considering 10235 # what your data looks like. One way to select a name that has a high chance 10236 # of yielding reliable detection is to include one or more unicode characters 10237 # that are highly improbable to exist in your data. 10238 # For example, assuming your data is entered from a regular ASCII keyboard, 10239 # the symbol with the hex code point 29DD might be used like so: 10240 # ⧝MY_TOKEN_TYPE 10241 "name": "A String", # Name of the information type. Either a name of your choosing when 10242 # creating a CustomInfoType, or one of the names listed 10243 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 10244 # a built-in type. InfoType names should conform to the pattern 10245 # [a-zA-Z0-9_]{1,64}. 10246 }, 10247 }, 10248 "replaceConfig": { # Replace each input value with a given `Value`. 10249 "newValue": { # Set of primitive values supported by the system. # Value to replace it with. 10250 # Note that for the purposes of inspection or transformation, the number 10251 # of bytes considered to comprise a 'Value' is based on its representation 10252 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 10253 # 123456789, the number of bytes would be counted as 9, even though an 10254 # int64 only holds up to 8 bytes of data. 10255 "floatValue": 3.14, 10256 "timestampValue": "A String", 10257 "dayOfWeekValue": "A String", 10258 "timeValue": { # Represents a time of day. The date and time zone are either not significant 10259 # or are specified elsewhere. An API may choose to allow leap seconds. Related 10260 # types are google.type.Date and `google.protobuf.Timestamp`. 10261 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 10262 # to allow the value "24:00:00" for scenarios like business closing time. 10263 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 10264 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 10265 # allow the value 60 if it allows leap-seconds. 10266 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 10267 }, 10268 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 10269 # and time zone are either specified elsewhere or are not significant. The date 10270 # is relative to the Proleptic Gregorian Calendar. This can represent: 10271 # 10272 # * A full date, with non-zero year, month and day values 10273 # * A month and day value, with a zero year, e.g. an anniversary 10274 # * A year on its own, with zero month and day values 10275 # * A year and month value, with a zero day, e.g. a credit card expiration date 10276 # 10277 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 10278 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 10279 # a year. 10280 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 10281 # if specifying a year by itself or a year and month where the day is not 10282 # significant. 10283 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 10284 # month and day. 10285 }, 10286 "stringValue": "A String", 10287 "booleanValue": True or False, 10288 "integerValue": "A String", 10289 }, 10290 }, 10291 }, 10292 "condition": { # A condition for determining whether a transformation should be applied to # Only apply the transformation if the condition evaluates to true for the 10293 # given `RecordCondition`. The conditions are allowed to reference fields 10294 # that are not used in the actual transformation. [optional] 10295 # 10296 # Example Use Cases: 10297 # 10298 # - Apply a different bucket transformation to an age column if the zip code 10299 # column for the same record is within a specific range. 10300 # - Redact a field if the date of birth field is greater than 85. 10301 # a field. 10302 "expressions": { # An expression, consisting or an operator and conditions. # An expression. 10303 "conditions": { # A collection of conditions. 10304 "conditions": [ 10305 { # The field type of `value` and `field` do not need to match to be 10306 # considered equal, but not all comparisons are possible. 10307 # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, 10308 # but all other comparisons are invalid with incompatible types. 10309 # A `value` of type: 10310 # 10311 # - `string` can be compared against all other types 10312 # - `boolean` can only be compared against other booleans 10313 # - `integer` can be compared against doubles or a string if the string value 10314 # can be parsed as an integer. 10315 # - `double` can be compared against integers or a string if the string can 10316 # be parsed as a double. 10317 # - `Timestamp` can be compared against strings in RFC 3339 date string 10318 # format. 10319 # - `TimeOfDay` can be compared against timestamps and strings in the format 10320 # of 'HH:mm:ss'. 10321 # 10322 # If we fail to compare do to type mismatch, a warning will be given and 10323 # the condition will evaluate to false. 10324 "operator": "A String", # Operator used to compare the field or infoType to the value. [required] 10325 "field": { # General identifier of a data field in a storage service. # Field within the record this condition is evaluated against. [required] 10326 "name": "A String", # Name describing the field. 10327 }, 10328 "value": { # Set of primitive values supported by the system. # Value to compare against. [Required, except for `EXISTS` tests.] 10329 # Note that for the purposes of inspection or transformation, the number 10330 # of bytes considered to comprise a 'Value' is based on its representation 10331 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 10332 # 123456789, the number of bytes would be counted as 9, even though an 10333 # int64 only holds up to 8 bytes of data. 10334 "floatValue": 3.14, 10335 "timestampValue": "A String", 10336 "dayOfWeekValue": "A String", 10337 "timeValue": { # Represents a time of day. The date and time zone are either not significant 10338 # or are specified elsewhere. An API may choose to allow leap seconds. Related 10339 # types are google.type.Date and `google.protobuf.Timestamp`. 10340 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 10341 # to allow the value "24:00:00" for scenarios like business closing time. 10342 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 10343 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 10344 # allow the value 60 if it allows leap-seconds. 10345 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 10346 }, 10347 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 10348 # and time zone are either specified elsewhere or are not significant. The date 10349 # is relative to the Proleptic Gregorian Calendar. This can represent: 10350 # 10351 # * A full date, with non-zero year, month and day values 10352 # * A month and day value, with a zero year, e.g. an anniversary 10353 # * A year on its own, with zero month and day values 10354 # * A year and month value, with a zero day, e.g. a credit card expiration date 10355 # 10356 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 10357 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 10358 # a year. 10359 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 10360 # if specifying a year by itself or a year and month where the day is not 10361 # significant. 10362 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 10363 # month and day. 10364 }, 10365 "stringValue": "A String", 10366 "booleanValue": True or False, 10367 "integerValue": "A String", 10368 }, 10369 }, 10370 ], 10371 }, 10372 "logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently 10373 # only supported value is `AND`. 10374 }, 10375 }, 10376 "fields": [ # Input field(s) to apply the transformation to. [required] 10377 { # General identifier of a data field in a storage service. 10378 "name": "A String", # Name describing the field. 10379 }, 10380 ], 10381 }, 10382 ], 10383 }, 10384 }, 10385 "createTime": "A String", # The creation timestamp of a inspectTemplate, output only field. 10386 "name": "A String", # The template name. Output only. 10387 # 10388 # The template will have one of the following formats: 10389 # `projects/PROJECT_ID/deidentifyTemplates/TEMPLATE_ID` OR 10390 # `organizations/ORGANIZATION_ID/deidentifyTemplates/TEMPLATE_ID` 10391 }, 10392 "updateMask": "A String", # Mask to control which fields get updated. 10393 } 10394 10395 x__xgafv: string, V1 error format. 10396 Allowed values 10397 1 - v1 error format 10398 2 - v2 error format 10399 10400Returns: 10401 An object of the form: 10402 10403 { # The DeidentifyTemplates contains instructions on how to deidentify content. 10404 # See https://cloud.google.com/dlp/docs/concepts-templates to learn more. 10405 "updateTime": "A String", # The last update timestamp of a inspectTemplate, output only field. 10406 "displayName": "A String", # Display name (max 256 chars). 10407 "description": "A String", # Short description (max 256 chars). 10408 "deidentifyConfig": { # The configuration that controls how the data will change. # ///////////// // The core content of the template // /////////////// 10409 "infoTypeTransformations": { # A type of transformation that will scan unstructured text and # Treat the dataset as free-form text and apply the same free text 10410 # transformation everywhere. 10411 # apply various `PrimitiveTransformation`s to each finding, where the 10412 # transformation is applied to only values that were identified as a specific 10413 # info_type. 10414 "transformations": [ # Transformation for each infoType. Cannot specify more than one 10415 # for a given infoType. [required] 10416 { # A transformation to apply to text that is identified as a specific 10417 # info_type. 10418 "primitiveTransformation": { # A rule for transforming a value. # Primitive transformation to apply to the infoType. [required] 10419 "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a 10420 # fixed character. Masking can start from the beginning or end of the string. 10421 # This can be used on data of any type (numbers, longs, and so on) and when 10422 # de-identifying structured data we'll attempt to preserve the original data's 10423 # type. (This allows you to take a long like 123 and modify it to a string like 10424 # **3. 10425 "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing. 10426 # For example, if your string is 555-555-5555 and you ask us to skip `-` and 10427 # mask 5 chars with * we would produce ***-*55-5555. 10428 { # Characters to skip when doing deidentification of a value. These will be left 10429 # alone and skipped. 10430 "commonCharactersToIgnore": "A String", 10431 "charactersToSkip": "A String", 10432 }, 10433 ], 10434 "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be 10435 # masked. Skipped characters do not count towards this tally. 10436 "maskingCharacter": "A String", # Character to mask the sensitive values—for example, "*" for an 10437 # alphabetic string such as name, or "0" for a numeric string such as ZIP 10438 # code or credit card number. String must have length 1. If not supplied, we 10439 # will default to "*" for strings, 0 for digits. 10440 "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is 10441 # '0', number_to_mask is 14, and `reverse_order` is false, then 10442 # 1234-5678-9012-3456 -> 00000000000000-3456 10443 # If `masking_character` is '*', `number_to_mask` is 3, and `reverse_order` 10444 # is true, then 12345 -> 12*** 10445 }, 10446 "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` 10447 # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the 10448 # output would be 'My phone number is '. 10449 }, 10450 "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given 10451 # input. Outputs a base64 encoded representation of the encrypted output. 10452 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. 10453 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function. 10454 # a key encryption key (KEK) stored by KMS). 10455 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 10456 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 10457 # unwrap the data crypto key. 10458 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 10459 # The wrapped key must be a 128/192/256 bit key. 10460 # Authorization requires the following IAM permissions when sending a request 10461 # to perform a crypto transformation using a kms-wrapped crypto key: 10462 # dlp.kms.encrypt 10463 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 10464 "wrappedKey": "A String", # The wrapped data crypto key. [required] 10465 }, 10466 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 10467 # leaking the key. Choose another type of key if possible. 10468 "key": "A String", # A 128/192/256 bit key. [required] 10469 }, 10470 "transient": { # Use this to have a random data crypto key generated. 10471 # It will be discarded after the request finishes. 10472 "name": "A String", # Name of the key. [required] 10473 # This is an arbitrary string used to differentiate different keys. 10474 # A unique key is generated per name: two separate `TransientCryptoKey` 10475 # protos share the same generated key if their names are the same. 10476 # When the data crypto key is generated, this name is not used in any way 10477 # (repeating the api call will result in a different key being generated). 10478 }, 10479 }, 10480 "context": { # General identifier of a data field in a storage service. # Optional. A context may be used for higher security and maintaining 10481 # referential integrity such that the same identifier in two different 10482 # contexts will be given a distinct surrogate. The context is appended to 10483 # plaintext value being encrypted. On decryption the provided context is 10484 # validated against the value used during encryption. If a context was 10485 # provided during encryption, same context must be provided during decryption 10486 # as well. 10487 # 10488 # If the context is not set, plaintext would be used as is for encryption. 10489 # If the context is set but: 10490 # 10491 # 1. there is no record present when transforming a given value or 10492 # 2. the field is not present when transforming a given value, 10493 # 10494 # plaintext would be used as is for encryption. 10495 # 10496 # Note that case (1) is expected when an `InfoTypeTransformation` is 10497 # applied to both structured and non-structured `ContentItem`s. 10498 "name": "A String", # Name describing the field. 10499 }, 10500 "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. 10501 # This annotation will be applied to the surrogate by prefixing it with 10502 # the name of the custom info type followed by the number of 10503 # characters comprising the surrogate. The following scheme defines the 10504 # format: <info type name>(<surrogate character count>):<surrogate> 10505 # 10506 # For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and 10507 # the surrogate is 'abc', the full replacement value 10508 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 10509 # 10510 # This annotation identifies the surrogate when inspecting content using the 10511 # custom info type 'Surrogate'. This facilitates reversal of the 10512 # surrogate when it occurs in free text. 10513 # 10514 # In order for inspection to work properly, the name of this info type must 10515 # not occur naturally anywhere in your data; otherwise, inspection may either 10516 # 10517 # - reverse a surrogate that does not correspond to an actual identifier 10518 # - be unable to parse the surrogate and result in an error 10519 # 10520 # Therefore, choose your custom info type name carefully after considering 10521 # what your data looks like. One way to select a name that has a high chance 10522 # of yielding reliable detection is to include one or more unicode characters 10523 # that are highly improbable to exist in your data. 10524 # For example, assuming your data is entered from a regular ASCII keyboard, 10525 # the symbol with the hex code point 29DD might be used like so: 10526 # ⧝MY_TOKEN_TYPE 10527 "name": "A String", # Name of the information type. Either a name of your choosing when 10528 # creating a CustomInfoType, or one of the names listed 10529 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 10530 # a built-in type. InfoType names should conform to the pattern 10531 # [a-zA-Z0-9_]{1,64}. 10532 }, 10533 }, 10534 "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The 10535 # Bucketing transformation can provide all of this functionality, 10536 # but requires more configuration. This message is provided as a convenience to 10537 # the user for simple bucketing strategies. 10538 # 10539 # The transformed value will be a hyphenated string of 10540 # <lower_bound>-<upper_bound>, i.e if lower_bound = 10 and upper_bound = 20 10541 # all values that are within this bucket will be replaced with "10-20". 10542 # 10543 # This can be used on data of type: double, long. 10544 # 10545 # If the bound Value type differs from the type of data 10546 # being transformed, we will first attempt converting the type of the data to 10547 # be transformed to match the type of the bound before comparing. 10548 # 10549 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 10550 "lowerBound": { # Set of primitive values supported by the system. # Lower bound value of buckets. All values less than `lower_bound` are 10551 # grouped together into a single bucket; for example if `lower_bound` = 10, 10552 # then all values less than 10 are replaced with the value “-10”. [Required]. 10553 # Note that for the purposes of inspection or transformation, the number 10554 # of bytes considered to comprise a 'Value' is based on its representation 10555 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 10556 # 123456789, the number of bytes would be counted as 9, even though an 10557 # int64 only holds up to 8 bytes of data. 10558 "floatValue": 3.14, 10559 "timestampValue": "A String", 10560 "dayOfWeekValue": "A String", 10561 "timeValue": { # Represents a time of day. The date and time zone are either not significant 10562 # or are specified elsewhere. An API may choose to allow leap seconds. Related 10563 # types are google.type.Date and `google.protobuf.Timestamp`. 10564 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 10565 # to allow the value "24:00:00" for scenarios like business closing time. 10566 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 10567 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 10568 # allow the value 60 if it allows leap-seconds. 10569 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 10570 }, 10571 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 10572 # and time zone are either specified elsewhere or are not significant. The date 10573 # is relative to the Proleptic Gregorian Calendar. This can represent: 10574 # 10575 # * A full date, with non-zero year, month and day values 10576 # * A month and day value, with a zero year, e.g. an anniversary 10577 # * A year on its own, with zero month and day values 10578 # * A year and month value, with a zero day, e.g. a credit card expiration date 10579 # 10580 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 10581 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 10582 # a year. 10583 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 10584 # if specifying a year by itself or a year and month where the day is not 10585 # significant. 10586 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 10587 # month and day. 10588 }, 10589 "stringValue": "A String", 10590 "booleanValue": True or False, 10591 "integerValue": "A String", 10592 }, 10593 "upperBound": { # Set of primitive values supported by the system. # Upper bound value of buckets. All values greater than upper_bound are 10594 # grouped together into a single bucket; for example if `upper_bound` = 89, 10595 # then all values greater than 89 are replaced with the value “89+”. 10596 # [Required]. 10597 # Note that for the purposes of inspection or transformation, the number 10598 # of bytes considered to comprise a 'Value' is based on its representation 10599 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 10600 # 123456789, the number of bytes would be counted as 9, even though an 10601 # int64 only holds up to 8 bytes of data. 10602 "floatValue": 3.14, 10603 "timestampValue": "A String", 10604 "dayOfWeekValue": "A String", 10605 "timeValue": { # Represents a time of day. The date and time zone are either not significant 10606 # or are specified elsewhere. An API may choose to allow leap seconds. Related 10607 # types are google.type.Date and `google.protobuf.Timestamp`. 10608 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 10609 # to allow the value "24:00:00" for scenarios like business closing time. 10610 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 10611 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 10612 # allow the value 60 if it allows leap-seconds. 10613 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 10614 }, 10615 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 10616 # and time zone are either specified elsewhere or are not significant. The date 10617 # is relative to the Proleptic Gregorian Calendar. This can represent: 10618 # 10619 # * A full date, with non-zero year, month and day values 10620 # * A month and day value, with a zero year, e.g. an anniversary 10621 # * A year on its own, with zero month and day values 10622 # * A year and month value, with a zero day, e.g. a credit card expiration date 10623 # 10624 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 10625 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 10626 # a year. 10627 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 10628 # if specifying a year by itself or a year and month where the day is not 10629 # significant. 10630 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 10631 # month and day. 10632 }, 10633 "stringValue": "A String", 10634 "booleanValue": True or False, 10635 "integerValue": "A String", 10636 }, 10637 "bucketSize": 3.14, # Size of each bucket (except for minimum and maximum buckets). So if 10638 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the 10639 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 10640 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. [Required]. 10641 }, 10642 "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. 10643 }, 10644 "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a 10645 # portion of the value. 10646 "partToExtract": "A String", 10647 }, 10648 "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. 10649 # Uses SHA-256. 10650 # The key size must be either 32 or 64 bytes. 10651 # Outputs a base64 encoded representation of the hashed output 10652 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). 10653 # Currently, only string and integer values can be hashed. 10654 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more. 10655 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function. 10656 # a key encryption key (KEK) stored by KMS). 10657 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 10658 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 10659 # unwrap the data crypto key. 10660 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 10661 # The wrapped key must be a 128/192/256 bit key. 10662 # Authorization requires the following IAM permissions when sending a request 10663 # to perform a crypto transformation using a kms-wrapped crypto key: 10664 # dlp.kms.encrypt 10665 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 10666 "wrappedKey": "A String", # The wrapped data crypto key. [required] 10667 }, 10668 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 10669 # leaking the key. Choose another type of key if possible. 10670 "key": "A String", # A 128/192/256 bit key. [required] 10671 }, 10672 "transient": { # Use this to have a random data crypto key generated. 10673 # It will be discarded after the request finishes. 10674 "name": "A String", # Name of the key. [required] 10675 # This is an arbitrary string used to differentiate different keys. 10676 # A unique key is generated per name: two separate `TransientCryptoKey` 10677 # protos share the same generated key if their names are the same. 10678 # When the data crypto key is generated, this name is not used in any way 10679 # (repeating the api call will result in a different key being generated). 10680 }, 10681 }, 10682 }, 10683 "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the 10684 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting 10685 # to learn more. 10686 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This 10687 # results in the same shift for the same context and crypto_key. 10688 # a key encryption key (KEK) stored by KMS). 10689 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 10690 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 10691 # unwrap the data crypto key. 10692 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 10693 # The wrapped key must be a 128/192/256 bit key. 10694 # Authorization requires the following IAM permissions when sending a request 10695 # to perform a crypto transformation using a kms-wrapped crypto key: 10696 # dlp.kms.encrypt 10697 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 10698 "wrappedKey": "A String", # The wrapped data crypto key. [required] 10699 }, 10700 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 10701 # leaking the key. Choose another type of key if possible. 10702 "key": "A String", # A 128/192/256 bit key. [required] 10703 }, 10704 "transient": { # Use this to have a random data crypto key generated. 10705 # It will be discarded after the request finishes. 10706 "name": "A String", # Name of the key. [required] 10707 # This is an arbitrary string used to differentiate different keys. 10708 # A unique key is generated per name: two separate `TransientCryptoKey` 10709 # protos share the same generated key if their names are the same. 10710 # When the data crypto key is generated, this name is not used in any way 10711 # (repeating the api call will result in a different key being generated). 10712 }, 10713 }, 10714 "lowerBoundDays": 42, # For example, -5 means shift date to at most 5 days back in the past. 10715 # [Required] 10716 "upperBoundDays": 42, # Range of shift in days. Actual shift will be selected at random within this 10717 # range (inclusive ends). Negative means shift to earlier in time. Must not 10718 # be more than 365250 days (1000 years) each direction. 10719 # 10720 # For example, 3 means shift date to at most 3 days into the future. 10721 # [Required] 10722 "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. 10723 # If set, must also set method. If set, shift will be consistent for the 10724 # given context. 10725 "name": "A String", # Name describing the field. 10726 }, 10727 }, 10728 "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and 10729 # replacement values are dynamically provided by the user for custom behavior, 10730 # such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH 10731 # This can be used on 10732 # data of type: number, long, string, timestamp. 10733 # If the bound `Value` type differs from the type of data being transformed, we 10734 # will first attempt converting the type of the data to be transformed to match 10735 # the type of the bound before comparing. 10736 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 10737 "buckets": [ # Set of buckets. Ranges must be non-overlapping. 10738 { # Bucket is represented as a range, along with replacement values. 10739 "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min. 10740 # Note that for the purposes of inspection or transformation, the number 10741 # of bytes considered to comprise a 'Value' is based on its representation 10742 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 10743 # 123456789, the number of bytes would be counted as 9, even though an 10744 # int64 only holds up to 8 bytes of data. 10745 "floatValue": 3.14, 10746 "timestampValue": "A String", 10747 "dayOfWeekValue": "A String", 10748 "timeValue": { # Represents a time of day. The date and time zone are either not significant 10749 # or are specified elsewhere. An API may choose to allow leap seconds. Related 10750 # types are google.type.Date and `google.protobuf.Timestamp`. 10751 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 10752 # to allow the value "24:00:00" for scenarios like business closing time. 10753 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 10754 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 10755 # allow the value 60 if it allows leap-seconds. 10756 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 10757 }, 10758 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 10759 # and time zone are either specified elsewhere or are not significant. The date 10760 # is relative to the Proleptic Gregorian Calendar. This can represent: 10761 # 10762 # * A full date, with non-zero year, month and day values 10763 # * A month and day value, with a zero year, e.g. an anniversary 10764 # * A year on its own, with zero month and day values 10765 # * A year and month value, with a zero day, e.g. a credit card expiration date 10766 # 10767 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 10768 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 10769 # a year. 10770 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 10771 # if specifying a year by itself or a year and month where the day is not 10772 # significant. 10773 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 10774 # month and day. 10775 }, 10776 "stringValue": "A String", 10777 "booleanValue": True or False, 10778 "integerValue": "A String", 10779 }, 10780 "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided 10781 # the default behavior will be to hyphenate the min-max range. 10782 # Note that for the purposes of inspection or transformation, the number 10783 # of bytes considered to comprise a 'Value' is based on its representation 10784 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 10785 # 123456789, the number of bytes would be counted as 9, even though an 10786 # int64 only holds up to 8 bytes of data. 10787 "floatValue": 3.14, 10788 "timestampValue": "A String", 10789 "dayOfWeekValue": "A String", 10790 "timeValue": { # Represents a time of day. The date and time zone are either not significant 10791 # or are specified elsewhere. An API may choose to allow leap seconds. Related 10792 # types are google.type.Date and `google.protobuf.Timestamp`. 10793 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 10794 # to allow the value "24:00:00" for scenarios like business closing time. 10795 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 10796 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 10797 # allow the value 60 if it allows leap-seconds. 10798 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 10799 }, 10800 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 10801 # and time zone are either specified elsewhere or are not significant. The date 10802 # is relative to the Proleptic Gregorian Calendar. This can represent: 10803 # 10804 # * A full date, with non-zero year, month and day values 10805 # * A month and day value, with a zero year, e.g. an anniversary 10806 # * A year on its own, with zero month and day values 10807 # * A year and month value, with a zero day, e.g. a credit card expiration date 10808 # 10809 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 10810 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 10811 # a year. 10812 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 10813 # if specifying a year by itself or a year and month where the day is not 10814 # significant. 10815 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 10816 # month and day. 10817 }, 10818 "stringValue": "A String", 10819 "booleanValue": True or False, 10820 "integerValue": "A String", 10821 }, 10822 "min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if 10823 # used. 10824 # Note that for the purposes of inspection or transformation, the number 10825 # of bytes considered to comprise a 'Value' is based on its representation 10826 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 10827 # 123456789, the number of bytes would be counted as 9, even though an 10828 # int64 only holds up to 8 bytes of data. 10829 "floatValue": 3.14, 10830 "timestampValue": "A String", 10831 "dayOfWeekValue": "A String", 10832 "timeValue": { # Represents a time of day. The date and time zone are either not significant 10833 # or are specified elsewhere. An API may choose to allow leap seconds. Related 10834 # types are google.type.Date and `google.protobuf.Timestamp`. 10835 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 10836 # to allow the value "24:00:00" for scenarios like business closing time. 10837 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 10838 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 10839 # allow the value 60 if it allows leap-seconds. 10840 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 10841 }, 10842 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 10843 # and time zone are either specified elsewhere or are not significant. The date 10844 # is relative to the Proleptic Gregorian Calendar. This can represent: 10845 # 10846 # * A full date, with non-zero year, month and day values 10847 # * A month and day value, with a zero year, e.g. an anniversary 10848 # * A year on its own, with zero month and day values 10849 # * A year and month value, with a zero day, e.g. a credit card expiration date 10850 # 10851 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 10852 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 10853 # a year. 10854 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 10855 # if specifying a year by itself or a year and month where the day is not 10856 # significant. 10857 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 10858 # month and day. 10859 }, 10860 "stringValue": "A String", 10861 "booleanValue": True or False, 10862 "integerValue": "A String", 10863 }, 10864 }, 10865 ], 10866 }, 10867 "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption 10868 # (FPE) with the FFX mode of operation; however when used in the 10869 # `ReidentifyContent` API method, it serves the opposite function by reversing 10870 # the surrogate back into the original identifier. The identifier must be 10871 # encoded as ASCII. For a given crypto key and context, the same identifier 10872 # will be replaced with the same surrogate. Identifiers must be at least two 10873 # characters long. In the case that the identifier is the empty string, it will 10874 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn 10875 # more. 10876 # 10877 # Note: We recommend using CryptoDeterministicConfig for all use cases which 10878 # do not require preserving the input alphabet space and size, plus warrant 10879 # referential integrity. 10880 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption algorithm. [required] 10881 # a key encryption key (KEK) stored by KMS). 10882 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 10883 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 10884 # unwrap the data crypto key. 10885 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 10886 # The wrapped key must be a 128/192/256 bit key. 10887 # Authorization requires the following IAM permissions when sending a request 10888 # to perform a crypto transformation using a kms-wrapped crypto key: 10889 # dlp.kms.encrypt 10890 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 10891 "wrappedKey": "A String", # The wrapped data crypto key. [required] 10892 }, 10893 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 10894 # leaking the key. Choose another type of key if possible. 10895 "key": "A String", # A 128/192/256 bit key. [required] 10896 }, 10897 "transient": { # Use this to have a random data crypto key generated. 10898 # It will be discarded after the request finishes. 10899 "name": "A String", # Name of the key. [required] 10900 # This is an arbitrary string used to differentiate different keys. 10901 # A unique key is generated per name: two separate `TransientCryptoKey` 10902 # protos share the same generated key if their names are the same. 10903 # When the data crypto key is generated, this name is not used in any way 10904 # (repeating the api call will result in a different key being generated). 10905 }, 10906 }, 10907 "radix": 42, # The native way to select the alphabet. Must be in the range [2, 62]. 10908 "commonAlphabet": "A String", 10909 "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters 10910 # that the FFX mode natively supports. This happens before/after 10911 # encryption/decryption. 10912 # Each character listed must appear only once. 10913 # Number of characters must be in the range [2, 62]. 10914 # This must be encoded as ASCII. 10915 # The order of characters does not matter. 10916 "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same 10917 # identifier in two different contexts won't be given the same surrogate. If 10918 # the context is not set, a default tweak will be used. 10919 # 10920 # If the context is set but: 10921 # 10922 # 1. there is no record present when transforming a given value or 10923 # 1. the field is not present when transforming a given value, 10924 # 10925 # a default tweak will be used. 10926 # 10927 # Note that case (1) is expected when an `InfoTypeTransformation` is 10928 # applied to both structured and non-structured `ContentItem`s. 10929 # Currently, the referenced field may be of value type integer or string. 10930 # 10931 # The tweak is constructed as a sequence of bytes in big endian byte order 10932 # such that: 10933 # 10934 # - a 64 bit integer is encoded followed by a single byte of value 1 10935 # - a string is encoded in UTF-8 format followed by a single byte of value 2 10936 "name": "A String", # Name describing the field. 10937 }, 10938 "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. 10939 # This annotation will be applied to the surrogate by prefixing it with 10940 # the name of the custom infoType followed by the number of 10941 # characters comprising the surrogate. The following scheme defines the 10942 # format: info_type_name(surrogate_character_count):surrogate 10943 # 10944 # For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and 10945 # the surrogate is 'abc', the full replacement value 10946 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 10947 # 10948 # This annotation identifies the surrogate when inspecting content using the 10949 # custom infoType 10950 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). 10951 # This facilitates reversal of the surrogate when it occurs in free text. 10952 # 10953 # In order for inspection to work properly, the name of this infoType must 10954 # not occur naturally anywhere in your data; otherwise, inspection may 10955 # find a surrogate that does not correspond to an actual identifier. 10956 # Therefore, choose your custom infoType name carefully after considering 10957 # what your data looks like. One way to select a name that has a high chance 10958 # of yielding reliable detection is to include one or more unicode characters 10959 # that are highly improbable to exist in your data. 10960 # For example, assuming your data is entered from a regular ASCII keyboard, 10961 # the symbol with the hex code point 29DD might be used like so: 10962 # ⧝MY_TOKEN_TYPE 10963 "name": "A String", # Name of the information type. Either a name of your choosing when 10964 # creating a CustomInfoType, or one of the names listed 10965 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 10966 # a built-in type. InfoType names should conform to the pattern 10967 # [a-zA-Z0-9_]{1,64}. 10968 }, 10969 }, 10970 "replaceConfig": { # Replace each input value with a given `Value`. 10971 "newValue": { # Set of primitive values supported by the system. # Value to replace it with. 10972 # Note that for the purposes of inspection or transformation, the number 10973 # of bytes considered to comprise a 'Value' is based on its representation 10974 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 10975 # 123456789, the number of bytes would be counted as 9, even though an 10976 # int64 only holds up to 8 bytes of data. 10977 "floatValue": 3.14, 10978 "timestampValue": "A String", 10979 "dayOfWeekValue": "A String", 10980 "timeValue": { # Represents a time of day. The date and time zone are either not significant 10981 # or are specified elsewhere. An API may choose to allow leap seconds. Related 10982 # types are google.type.Date and `google.protobuf.Timestamp`. 10983 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 10984 # to allow the value "24:00:00" for scenarios like business closing time. 10985 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 10986 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 10987 # allow the value 60 if it allows leap-seconds. 10988 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 10989 }, 10990 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 10991 # and time zone are either specified elsewhere or are not significant. The date 10992 # is relative to the Proleptic Gregorian Calendar. This can represent: 10993 # 10994 # * A full date, with non-zero year, month and day values 10995 # * A month and day value, with a zero year, e.g. an anniversary 10996 # * A year on its own, with zero month and day values 10997 # * A year and month value, with a zero day, e.g. a credit card expiration date 10998 # 10999 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 11000 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 11001 # a year. 11002 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 11003 # if specifying a year by itself or a year and month where the day is not 11004 # significant. 11005 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 11006 # month and day. 11007 }, 11008 "stringValue": "A String", 11009 "booleanValue": True or False, 11010 "integerValue": "A String", 11011 }, 11012 }, 11013 }, 11014 "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause 11015 # this transformation to apply to all findings that correspond to 11016 # infoTypes that were requested in `InspectConfig`. 11017 { # Type of information detected by the API. 11018 "name": "A String", # Name of the information type. Either a name of your choosing when 11019 # creating a CustomInfoType, or one of the names listed 11020 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 11021 # a built-in type. InfoType names should conform to the pattern 11022 # [a-zA-Z0-9_]{1,64}. 11023 }, 11024 ], 11025 }, 11026 ], 11027 }, 11028 "recordTransformations": { # A type of transformation that is applied over structured data such as a # Treat the dataset as structured. Transformations can be applied to 11029 # specific locations within structured datasets, such as transforming 11030 # a column within a table. 11031 # table. 11032 "recordSuppressions": [ # Configuration defining which records get suppressed entirely. Records that 11033 # match any suppression rule are omitted from the output [optional]. 11034 { # Configuration to suppress records whose suppression conditions evaluate to 11035 # true. 11036 "condition": { # A condition for determining whether a transformation should be applied to # A condition that when it evaluates to true will result in the record being 11037 # evaluated to be suppressed from the transformed content. 11038 # a field. 11039 "expressions": { # An expression, consisting or an operator and conditions. # An expression. 11040 "conditions": { # A collection of conditions. 11041 "conditions": [ 11042 { # The field type of `value` and `field` do not need to match to be 11043 # considered equal, but not all comparisons are possible. 11044 # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, 11045 # but all other comparisons are invalid with incompatible types. 11046 # A `value` of type: 11047 # 11048 # - `string` can be compared against all other types 11049 # - `boolean` can only be compared against other booleans 11050 # - `integer` can be compared against doubles or a string if the string value 11051 # can be parsed as an integer. 11052 # - `double` can be compared against integers or a string if the string can 11053 # be parsed as a double. 11054 # - `Timestamp` can be compared against strings in RFC 3339 date string 11055 # format. 11056 # - `TimeOfDay` can be compared against timestamps and strings in the format 11057 # of 'HH:mm:ss'. 11058 # 11059 # If we fail to compare do to type mismatch, a warning will be given and 11060 # the condition will evaluate to false. 11061 "operator": "A String", # Operator used to compare the field or infoType to the value. [required] 11062 "field": { # General identifier of a data field in a storage service. # Field within the record this condition is evaluated against. [required] 11063 "name": "A String", # Name describing the field. 11064 }, 11065 "value": { # Set of primitive values supported by the system. # Value to compare against. [Required, except for `EXISTS` tests.] 11066 # Note that for the purposes of inspection or transformation, the number 11067 # of bytes considered to comprise a 'Value' is based on its representation 11068 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 11069 # 123456789, the number of bytes would be counted as 9, even though an 11070 # int64 only holds up to 8 bytes of data. 11071 "floatValue": 3.14, 11072 "timestampValue": "A String", 11073 "dayOfWeekValue": "A String", 11074 "timeValue": { # Represents a time of day. The date and time zone are either not significant 11075 # or are specified elsewhere. An API may choose to allow leap seconds. Related 11076 # types are google.type.Date and `google.protobuf.Timestamp`. 11077 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 11078 # to allow the value "24:00:00" for scenarios like business closing time. 11079 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 11080 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 11081 # allow the value 60 if it allows leap-seconds. 11082 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 11083 }, 11084 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 11085 # and time zone are either specified elsewhere or are not significant. The date 11086 # is relative to the Proleptic Gregorian Calendar. This can represent: 11087 # 11088 # * A full date, with non-zero year, month and day values 11089 # * A month and day value, with a zero year, e.g. an anniversary 11090 # * A year on its own, with zero month and day values 11091 # * A year and month value, with a zero day, e.g. a credit card expiration date 11092 # 11093 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 11094 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 11095 # a year. 11096 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 11097 # if specifying a year by itself or a year and month where the day is not 11098 # significant. 11099 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 11100 # month and day. 11101 }, 11102 "stringValue": "A String", 11103 "booleanValue": True or False, 11104 "integerValue": "A String", 11105 }, 11106 }, 11107 ], 11108 }, 11109 "logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently 11110 # only supported value is `AND`. 11111 }, 11112 }, 11113 }, 11114 ], 11115 "fieldTransformations": [ # Transform the record by applying various field transformations. 11116 { # The transformation to apply to the field. 11117 "infoTypeTransformations": { # A type of transformation that will scan unstructured text and # Treat the contents of the field as free text, and selectively 11118 # transform content that matches an `InfoType`. 11119 # apply various `PrimitiveTransformation`s to each finding, where the 11120 # transformation is applied to only values that were identified as a specific 11121 # info_type. 11122 "transformations": [ # Transformation for each infoType. Cannot specify more than one 11123 # for a given infoType. [required] 11124 { # A transformation to apply to text that is identified as a specific 11125 # info_type. 11126 "primitiveTransformation": { # A rule for transforming a value. # Primitive transformation to apply to the infoType. [required] 11127 "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a 11128 # fixed character. Masking can start from the beginning or end of the string. 11129 # This can be used on data of any type (numbers, longs, and so on) and when 11130 # de-identifying structured data we'll attempt to preserve the original data's 11131 # type. (This allows you to take a long like 123 and modify it to a string like 11132 # **3. 11133 "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing. 11134 # For example, if your string is 555-555-5555 and you ask us to skip `-` and 11135 # mask 5 chars with * we would produce ***-*55-5555. 11136 { # Characters to skip when doing deidentification of a value. These will be left 11137 # alone and skipped. 11138 "commonCharactersToIgnore": "A String", 11139 "charactersToSkip": "A String", 11140 }, 11141 ], 11142 "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be 11143 # masked. Skipped characters do not count towards this tally. 11144 "maskingCharacter": "A String", # Character to mask the sensitive values—for example, "*" for an 11145 # alphabetic string such as name, or "0" for a numeric string such as ZIP 11146 # code or credit card number. String must have length 1. If not supplied, we 11147 # will default to "*" for strings, 0 for digits. 11148 "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is 11149 # '0', number_to_mask is 14, and `reverse_order` is false, then 11150 # 1234-5678-9012-3456 -> 00000000000000-3456 11151 # If `masking_character` is '*', `number_to_mask` is 3, and `reverse_order` 11152 # is true, then 12345 -> 12*** 11153 }, 11154 "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` 11155 # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the 11156 # output would be 'My phone number is '. 11157 }, 11158 "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given 11159 # input. Outputs a base64 encoded representation of the encrypted output. 11160 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. 11161 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function. 11162 # a key encryption key (KEK) stored by KMS). 11163 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 11164 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 11165 # unwrap the data crypto key. 11166 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 11167 # The wrapped key must be a 128/192/256 bit key. 11168 # Authorization requires the following IAM permissions when sending a request 11169 # to perform a crypto transformation using a kms-wrapped crypto key: 11170 # dlp.kms.encrypt 11171 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 11172 "wrappedKey": "A String", # The wrapped data crypto key. [required] 11173 }, 11174 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 11175 # leaking the key. Choose another type of key if possible. 11176 "key": "A String", # A 128/192/256 bit key. [required] 11177 }, 11178 "transient": { # Use this to have a random data crypto key generated. 11179 # It will be discarded after the request finishes. 11180 "name": "A String", # Name of the key. [required] 11181 # This is an arbitrary string used to differentiate different keys. 11182 # A unique key is generated per name: two separate `TransientCryptoKey` 11183 # protos share the same generated key if their names are the same. 11184 # When the data crypto key is generated, this name is not used in any way 11185 # (repeating the api call will result in a different key being generated). 11186 }, 11187 }, 11188 "context": { # General identifier of a data field in a storage service. # Optional. A context may be used for higher security and maintaining 11189 # referential integrity such that the same identifier in two different 11190 # contexts will be given a distinct surrogate. The context is appended to 11191 # plaintext value being encrypted. On decryption the provided context is 11192 # validated against the value used during encryption. If a context was 11193 # provided during encryption, same context must be provided during decryption 11194 # as well. 11195 # 11196 # If the context is not set, plaintext would be used as is for encryption. 11197 # If the context is set but: 11198 # 11199 # 1. there is no record present when transforming a given value or 11200 # 2. the field is not present when transforming a given value, 11201 # 11202 # plaintext would be used as is for encryption. 11203 # 11204 # Note that case (1) is expected when an `InfoTypeTransformation` is 11205 # applied to both structured and non-structured `ContentItem`s. 11206 "name": "A String", # Name describing the field. 11207 }, 11208 "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. 11209 # This annotation will be applied to the surrogate by prefixing it with 11210 # the name of the custom info type followed by the number of 11211 # characters comprising the surrogate. The following scheme defines the 11212 # format: <info type name>(<surrogate character count>):<surrogate> 11213 # 11214 # For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and 11215 # the surrogate is 'abc', the full replacement value 11216 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 11217 # 11218 # This annotation identifies the surrogate when inspecting content using the 11219 # custom info type 'Surrogate'. This facilitates reversal of the 11220 # surrogate when it occurs in free text. 11221 # 11222 # In order for inspection to work properly, the name of this info type must 11223 # not occur naturally anywhere in your data; otherwise, inspection may either 11224 # 11225 # - reverse a surrogate that does not correspond to an actual identifier 11226 # - be unable to parse the surrogate and result in an error 11227 # 11228 # Therefore, choose your custom info type name carefully after considering 11229 # what your data looks like. One way to select a name that has a high chance 11230 # of yielding reliable detection is to include one or more unicode characters 11231 # that are highly improbable to exist in your data. 11232 # For example, assuming your data is entered from a regular ASCII keyboard, 11233 # the symbol with the hex code point 29DD might be used like so: 11234 # ⧝MY_TOKEN_TYPE 11235 "name": "A String", # Name of the information type. Either a name of your choosing when 11236 # creating a CustomInfoType, or one of the names listed 11237 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 11238 # a built-in type. InfoType names should conform to the pattern 11239 # [a-zA-Z0-9_]{1,64}. 11240 }, 11241 }, 11242 "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The 11243 # Bucketing transformation can provide all of this functionality, 11244 # but requires more configuration. This message is provided as a convenience to 11245 # the user for simple bucketing strategies. 11246 # 11247 # The transformed value will be a hyphenated string of 11248 # <lower_bound>-<upper_bound>, i.e if lower_bound = 10 and upper_bound = 20 11249 # all values that are within this bucket will be replaced with "10-20". 11250 # 11251 # This can be used on data of type: double, long. 11252 # 11253 # If the bound Value type differs from the type of data 11254 # being transformed, we will first attempt converting the type of the data to 11255 # be transformed to match the type of the bound before comparing. 11256 # 11257 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 11258 "lowerBound": { # Set of primitive values supported by the system. # Lower bound value of buckets. All values less than `lower_bound` are 11259 # grouped together into a single bucket; for example if `lower_bound` = 10, 11260 # then all values less than 10 are replaced with the value “-10”. [Required]. 11261 # Note that for the purposes of inspection or transformation, the number 11262 # of bytes considered to comprise a 'Value' is based on its representation 11263 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 11264 # 123456789, the number of bytes would be counted as 9, even though an 11265 # int64 only holds up to 8 bytes of data. 11266 "floatValue": 3.14, 11267 "timestampValue": "A String", 11268 "dayOfWeekValue": "A String", 11269 "timeValue": { # Represents a time of day. The date and time zone are either not significant 11270 # or are specified elsewhere. An API may choose to allow leap seconds. Related 11271 # types are google.type.Date and `google.protobuf.Timestamp`. 11272 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 11273 # to allow the value "24:00:00" for scenarios like business closing time. 11274 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 11275 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 11276 # allow the value 60 if it allows leap-seconds. 11277 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 11278 }, 11279 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 11280 # and time zone are either specified elsewhere or are not significant. The date 11281 # is relative to the Proleptic Gregorian Calendar. This can represent: 11282 # 11283 # * A full date, with non-zero year, month and day values 11284 # * A month and day value, with a zero year, e.g. an anniversary 11285 # * A year on its own, with zero month and day values 11286 # * A year and month value, with a zero day, e.g. a credit card expiration date 11287 # 11288 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 11289 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 11290 # a year. 11291 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 11292 # if specifying a year by itself or a year and month where the day is not 11293 # significant. 11294 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 11295 # month and day. 11296 }, 11297 "stringValue": "A String", 11298 "booleanValue": True or False, 11299 "integerValue": "A String", 11300 }, 11301 "upperBound": { # Set of primitive values supported by the system. # Upper bound value of buckets. All values greater than upper_bound are 11302 # grouped together into a single bucket; for example if `upper_bound` = 89, 11303 # then all values greater than 89 are replaced with the value “89+”. 11304 # [Required]. 11305 # Note that for the purposes of inspection or transformation, the number 11306 # of bytes considered to comprise a 'Value' is based on its representation 11307 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 11308 # 123456789, the number of bytes would be counted as 9, even though an 11309 # int64 only holds up to 8 bytes of data. 11310 "floatValue": 3.14, 11311 "timestampValue": "A String", 11312 "dayOfWeekValue": "A String", 11313 "timeValue": { # Represents a time of day. The date and time zone are either not significant 11314 # or are specified elsewhere. An API may choose to allow leap seconds. Related 11315 # types are google.type.Date and `google.protobuf.Timestamp`. 11316 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 11317 # to allow the value "24:00:00" for scenarios like business closing time. 11318 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 11319 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 11320 # allow the value 60 if it allows leap-seconds. 11321 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 11322 }, 11323 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 11324 # and time zone are either specified elsewhere or are not significant. The date 11325 # is relative to the Proleptic Gregorian Calendar. This can represent: 11326 # 11327 # * A full date, with non-zero year, month and day values 11328 # * A month and day value, with a zero year, e.g. an anniversary 11329 # * A year on its own, with zero month and day values 11330 # * A year and month value, with a zero day, e.g. a credit card expiration date 11331 # 11332 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 11333 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 11334 # a year. 11335 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 11336 # if specifying a year by itself or a year and month where the day is not 11337 # significant. 11338 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 11339 # month and day. 11340 }, 11341 "stringValue": "A String", 11342 "booleanValue": True or False, 11343 "integerValue": "A String", 11344 }, 11345 "bucketSize": 3.14, # Size of each bucket (except for minimum and maximum buckets). So if 11346 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the 11347 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 11348 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. [Required]. 11349 }, 11350 "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. 11351 }, 11352 "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a 11353 # portion of the value. 11354 "partToExtract": "A String", 11355 }, 11356 "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. 11357 # Uses SHA-256. 11358 # The key size must be either 32 or 64 bytes. 11359 # Outputs a base64 encoded representation of the hashed output 11360 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). 11361 # Currently, only string and integer values can be hashed. 11362 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more. 11363 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function. 11364 # a key encryption key (KEK) stored by KMS). 11365 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 11366 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 11367 # unwrap the data crypto key. 11368 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 11369 # The wrapped key must be a 128/192/256 bit key. 11370 # Authorization requires the following IAM permissions when sending a request 11371 # to perform a crypto transformation using a kms-wrapped crypto key: 11372 # dlp.kms.encrypt 11373 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 11374 "wrappedKey": "A String", # The wrapped data crypto key. [required] 11375 }, 11376 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 11377 # leaking the key. Choose another type of key if possible. 11378 "key": "A String", # A 128/192/256 bit key. [required] 11379 }, 11380 "transient": { # Use this to have a random data crypto key generated. 11381 # It will be discarded after the request finishes. 11382 "name": "A String", # Name of the key. [required] 11383 # This is an arbitrary string used to differentiate different keys. 11384 # A unique key is generated per name: two separate `TransientCryptoKey` 11385 # protos share the same generated key if their names are the same. 11386 # When the data crypto key is generated, this name is not used in any way 11387 # (repeating the api call will result in a different key being generated). 11388 }, 11389 }, 11390 }, 11391 "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the 11392 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting 11393 # to learn more. 11394 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This 11395 # results in the same shift for the same context and crypto_key. 11396 # a key encryption key (KEK) stored by KMS). 11397 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 11398 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 11399 # unwrap the data crypto key. 11400 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 11401 # The wrapped key must be a 128/192/256 bit key. 11402 # Authorization requires the following IAM permissions when sending a request 11403 # to perform a crypto transformation using a kms-wrapped crypto key: 11404 # dlp.kms.encrypt 11405 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 11406 "wrappedKey": "A String", # The wrapped data crypto key. [required] 11407 }, 11408 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 11409 # leaking the key. Choose another type of key if possible. 11410 "key": "A String", # A 128/192/256 bit key. [required] 11411 }, 11412 "transient": { # Use this to have a random data crypto key generated. 11413 # It will be discarded after the request finishes. 11414 "name": "A String", # Name of the key. [required] 11415 # This is an arbitrary string used to differentiate different keys. 11416 # A unique key is generated per name: two separate `TransientCryptoKey` 11417 # protos share the same generated key if their names are the same. 11418 # When the data crypto key is generated, this name is not used in any way 11419 # (repeating the api call will result in a different key being generated). 11420 }, 11421 }, 11422 "lowerBoundDays": 42, # For example, -5 means shift date to at most 5 days back in the past. 11423 # [Required] 11424 "upperBoundDays": 42, # Range of shift in days. Actual shift will be selected at random within this 11425 # range (inclusive ends). Negative means shift to earlier in time. Must not 11426 # be more than 365250 days (1000 years) each direction. 11427 # 11428 # For example, 3 means shift date to at most 3 days into the future. 11429 # [Required] 11430 "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. 11431 # If set, must also set method. If set, shift will be consistent for the 11432 # given context. 11433 "name": "A String", # Name describing the field. 11434 }, 11435 }, 11436 "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and 11437 # replacement values are dynamically provided by the user for custom behavior, 11438 # such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH 11439 # This can be used on 11440 # data of type: number, long, string, timestamp. 11441 # If the bound `Value` type differs from the type of data being transformed, we 11442 # will first attempt converting the type of the data to be transformed to match 11443 # the type of the bound before comparing. 11444 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 11445 "buckets": [ # Set of buckets. Ranges must be non-overlapping. 11446 { # Bucket is represented as a range, along with replacement values. 11447 "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min. 11448 # Note that for the purposes of inspection or transformation, the number 11449 # of bytes considered to comprise a 'Value' is based on its representation 11450 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 11451 # 123456789, the number of bytes would be counted as 9, even though an 11452 # int64 only holds up to 8 bytes of data. 11453 "floatValue": 3.14, 11454 "timestampValue": "A String", 11455 "dayOfWeekValue": "A String", 11456 "timeValue": { # Represents a time of day. The date and time zone are either not significant 11457 # or are specified elsewhere. An API may choose to allow leap seconds. Related 11458 # types are google.type.Date and `google.protobuf.Timestamp`. 11459 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 11460 # to allow the value "24:00:00" for scenarios like business closing time. 11461 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 11462 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 11463 # allow the value 60 if it allows leap-seconds. 11464 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 11465 }, 11466 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 11467 # and time zone are either specified elsewhere or are not significant. The date 11468 # is relative to the Proleptic Gregorian Calendar. This can represent: 11469 # 11470 # * A full date, with non-zero year, month and day values 11471 # * A month and day value, with a zero year, e.g. an anniversary 11472 # * A year on its own, with zero month and day values 11473 # * A year and month value, with a zero day, e.g. a credit card expiration date 11474 # 11475 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 11476 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 11477 # a year. 11478 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 11479 # if specifying a year by itself or a year and month where the day is not 11480 # significant. 11481 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 11482 # month and day. 11483 }, 11484 "stringValue": "A String", 11485 "booleanValue": True or False, 11486 "integerValue": "A String", 11487 }, 11488 "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided 11489 # the default behavior will be to hyphenate the min-max range. 11490 # Note that for the purposes of inspection or transformation, the number 11491 # of bytes considered to comprise a 'Value' is based on its representation 11492 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 11493 # 123456789, the number of bytes would be counted as 9, even though an 11494 # int64 only holds up to 8 bytes of data. 11495 "floatValue": 3.14, 11496 "timestampValue": "A String", 11497 "dayOfWeekValue": "A String", 11498 "timeValue": { # Represents a time of day. The date and time zone are either not significant 11499 # or are specified elsewhere. An API may choose to allow leap seconds. Related 11500 # types are google.type.Date and `google.protobuf.Timestamp`. 11501 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 11502 # to allow the value "24:00:00" for scenarios like business closing time. 11503 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 11504 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 11505 # allow the value 60 if it allows leap-seconds. 11506 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 11507 }, 11508 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 11509 # and time zone are either specified elsewhere or are not significant. The date 11510 # is relative to the Proleptic Gregorian Calendar. This can represent: 11511 # 11512 # * A full date, with non-zero year, month and day values 11513 # * A month and day value, with a zero year, e.g. an anniversary 11514 # * A year on its own, with zero month and day values 11515 # * A year and month value, with a zero day, e.g. a credit card expiration date 11516 # 11517 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 11518 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 11519 # a year. 11520 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 11521 # if specifying a year by itself or a year and month where the day is not 11522 # significant. 11523 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 11524 # month and day. 11525 }, 11526 "stringValue": "A String", 11527 "booleanValue": True or False, 11528 "integerValue": "A String", 11529 }, 11530 "min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if 11531 # used. 11532 # Note that for the purposes of inspection or transformation, the number 11533 # of bytes considered to comprise a 'Value' is based on its representation 11534 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 11535 # 123456789, the number of bytes would be counted as 9, even though an 11536 # int64 only holds up to 8 bytes of data. 11537 "floatValue": 3.14, 11538 "timestampValue": "A String", 11539 "dayOfWeekValue": "A String", 11540 "timeValue": { # Represents a time of day. The date and time zone are either not significant 11541 # or are specified elsewhere. An API may choose to allow leap seconds. Related 11542 # types are google.type.Date and `google.protobuf.Timestamp`. 11543 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 11544 # to allow the value "24:00:00" for scenarios like business closing time. 11545 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 11546 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 11547 # allow the value 60 if it allows leap-seconds. 11548 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 11549 }, 11550 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 11551 # and time zone are either specified elsewhere or are not significant. The date 11552 # is relative to the Proleptic Gregorian Calendar. This can represent: 11553 # 11554 # * A full date, with non-zero year, month and day values 11555 # * A month and day value, with a zero year, e.g. an anniversary 11556 # * A year on its own, with zero month and day values 11557 # * A year and month value, with a zero day, e.g. a credit card expiration date 11558 # 11559 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 11560 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 11561 # a year. 11562 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 11563 # if specifying a year by itself or a year and month where the day is not 11564 # significant. 11565 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 11566 # month and day. 11567 }, 11568 "stringValue": "A String", 11569 "booleanValue": True or False, 11570 "integerValue": "A String", 11571 }, 11572 }, 11573 ], 11574 }, 11575 "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption 11576 # (FPE) with the FFX mode of operation; however when used in the 11577 # `ReidentifyContent` API method, it serves the opposite function by reversing 11578 # the surrogate back into the original identifier. The identifier must be 11579 # encoded as ASCII. For a given crypto key and context, the same identifier 11580 # will be replaced with the same surrogate. Identifiers must be at least two 11581 # characters long. In the case that the identifier is the empty string, it will 11582 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn 11583 # more. 11584 # 11585 # Note: We recommend using CryptoDeterministicConfig for all use cases which 11586 # do not require preserving the input alphabet space and size, plus warrant 11587 # referential integrity. 11588 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption algorithm. [required] 11589 # a key encryption key (KEK) stored by KMS). 11590 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 11591 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 11592 # unwrap the data crypto key. 11593 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 11594 # The wrapped key must be a 128/192/256 bit key. 11595 # Authorization requires the following IAM permissions when sending a request 11596 # to perform a crypto transformation using a kms-wrapped crypto key: 11597 # dlp.kms.encrypt 11598 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 11599 "wrappedKey": "A String", # The wrapped data crypto key. [required] 11600 }, 11601 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 11602 # leaking the key. Choose another type of key if possible. 11603 "key": "A String", # A 128/192/256 bit key. [required] 11604 }, 11605 "transient": { # Use this to have a random data crypto key generated. 11606 # It will be discarded after the request finishes. 11607 "name": "A String", # Name of the key. [required] 11608 # This is an arbitrary string used to differentiate different keys. 11609 # A unique key is generated per name: two separate `TransientCryptoKey` 11610 # protos share the same generated key if their names are the same. 11611 # When the data crypto key is generated, this name is not used in any way 11612 # (repeating the api call will result in a different key being generated). 11613 }, 11614 }, 11615 "radix": 42, # The native way to select the alphabet. Must be in the range [2, 62]. 11616 "commonAlphabet": "A String", 11617 "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters 11618 # that the FFX mode natively supports. This happens before/after 11619 # encryption/decryption. 11620 # Each character listed must appear only once. 11621 # Number of characters must be in the range [2, 62]. 11622 # This must be encoded as ASCII. 11623 # The order of characters does not matter. 11624 "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same 11625 # identifier in two different contexts won't be given the same surrogate. If 11626 # the context is not set, a default tweak will be used. 11627 # 11628 # If the context is set but: 11629 # 11630 # 1. there is no record present when transforming a given value or 11631 # 1. the field is not present when transforming a given value, 11632 # 11633 # a default tweak will be used. 11634 # 11635 # Note that case (1) is expected when an `InfoTypeTransformation` is 11636 # applied to both structured and non-structured `ContentItem`s. 11637 # Currently, the referenced field may be of value type integer or string. 11638 # 11639 # The tweak is constructed as a sequence of bytes in big endian byte order 11640 # such that: 11641 # 11642 # - a 64 bit integer is encoded followed by a single byte of value 1 11643 # - a string is encoded in UTF-8 format followed by a single byte of value 2 11644 "name": "A String", # Name describing the field. 11645 }, 11646 "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. 11647 # This annotation will be applied to the surrogate by prefixing it with 11648 # the name of the custom infoType followed by the number of 11649 # characters comprising the surrogate. The following scheme defines the 11650 # format: info_type_name(surrogate_character_count):surrogate 11651 # 11652 # For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and 11653 # the surrogate is 'abc', the full replacement value 11654 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 11655 # 11656 # This annotation identifies the surrogate when inspecting content using the 11657 # custom infoType 11658 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). 11659 # This facilitates reversal of the surrogate when it occurs in free text. 11660 # 11661 # In order for inspection to work properly, the name of this infoType must 11662 # not occur naturally anywhere in your data; otherwise, inspection may 11663 # find a surrogate that does not correspond to an actual identifier. 11664 # Therefore, choose your custom infoType name carefully after considering 11665 # what your data looks like. One way to select a name that has a high chance 11666 # of yielding reliable detection is to include one or more unicode characters 11667 # that are highly improbable to exist in your data. 11668 # For example, assuming your data is entered from a regular ASCII keyboard, 11669 # the symbol with the hex code point 29DD might be used like so: 11670 # ⧝MY_TOKEN_TYPE 11671 "name": "A String", # Name of the information type. Either a name of your choosing when 11672 # creating a CustomInfoType, or one of the names listed 11673 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 11674 # a built-in type. InfoType names should conform to the pattern 11675 # [a-zA-Z0-9_]{1,64}. 11676 }, 11677 }, 11678 "replaceConfig": { # Replace each input value with a given `Value`. 11679 "newValue": { # Set of primitive values supported by the system. # Value to replace it with. 11680 # Note that for the purposes of inspection or transformation, the number 11681 # of bytes considered to comprise a 'Value' is based on its representation 11682 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 11683 # 123456789, the number of bytes would be counted as 9, even though an 11684 # int64 only holds up to 8 bytes of data. 11685 "floatValue": 3.14, 11686 "timestampValue": "A String", 11687 "dayOfWeekValue": "A String", 11688 "timeValue": { # Represents a time of day. The date and time zone are either not significant 11689 # or are specified elsewhere. An API may choose to allow leap seconds. Related 11690 # types are google.type.Date and `google.protobuf.Timestamp`. 11691 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 11692 # to allow the value "24:00:00" for scenarios like business closing time. 11693 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 11694 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 11695 # allow the value 60 if it allows leap-seconds. 11696 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 11697 }, 11698 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 11699 # and time zone are either specified elsewhere or are not significant. The date 11700 # is relative to the Proleptic Gregorian Calendar. This can represent: 11701 # 11702 # * A full date, with non-zero year, month and day values 11703 # * A month and day value, with a zero year, e.g. an anniversary 11704 # * A year on its own, with zero month and day values 11705 # * A year and month value, with a zero day, e.g. a credit card expiration date 11706 # 11707 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 11708 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 11709 # a year. 11710 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 11711 # if specifying a year by itself or a year and month where the day is not 11712 # significant. 11713 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 11714 # month and day. 11715 }, 11716 "stringValue": "A String", 11717 "booleanValue": True or False, 11718 "integerValue": "A String", 11719 }, 11720 }, 11721 }, 11722 "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause 11723 # this transformation to apply to all findings that correspond to 11724 # infoTypes that were requested in `InspectConfig`. 11725 { # Type of information detected by the API. 11726 "name": "A String", # Name of the information type. Either a name of your choosing when 11727 # creating a CustomInfoType, or one of the names listed 11728 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 11729 # a built-in type. InfoType names should conform to the pattern 11730 # [a-zA-Z0-9_]{1,64}. 11731 }, 11732 ], 11733 }, 11734 ], 11735 }, 11736 "primitiveTransformation": { # A rule for transforming a value. # Apply the transformation to the entire field. 11737 "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a 11738 # fixed character. Masking can start from the beginning or end of the string. 11739 # This can be used on data of any type (numbers, longs, and so on) and when 11740 # de-identifying structured data we'll attempt to preserve the original data's 11741 # type. (This allows you to take a long like 123 and modify it to a string like 11742 # **3. 11743 "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing. 11744 # For example, if your string is 555-555-5555 and you ask us to skip `-` and 11745 # mask 5 chars with * we would produce ***-*55-5555. 11746 { # Characters to skip when doing deidentification of a value. These will be left 11747 # alone and skipped. 11748 "commonCharactersToIgnore": "A String", 11749 "charactersToSkip": "A String", 11750 }, 11751 ], 11752 "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be 11753 # masked. Skipped characters do not count towards this tally. 11754 "maskingCharacter": "A String", # Character to mask the sensitive values—for example, "*" for an 11755 # alphabetic string such as name, or "0" for a numeric string such as ZIP 11756 # code or credit card number. String must have length 1. If not supplied, we 11757 # will default to "*" for strings, 0 for digits. 11758 "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is 11759 # '0', number_to_mask is 14, and `reverse_order` is false, then 11760 # 1234-5678-9012-3456 -> 00000000000000-3456 11761 # If `masking_character` is '*', `number_to_mask` is 3, and `reverse_order` 11762 # is true, then 12345 -> 12*** 11763 }, 11764 "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` 11765 # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the 11766 # output would be 'My phone number is '. 11767 }, 11768 "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given 11769 # input. Outputs a base64 encoded representation of the encrypted output. 11770 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. 11771 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function. 11772 # a key encryption key (KEK) stored by KMS). 11773 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 11774 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 11775 # unwrap the data crypto key. 11776 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 11777 # The wrapped key must be a 128/192/256 bit key. 11778 # Authorization requires the following IAM permissions when sending a request 11779 # to perform a crypto transformation using a kms-wrapped crypto key: 11780 # dlp.kms.encrypt 11781 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 11782 "wrappedKey": "A String", # The wrapped data crypto key. [required] 11783 }, 11784 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 11785 # leaking the key. Choose another type of key if possible. 11786 "key": "A String", # A 128/192/256 bit key. [required] 11787 }, 11788 "transient": { # Use this to have a random data crypto key generated. 11789 # It will be discarded after the request finishes. 11790 "name": "A String", # Name of the key. [required] 11791 # This is an arbitrary string used to differentiate different keys. 11792 # A unique key is generated per name: two separate `TransientCryptoKey` 11793 # protos share the same generated key if their names are the same. 11794 # When the data crypto key is generated, this name is not used in any way 11795 # (repeating the api call will result in a different key being generated). 11796 }, 11797 }, 11798 "context": { # General identifier of a data field in a storage service. # Optional. A context may be used for higher security and maintaining 11799 # referential integrity such that the same identifier in two different 11800 # contexts will be given a distinct surrogate. The context is appended to 11801 # plaintext value being encrypted. On decryption the provided context is 11802 # validated against the value used during encryption. If a context was 11803 # provided during encryption, same context must be provided during decryption 11804 # as well. 11805 # 11806 # If the context is not set, plaintext would be used as is for encryption. 11807 # If the context is set but: 11808 # 11809 # 1. there is no record present when transforming a given value or 11810 # 2. the field is not present when transforming a given value, 11811 # 11812 # plaintext would be used as is for encryption. 11813 # 11814 # Note that case (1) is expected when an `InfoTypeTransformation` is 11815 # applied to both structured and non-structured `ContentItem`s. 11816 "name": "A String", # Name describing the field. 11817 }, 11818 "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. 11819 # This annotation will be applied to the surrogate by prefixing it with 11820 # the name of the custom info type followed by the number of 11821 # characters comprising the surrogate. The following scheme defines the 11822 # format: <info type name>(<surrogate character count>):<surrogate> 11823 # 11824 # For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and 11825 # the surrogate is 'abc', the full replacement value 11826 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 11827 # 11828 # This annotation identifies the surrogate when inspecting content using the 11829 # custom info type 'Surrogate'. This facilitates reversal of the 11830 # surrogate when it occurs in free text. 11831 # 11832 # In order for inspection to work properly, the name of this info type must 11833 # not occur naturally anywhere in your data; otherwise, inspection may either 11834 # 11835 # - reverse a surrogate that does not correspond to an actual identifier 11836 # - be unable to parse the surrogate and result in an error 11837 # 11838 # Therefore, choose your custom info type name carefully after considering 11839 # what your data looks like. One way to select a name that has a high chance 11840 # of yielding reliable detection is to include one or more unicode characters 11841 # that are highly improbable to exist in your data. 11842 # For example, assuming your data is entered from a regular ASCII keyboard, 11843 # the symbol with the hex code point 29DD might be used like so: 11844 # ⧝MY_TOKEN_TYPE 11845 "name": "A String", # Name of the information type. Either a name of your choosing when 11846 # creating a CustomInfoType, or one of the names listed 11847 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 11848 # a built-in type. InfoType names should conform to the pattern 11849 # [a-zA-Z0-9_]{1,64}. 11850 }, 11851 }, 11852 "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The 11853 # Bucketing transformation can provide all of this functionality, 11854 # but requires more configuration. This message is provided as a convenience to 11855 # the user for simple bucketing strategies. 11856 # 11857 # The transformed value will be a hyphenated string of 11858 # <lower_bound>-<upper_bound>, i.e if lower_bound = 10 and upper_bound = 20 11859 # all values that are within this bucket will be replaced with "10-20". 11860 # 11861 # This can be used on data of type: double, long. 11862 # 11863 # If the bound Value type differs from the type of data 11864 # being transformed, we will first attempt converting the type of the data to 11865 # be transformed to match the type of the bound before comparing. 11866 # 11867 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 11868 "lowerBound": { # Set of primitive values supported by the system. # Lower bound value of buckets. All values less than `lower_bound` are 11869 # grouped together into a single bucket; for example if `lower_bound` = 10, 11870 # then all values less than 10 are replaced with the value “-10”. [Required]. 11871 # Note that for the purposes of inspection or transformation, the number 11872 # of bytes considered to comprise a 'Value' is based on its representation 11873 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 11874 # 123456789, the number of bytes would be counted as 9, even though an 11875 # int64 only holds up to 8 bytes of data. 11876 "floatValue": 3.14, 11877 "timestampValue": "A String", 11878 "dayOfWeekValue": "A String", 11879 "timeValue": { # Represents a time of day. The date and time zone are either not significant 11880 # or are specified elsewhere. An API may choose to allow leap seconds. Related 11881 # types are google.type.Date and `google.protobuf.Timestamp`. 11882 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 11883 # to allow the value "24:00:00" for scenarios like business closing time. 11884 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 11885 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 11886 # allow the value 60 if it allows leap-seconds. 11887 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 11888 }, 11889 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 11890 # and time zone are either specified elsewhere or are not significant. The date 11891 # is relative to the Proleptic Gregorian Calendar. This can represent: 11892 # 11893 # * A full date, with non-zero year, month and day values 11894 # * A month and day value, with a zero year, e.g. an anniversary 11895 # * A year on its own, with zero month and day values 11896 # * A year and month value, with a zero day, e.g. a credit card expiration date 11897 # 11898 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 11899 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 11900 # a year. 11901 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 11902 # if specifying a year by itself or a year and month where the day is not 11903 # significant. 11904 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 11905 # month and day. 11906 }, 11907 "stringValue": "A String", 11908 "booleanValue": True or False, 11909 "integerValue": "A String", 11910 }, 11911 "upperBound": { # Set of primitive values supported by the system. # Upper bound value of buckets. All values greater than upper_bound are 11912 # grouped together into a single bucket; for example if `upper_bound` = 89, 11913 # then all values greater than 89 are replaced with the value “89+”. 11914 # [Required]. 11915 # Note that for the purposes of inspection or transformation, the number 11916 # of bytes considered to comprise a 'Value' is based on its representation 11917 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 11918 # 123456789, the number of bytes would be counted as 9, even though an 11919 # int64 only holds up to 8 bytes of data. 11920 "floatValue": 3.14, 11921 "timestampValue": "A String", 11922 "dayOfWeekValue": "A String", 11923 "timeValue": { # Represents a time of day. The date and time zone are either not significant 11924 # or are specified elsewhere. An API may choose to allow leap seconds. Related 11925 # types are google.type.Date and `google.protobuf.Timestamp`. 11926 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 11927 # to allow the value "24:00:00" for scenarios like business closing time. 11928 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 11929 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 11930 # allow the value 60 if it allows leap-seconds. 11931 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 11932 }, 11933 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 11934 # and time zone are either specified elsewhere or are not significant. The date 11935 # is relative to the Proleptic Gregorian Calendar. This can represent: 11936 # 11937 # * A full date, with non-zero year, month and day values 11938 # * A month and day value, with a zero year, e.g. an anniversary 11939 # * A year on its own, with zero month and day values 11940 # * A year and month value, with a zero day, e.g. a credit card expiration date 11941 # 11942 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 11943 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 11944 # a year. 11945 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 11946 # if specifying a year by itself or a year and month where the day is not 11947 # significant. 11948 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 11949 # month and day. 11950 }, 11951 "stringValue": "A String", 11952 "booleanValue": True or False, 11953 "integerValue": "A String", 11954 }, 11955 "bucketSize": 3.14, # Size of each bucket (except for minimum and maximum buckets). So if 11956 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the 11957 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 11958 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. [Required]. 11959 }, 11960 "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. 11961 }, 11962 "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a 11963 # portion of the value. 11964 "partToExtract": "A String", 11965 }, 11966 "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. 11967 # Uses SHA-256. 11968 # The key size must be either 32 or 64 bytes. 11969 # Outputs a base64 encoded representation of the hashed output 11970 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). 11971 # Currently, only string and integer values can be hashed. 11972 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more. 11973 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function. 11974 # a key encryption key (KEK) stored by KMS). 11975 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 11976 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 11977 # unwrap the data crypto key. 11978 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 11979 # The wrapped key must be a 128/192/256 bit key. 11980 # Authorization requires the following IAM permissions when sending a request 11981 # to perform a crypto transformation using a kms-wrapped crypto key: 11982 # dlp.kms.encrypt 11983 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 11984 "wrappedKey": "A String", # The wrapped data crypto key. [required] 11985 }, 11986 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 11987 # leaking the key. Choose another type of key if possible. 11988 "key": "A String", # A 128/192/256 bit key. [required] 11989 }, 11990 "transient": { # Use this to have a random data crypto key generated. 11991 # It will be discarded after the request finishes. 11992 "name": "A String", # Name of the key. [required] 11993 # This is an arbitrary string used to differentiate different keys. 11994 # A unique key is generated per name: two separate `TransientCryptoKey` 11995 # protos share the same generated key if their names are the same. 11996 # When the data crypto key is generated, this name is not used in any way 11997 # (repeating the api call will result in a different key being generated). 11998 }, 11999 }, 12000 }, 12001 "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the 12002 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting 12003 # to learn more. 12004 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This 12005 # results in the same shift for the same context and crypto_key. 12006 # a key encryption key (KEK) stored by KMS). 12007 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 12008 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 12009 # unwrap the data crypto key. 12010 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 12011 # The wrapped key must be a 128/192/256 bit key. 12012 # Authorization requires the following IAM permissions when sending a request 12013 # to perform a crypto transformation using a kms-wrapped crypto key: 12014 # dlp.kms.encrypt 12015 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 12016 "wrappedKey": "A String", # The wrapped data crypto key. [required] 12017 }, 12018 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 12019 # leaking the key. Choose another type of key if possible. 12020 "key": "A String", # A 128/192/256 bit key. [required] 12021 }, 12022 "transient": { # Use this to have a random data crypto key generated. 12023 # It will be discarded after the request finishes. 12024 "name": "A String", # Name of the key. [required] 12025 # This is an arbitrary string used to differentiate different keys. 12026 # A unique key is generated per name: two separate `TransientCryptoKey` 12027 # protos share the same generated key if their names are the same. 12028 # When the data crypto key is generated, this name is not used in any way 12029 # (repeating the api call will result in a different key being generated). 12030 }, 12031 }, 12032 "lowerBoundDays": 42, # For example, -5 means shift date to at most 5 days back in the past. 12033 # [Required] 12034 "upperBoundDays": 42, # Range of shift in days. Actual shift will be selected at random within this 12035 # range (inclusive ends). Negative means shift to earlier in time. Must not 12036 # be more than 365250 days (1000 years) each direction. 12037 # 12038 # For example, 3 means shift date to at most 3 days into the future. 12039 # [Required] 12040 "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. 12041 # If set, must also set method. If set, shift will be consistent for the 12042 # given context. 12043 "name": "A String", # Name describing the field. 12044 }, 12045 }, 12046 "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and 12047 # replacement values are dynamically provided by the user for custom behavior, 12048 # such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH 12049 # This can be used on 12050 # data of type: number, long, string, timestamp. 12051 # If the bound `Value` type differs from the type of data being transformed, we 12052 # will first attempt converting the type of the data to be transformed to match 12053 # the type of the bound before comparing. 12054 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 12055 "buckets": [ # Set of buckets. Ranges must be non-overlapping. 12056 { # Bucket is represented as a range, along with replacement values. 12057 "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min. 12058 # Note that for the purposes of inspection or transformation, the number 12059 # of bytes considered to comprise a 'Value' is based on its representation 12060 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 12061 # 123456789, the number of bytes would be counted as 9, even though an 12062 # int64 only holds up to 8 bytes of data. 12063 "floatValue": 3.14, 12064 "timestampValue": "A String", 12065 "dayOfWeekValue": "A String", 12066 "timeValue": { # Represents a time of day. The date and time zone are either not significant 12067 # or are specified elsewhere. An API may choose to allow leap seconds. Related 12068 # types are google.type.Date and `google.protobuf.Timestamp`. 12069 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 12070 # to allow the value "24:00:00" for scenarios like business closing time. 12071 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 12072 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 12073 # allow the value 60 if it allows leap-seconds. 12074 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 12075 }, 12076 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 12077 # and time zone are either specified elsewhere or are not significant. The date 12078 # is relative to the Proleptic Gregorian Calendar. This can represent: 12079 # 12080 # * A full date, with non-zero year, month and day values 12081 # * A month and day value, with a zero year, e.g. an anniversary 12082 # * A year on its own, with zero month and day values 12083 # * A year and month value, with a zero day, e.g. a credit card expiration date 12084 # 12085 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 12086 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 12087 # a year. 12088 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 12089 # if specifying a year by itself or a year and month where the day is not 12090 # significant. 12091 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 12092 # month and day. 12093 }, 12094 "stringValue": "A String", 12095 "booleanValue": True or False, 12096 "integerValue": "A String", 12097 }, 12098 "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided 12099 # the default behavior will be to hyphenate the min-max range. 12100 # Note that for the purposes of inspection or transformation, the number 12101 # of bytes considered to comprise a 'Value' is based on its representation 12102 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 12103 # 123456789, the number of bytes would be counted as 9, even though an 12104 # int64 only holds up to 8 bytes of data. 12105 "floatValue": 3.14, 12106 "timestampValue": "A String", 12107 "dayOfWeekValue": "A String", 12108 "timeValue": { # Represents a time of day. The date and time zone are either not significant 12109 # or are specified elsewhere. An API may choose to allow leap seconds. Related 12110 # types are google.type.Date and `google.protobuf.Timestamp`. 12111 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 12112 # to allow the value "24:00:00" for scenarios like business closing time. 12113 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 12114 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 12115 # allow the value 60 if it allows leap-seconds. 12116 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 12117 }, 12118 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 12119 # and time zone are either specified elsewhere or are not significant. The date 12120 # is relative to the Proleptic Gregorian Calendar. This can represent: 12121 # 12122 # * A full date, with non-zero year, month and day values 12123 # * A month and day value, with a zero year, e.g. an anniversary 12124 # * A year on its own, with zero month and day values 12125 # * A year and month value, with a zero day, e.g. a credit card expiration date 12126 # 12127 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 12128 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 12129 # a year. 12130 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 12131 # if specifying a year by itself or a year and month where the day is not 12132 # significant. 12133 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 12134 # month and day. 12135 }, 12136 "stringValue": "A String", 12137 "booleanValue": True or False, 12138 "integerValue": "A String", 12139 }, 12140 "min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if 12141 # used. 12142 # Note that for the purposes of inspection or transformation, the number 12143 # of bytes considered to comprise a 'Value' is based on its representation 12144 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 12145 # 123456789, the number of bytes would be counted as 9, even though an 12146 # int64 only holds up to 8 bytes of data. 12147 "floatValue": 3.14, 12148 "timestampValue": "A String", 12149 "dayOfWeekValue": "A String", 12150 "timeValue": { # Represents a time of day. The date and time zone are either not significant 12151 # or are specified elsewhere. An API may choose to allow leap seconds. Related 12152 # types are google.type.Date and `google.protobuf.Timestamp`. 12153 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 12154 # to allow the value "24:00:00" for scenarios like business closing time. 12155 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 12156 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 12157 # allow the value 60 if it allows leap-seconds. 12158 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 12159 }, 12160 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 12161 # and time zone are either specified elsewhere or are not significant. The date 12162 # is relative to the Proleptic Gregorian Calendar. This can represent: 12163 # 12164 # * A full date, with non-zero year, month and day values 12165 # * A month and day value, with a zero year, e.g. an anniversary 12166 # * A year on its own, with zero month and day values 12167 # * A year and month value, with a zero day, e.g. a credit card expiration date 12168 # 12169 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 12170 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 12171 # a year. 12172 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 12173 # if specifying a year by itself or a year and month where the day is not 12174 # significant. 12175 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 12176 # month and day. 12177 }, 12178 "stringValue": "A String", 12179 "booleanValue": True or False, 12180 "integerValue": "A String", 12181 }, 12182 }, 12183 ], 12184 }, 12185 "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption 12186 # (FPE) with the FFX mode of operation; however when used in the 12187 # `ReidentifyContent` API method, it serves the opposite function by reversing 12188 # the surrogate back into the original identifier. The identifier must be 12189 # encoded as ASCII. For a given crypto key and context, the same identifier 12190 # will be replaced with the same surrogate. Identifiers must be at least two 12191 # characters long. In the case that the identifier is the empty string, it will 12192 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn 12193 # more. 12194 # 12195 # Note: We recommend using CryptoDeterministicConfig for all use cases which 12196 # do not require preserving the input alphabet space and size, plus warrant 12197 # referential integrity. 12198 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption algorithm. [required] 12199 # a key encryption key (KEK) stored by KMS). 12200 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 12201 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 12202 # unwrap the data crypto key. 12203 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 12204 # The wrapped key must be a 128/192/256 bit key. 12205 # Authorization requires the following IAM permissions when sending a request 12206 # to perform a crypto transformation using a kms-wrapped crypto key: 12207 # dlp.kms.encrypt 12208 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 12209 "wrappedKey": "A String", # The wrapped data crypto key. [required] 12210 }, 12211 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 12212 # leaking the key. Choose another type of key if possible. 12213 "key": "A String", # A 128/192/256 bit key. [required] 12214 }, 12215 "transient": { # Use this to have a random data crypto key generated. 12216 # It will be discarded after the request finishes. 12217 "name": "A String", # Name of the key. [required] 12218 # This is an arbitrary string used to differentiate different keys. 12219 # A unique key is generated per name: two separate `TransientCryptoKey` 12220 # protos share the same generated key if their names are the same. 12221 # When the data crypto key is generated, this name is not used in any way 12222 # (repeating the api call will result in a different key being generated). 12223 }, 12224 }, 12225 "radix": 42, # The native way to select the alphabet. Must be in the range [2, 62]. 12226 "commonAlphabet": "A String", 12227 "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters 12228 # that the FFX mode natively supports. This happens before/after 12229 # encryption/decryption. 12230 # Each character listed must appear only once. 12231 # Number of characters must be in the range [2, 62]. 12232 # This must be encoded as ASCII. 12233 # The order of characters does not matter. 12234 "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same 12235 # identifier in two different contexts won't be given the same surrogate. If 12236 # the context is not set, a default tweak will be used. 12237 # 12238 # If the context is set but: 12239 # 12240 # 1. there is no record present when transforming a given value or 12241 # 1. the field is not present when transforming a given value, 12242 # 12243 # a default tweak will be used. 12244 # 12245 # Note that case (1) is expected when an `InfoTypeTransformation` is 12246 # applied to both structured and non-structured `ContentItem`s. 12247 # Currently, the referenced field may be of value type integer or string. 12248 # 12249 # The tweak is constructed as a sequence of bytes in big endian byte order 12250 # such that: 12251 # 12252 # - a 64 bit integer is encoded followed by a single byte of value 1 12253 # - a string is encoded in UTF-8 format followed by a single byte of value 2 12254 "name": "A String", # Name describing the field. 12255 }, 12256 "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. 12257 # This annotation will be applied to the surrogate by prefixing it with 12258 # the name of the custom infoType followed by the number of 12259 # characters comprising the surrogate. The following scheme defines the 12260 # format: info_type_name(surrogate_character_count):surrogate 12261 # 12262 # For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and 12263 # the surrogate is 'abc', the full replacement value 12264 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 12265 # 12266 # This annotation identifies the surrogate when inspecting content using the 12267 # custom infoType 12268 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). 12269 # This facilitates reversal of the surrogate when it occurs in free text. 12270 # 12271 # In order for inspection to work properly, the name of this infoType must 12272 # not occur naturally anywhere in your data; otherwise, inspection may 12273 # find a surrogate that does not correspond to an actual identifier. 12274 # Therefore, choose your custom infoType name carefully after considering 12275 # what your data looks like. One way to select a name that has a high chance 12276 # of yielding reliable detection is to include one or more unicode characters 12277 # that are highly improbable to exist in your data. 12278 # For example, assuming your data is entered from a regular ASCII keyboard, 12279 # the symbol with the hex code point 29DD might be used like so: 12280 # ⧝MY_TOKEN_TYPE 12281 "name": "A String", # Name of the information type. Either a name of your choosing when 12282 # creating a CustomInfoType, or one of the names listed 12283 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 12284 # a built-in type. InfoType names should conform to the pattern 12285 # [a-zA-Z0-9_]{1,64}. 12286 }, 12287 }, 12288 "replaceConfig": { # Replace each input value with a given `Value`. 12289 "newValue": { # Set of primitive values supported by the system. # Value to replace it with. 12290 # Note that for the purposes of inspection or transformation, the number 12291 # of bytes considered to comprise a 'Value' is based on its representation 12292 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 12293 # 123456789, the number of bytes would be counted as 9, even though an 12294 # int64 only holds up to 8 bytes of data. 12295 "floatValue": 3.14, 12296 "timestampValue": "A String", 12297 "dayOfWeekValue": "A String", 12298 "timeValue": { # Represents a time of day. The date and time zone are either not significant 12299 # or are specified elsewhere. An API may choose to allow leap seconds. Related 12300 # types are google.type.Date and `google.protobuf.Timestamp`. 12301 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 12302 # to allow the value "24:00:00" for scenarios like business closing time. 12303 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 12304 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 12305 # allow the value 60 if it allows leap-seconds. 12306 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 12307 }, 12308 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 12309 # and time zone are either specified elsewhere or are not significant. The date 12310 # is relative to the Proleptic Gregorian Calendar. This can represent: 12311 # 12312 # * A full date, with non-zero year, month and day values 12313 # * A month and day value, with a zero year, e.g. an anniversary 12314 # * A year on its own, with zero month and day values 12315 # * A year and month value, with a zero day, e.g. a credit card expiration date 12316 # 12317 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 12318 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 12319 # a year. 12320 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 12321 # if specifying a year by itself or a year and month where the day is not 12322 # significant. 12323 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 12324 # month and day. 12325 }, 12326 "stringValue": "A String", 12327 "booleanValue": True or False, 12328 "integerValue": "A String", 12329 }, 12330 }, 12331 }, 12332 "condition": { # A condition for determining whether a transformation should be applied to # Only apply the transformation if the condition evaluates to true for the 12333 # given `RecordCondition`. The conditions are allowed to reference fields 12334 # that are not used in the actual transformation. [optional] 12335 # 12336 # Example Use Cases: 12337 # 12338 # - Apply a different bucket transformation to an age column if the zip code 12339 # column for the same record is within a specific range. 12340 # - Redact a field if the date of birth field is greater than 85. 12341 # a field. 12342 "expressions": { # An expression, consisting or an operator and conditions. # An expression. 12343 "conditions": { # A collection of conditions. 12344 "conditions": [ 12345 { # The field type of `value` and `field` do not need to match to be 12346 # considered equal, but not all comparisons are possible. 12347 # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, 12348 # but all other comparisons are invalid with incompatible types. 12349 # A `value` of type: 12350 # 12351 # - `string` can be compared against all other types 12352 # - `boolean` can only be compared against other booleans 12353 # - `integer` can be compared against doubles or a string if the string value 12354 # can be parsed as an integer. 12355 # - `double` can be compared against integers or a string if the string can 12356 # be parsed as a double. 12357 # - `Timestamp` can be compared against strings in RFC 3339 date string 12358 # format. 12359 # - `TimeOfDay` can be compared against timestamps and strings in the format 12360 # of 'HH:mm:ss'. 12361 # 12362 # If we fail to compare do to type mismatch, a warning will be given and 12363 # the condition will evaluate to false. 12364 "operator": "A String", # Operator used to compare the field or infoType to the value. [required] 12365 "field": { # General identifier of a data field in a storage service. # Field within the record this condition is evaluated against. [required] 12366 "name": "A String", # Name describing the field. 12367 }, 12368 "value": { # Set of primitive values supported by the system. # Value to compare against. [Required, except for `EXISTS` tests.] 12369 # Note that for the purposes of inspection or transformation, the number 12370 # of bytes considered to comprise a 'Value' is based on its representation 12371 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 12372 # 123456789, the number of bytes would be counted as 9, even though an 12373 # int64 only holds up to 8 bytes of data. 12374 "floatValue": 3.14, 12375 "timestampValue": "A String", 12376 "dayOfWeekValue": "A String", 12377 "timeValue": { # Represents a time of day. The date and time zone are either not significant 12378 # or are specified elsewhere. An API may choose to allow leap seconds. Related 12379 # types are google.type.Date and `google.protobuf.Timestamp`. 12380 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 12381 # to allow the value "24:00:00" for scenarios like business closing time. 12382 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 12383 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 12384 # allow the value 60 if it allows leap-seconds. 12385 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 12386 }, 12387 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 12388 # and time zone are either specified elsewhere or are not significant. The date 12389 # is relative to the Proleptic Gregorian Calendar. This can represent: 12390 # 12391 # * A full date, with non-zero year, month and day values 12392 # * A month and day value, with a zero year, e.g. an anniversary 12393 # * A year on its own, with zero month and day values 12394 # * A year and month value, with a zero day, e.g. a credit card expiration date 12395 # 12396 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 12397 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 12398 # a year. 12399 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 12400 # if specifying a year by itself or a year and month where the day is not 12401 # significant. 12402 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 12403 # month and day. 12404 }, 12405 "stringValue": "A String", 12406 "booleanValue": True or False, 12407 "integerValue": "A String", 12408 }, 12409 }, 12410 ], 12411 }, 12412 "logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently 12413 # only supported value is `AND`. 12414 }, 12415 }, 12416 "fields": [ # Input field(s) to apply the transformation to. [required] 12417 { # General identifier of a data field in a storage service. 12418 "name": "A String", # Name describing the field. 12419 }, 12420 ], 12421 }, 12422 ], 12423 }, 12424 }, 12425 "createTime": "A String", # The creation timestamp of a inspectTemplate, output only field. 12426 "name": "A String", # The template name. Output only. 12427 # 12428 # The template will have one of the following formats: 12429 # `projects/PROJECT_ID/deidentifyTemplates/TEMPLATE_ID` OR 12430 # `organizations/ORGANIZATION_ID/deidentifyTemplates/TEMPLATE_ID` 12431 }</pre> 12432</div> 12433 12434</body></html>