tessl/pypi-google-cloud-dlp
Google Cloud Data Loss Prevention (DLP) API client library for discovering, classifying, and protecting sensitive data
- Workspace
- tessl
- Visibility
- Public
- Created
- Last updated
- Describes
'%3e%3cpath%20d='M3.389%209.069c0-.009.043-.033.029-.044L.029%207.77l3.287-1.197L6.574%207.77l.106.083.005%204-3.297%201.185V9.068ZM13.582%209.32V2.74l3.405%201.238v4.104L13.583%209.32ZM10.253%2014.66l-3.476%201.268v-4.027l3.476-1.313v4.072ZM10.253%2010.558l-3.476%201.239V7.784l3.476-1.268v4.042ZM10.253%2014.719v3.968L6.777%2020v-3.998l3.476-1.283ZM17%208.139v4.042l-3.418%201.239V9.378L17%208.138ZM3.3%2017.168%200%2015.943v-4.027l3.3%201.224v4.028ZM6.69%2011.916v4.027l-3.302%201.225v-4.072l3.301-1.18ZM6.69%203.743v4.012l-3.33-1.21V2.564l3.33%201.18Z'/%3e%3cpath%20d='M3.3%2013.066%200%2011.842V7.844l3.3%201.224v3.998ZM13.524%209.334l-.175.088.175-.014v4.027l-3.152%201.183-.06-.032v-3.983l1.986-.767-.111.006-1.876.657V6.531l3.213-1.224v4.027Zm-.263.133c-.065.008-.198.023-.233.088.065-.008.198-.023.233-.088Zm-.321.118c-.065.008-.198.023-.233.088.065-.009.198-.023.233-.088Zm-.321.118c-.066.008-.199.023-.234.088.065-.008.199-.023.234-.088ZM13.524%201.266v3.968l-3.213%201.195V2.46l3.213-1.194ZM10.253%202.475v3.968L6.777%207.726V3.743l3.476-1.268ZM8.2%204.458c-.304.064-.627.5-.708.79-.27.963.636%201.081%201.091.364.277-.437.354-1.308-.383-1.154ZM13.524%2013.51v3.983l-3.17%201.177c-.011%200-.043-.067-.043-.07v-3.895l3.213-1.195Zm-.884%201.63c-.495.085-1.068%201.015-.676%201.435.483.517%201.502-.636%201.147-1.246-.098-.169-.286-.221-.47-.19ZM10.165%202.387l-.037.065-3.395%201.249-3.345-1.212L6.88%201.21l3.285%201.178ZM13.437%201.177l-.088.073-3.057%201.127-3.034-1.082-.277-.133L10.151%200l3.286%201.177Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h17v20H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
To install, run
npx @tessl/cli install tessl/pypi-google-cloud-dlp@3.31.0index.mddocs/
Google Cloud DLP
Google Cloud Data Loss Prevention (DLP) API enables organizations to discover, classify, and protect sensitive data across their cloud and hybrid environments. It provides comprehensive content inspection, data transformation, risk analysis, and automated data discovery capabilities with extensive configuration options for compliance and privacy requirements.
Package Information
- Package Name: google-cloud-dlp
- Language: Python
- Installation:
pip install google-cloud-dlp
Core Imports
from google.cloud import dlpFor direct access to v2 API:
from google.cloud import dlp_v2Basic Usage
from google.cloud import dlp
# Initialize the DLP client
client = dlp.DlpServiceClient()
# Basic content inspection
parent = f"projects/{project_id}/locations/global"
content_item = dlp.ContentItem(value="My SSN is 123-45-6789")
# Configure inspection
inspect_config = dlp.InspectConfig(
info_types=[dlp.InfoType(name="US_SOCIAL_SECURITY_NUMBER")]
)
# Create request
request = dlp.InspectContentRequest(
parent=parent,
inspect_config=inspect_config,
item=content_item,
)
# Inspect content
response = client.inspect_content(request=request)
# Process findings
for finding in response.result.findings:
print(f"Found {finding.info_type.name}: {finding.quote}")Architecture
The Google Cloud DLP API follows a service-oriented architecture with distinct functional areas:
- Client Libraries: Synchronous and asynchronous clients for API interaction
- Content Analysis: Real-time inspection, de-identification, and image redaction
- Job Management: Long-running batch operations with triggers and scheduling
- Data Discovery: Automated scanning and profiling of cloud data sources
- Template System: Reusable configurations for inspection and transformation
- Type System: Extensive type definitions for configuration and results
The API supports both immediate operations for small datasets and batch processing for enterprise-scale data protection workflows.
Capabilities
Content Analysis
Real-time analysis of text and images to detect, redact, and transform sensitive information. Supports immediate inspection with customizable info types and confidence levels.
def inspect_content(
request: dlp.InspectContentRequest,
*,
retry: OptionalRetry = gapic_v1.method.DEFAULT,
timeout: Union[float, object] = gapic_v1.method.DEFAULT,
metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
) -> dlp.InspectContentResponse: ...
def deidentify_content(
request: dlp.DeidentifyContentRequest,
*,
retry: OptionalRetry = gapic_v1.method.DEFAULT,
timeout: Union[float, object] = gapic_v1.method.DEFAULT,
metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
) -> dlp.DeidentifyContentResponse: ...
def redact_image(
request: dlp.RedactImageRequest,
*,
retry: OptionalRetry = gapic_v1.method.DEFAULT,
timeout: Union[float, object] = gapic_v1.method.DEFAULT,
metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
) -> dlp.RedactImageResponse: ...Template Management
Reusable configurations for inspection and de-identification operations. Templates standardize DLP policies across an organization and simplify repeated operations.
def create_inspect_template(
request: dlp.CreateInspectTemplateRequest,
*,
parent: Optional[str] = None,
inspect_template: Optional[dlp.InspectTemplate] = None,
retry: OptionalRetry = gapic_v1.method.DEFAULT,
timeout: Union[float, object] = gapic_v1.method.DEFAULT,
metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
) -> dlp.InspectTemplate: ...
def create_deidentify_template(
request: dlp.CreateDeidentifyTemplateRequest,
*,
parent: Optional[str] = None,
deidentify_template: Optional[dlp.DeidentifyTemplate] = None,
retry: OptionalRetry = gapic_v1.method.DEFAULT,
timeout: Union[float, object] = gapic_v1.method.DEFAULT,
metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
) -> dlp.DeidentifyTemplate: ...Job Management
Long-running batch operations for processing large datasets, including scheduled triggers, hybrid content inspection, and job lifecycle management.
def create_dlp_job(
request: dlp.CreateDlpJobRequest,
*,
parent: Optional[str] = None,
inspect_job: Optional[dlp.InspectJobConfig] = None,
risk_job: Optional[dlp.RiskAnalysisJobConfig] = None,
retry: OptionalRetry = gapic_v1.method.DEFAULT,
timeout: Union[float, object] = gapic_v1.method.DEFAULT,
metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
) -> dlp.DlpJob: ...
def create_job_trigger(
request: dlp.CreateJobTriggerRequest,
*,
parent: Optional[str] = None,
job_trigger: Optional[dlp.JobTrigger] = None,
retry: OptionalRetry = gapic_v1.method.DEFAULT,
timeout: Union[float, object] = gapic_v1.method.DEFAULT,
metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
) -> dlp.JobTrigger: ...Data Discovery
Automated scanning and profiling of cloud data sources to understand data distribution, sensitivity, and compliance posture across BigQuery, Cloud Storage, Cloud SQL, and more.
def create_discovery_config(
request: dlp.CreateDiscoveryConfigRequest,
*,
parent: Optional[str] = None,
discovery_config: Optional[dlp.DiscoveryConfig] = None,
retry: OptionalRetry = gapic_v1.method.DEFAULT,
timeout: Union[float, object] = gapic_v1.method.DEFAULT,
metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
) -> dlp.DiscoveryConfig: ...Data Profiling
Access to data profiles and insights generated by discovery scans, providing visibility into data sensitivity, distribution, and risk levels across projects, tables, columns, and file stores.
def get_project_data_profile(
request: dlp.GetProjectDataProfileRequest,
*,
name: Optional[str] = None,
retry: OptionalRetry = gapic_v1.method.DEFAULT,
timeout: Union[float, object] = gapic_v1.method.DEFAULT,
metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
) -> dlp.ProjectDataProfile: ...
def get_table_data_profile(
request: dlp.GetTableDataProfileRequest,
*,
name: Optional[str] = None,
retry: OptionalRetry = gapic_v1.method.DEFAULT,
timeout: Union[float, object] = gapic_v1.method.DEFAULT,
metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
) -> dlp.TableDataProfile: ...
def get_column_data_profile(
request: dlp.GetColumnDataProfileRequest,
*,
name: Optional[str] = None,
retry: OptionalRetry = gapic_v1.method.DEFAULT,
timeout: Union[float, object] = gapic_v1.method.DEFAULT,
metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
) -> dlp.ColumnDataProfile: ...
def get_file_store_data_profile(
request: dlp.GetFileStoreDataProfileRequest,
*,
name: Optional[str] = None,
retry: OptionalRetry = gapic_v1.method.DEFAULT,
timeout: Union[float, object] = gapic_v1.method.DEFAULT,
metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
) -> dlp.FileStoreDataProfile: ...Stored Info Types
Custom sensitive information detection patterns for organization-specific data types. Extends built-in detectors with custom dictionaries, regular expressions, and machine learning models.
def create_stored_info_type(
request: dlp.CreateStoredInfoTypeRequest,
*,
parent: Optional[str] = None,
config: Optional[dlp.StoredInfoTypeConfig] = None,
retry: OptionalRetry = gapic_v1.method.DEFAULT,
timeout: Union[float, object] = gapic_v1.method.DEFAULT,
metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
) -> dlp.StoredInfoType: ...Connection Management
External data source connections for accessing data outside Google Cloud, including database connections, cloud storage from other providers, and hybrid environments.
def create_connection(
request: dlp.CreateConnectionRequest,
*,
parent: Optional[str] = None,
connection: Optional[dlp.Connection] = None,
retry: OptionalRetry = gapic_v1.method.DEFAULT,
timeout: Union[float, object] = gapic_v1.method.DEFAULT,
metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
) -> dlp.Connection: ...Core Types
Client Classes
class DlpServiceClient:
"""Synchronous client for Google Cloud DLP service operations."""
def __init__(
self,
*,
credentials: Optional[ga_credentials.Credentials] = None,
transport: Optional[DlpServiceTransport] = None,
client_options: Optional[ClientOptions] = None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
) -> None: ...
class DlpServiceAsyncClient:
"""Asynchronous client for Google Cloud DLP service operations."""
def __init__(
self,
*,
credentials: Optional[ga_credentials.Credentials] = None,
transport: Optional[DlpServiceAsyncTransport] = None,
client_options: Optional[ClientOptions] = None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
) -> None: ...Core Data Types
class ContentItem:
"""Container for content to be inspected."""
value: str
table: Table
byte_item: ByteContentItem
class InfoType:
"""Type of information detector."""
name: str
version: str
sensitivity_score: SensitivityScore
class Finding:
"""Detected sensitive information."""
info_type: InfoType
likelihood: Likelihood
location: Location
quote: str
quote_info: QuoteInfo
class InspectConfig:
"""Configuration for content inspection."""
info_types: Sequence[InfoType]
min_likelihood: Likelihood
limits: InspectConfig.FindingLimits
include_quote: bool
exclude_info_types: boolTransformation Types
class DeidentifyConfig:
"""Configuration for content de-identification."""
info_type_transformations: InfoTypeTransformations
record_transformations: RecordTransformations
transformation_error_handling: TransformationErrorHandling
class PrimitiveTransformation:
"""Basic data transformation operations."""
replace_config: ReplaceValueConfig
redact_config: RedactConfig
character_mask_config: CharacterMaskConfig
crypto_replace_ffx_fpe_config: CryptoReplaceFfxFpeConfig
fixed_size_bucketing_config: FixedSizeBucketingConfig
bucketing_config: BucketingConfig
replace_dictionary_config: ReplaceDictionaryConfig
time_part_config: TimePartConfig
crypto_hash_config: CryptoHashConfig
date_shift_config: DateShiftConfig
crypto_deterministic_config: CryptoDeterministicConfigEnumeration Types
class Likelihood(proto.Enum):
"""Likelihood levels for detection confidence."""
LIKELIHOOD_UNSPECIFIED = 0
VERY_UNLIKELY = 1
UNLIKELY = 2
POSSIBLE = 3
LIKELY = 4
VERY_LIKELY = 5
class FileType(proto.Enum):
"""Supported file types for processing."""
FILE_TYPE_UNSPECIFIED = 0
BINARY_FILE = 1
TEXT_FILE = 2
IMAGE = 3
WORD = 5
PDF = 6
AVRO = 7
CSV = 8
TSV = 9
POWERPOINT = 11
EXCEL = 12