package main
//TIP <p>To run your code, right-click the code and select <b>Run</b>.</p> <p>Alternatively, click
// the <icon src="AllIcons.Actions.Execute"/> icon in the gutter and select the <b>Run</b> menu item from here.</p>
import (
dlp "cloud.google.com/go/dlp/apiv2"
"cloud.google.com/go/dlp/apiv2/dlppb"
"context"
"fmt"
)
// deIdentifyDeterministicEncryption de-identifies through deterministic encryption
func deIdentifyDeterministicEncryption() error {
projectID := "****"
inputStr := "My SSN is 111111111"
infoTypeNames := []string{"US_SOCIAL_SECURITY_NUMBER"}
cryptoKeyName := "*****-key"
keyFileName := fmt.Sprintf("projects/****/locations/**/keyRings/******/cryptoKeys/%s", cryptoKeyName)
surrogateInfoType := "SSN_TOKEN"
ctx := context.Background()
// Initialize a client once and reuse it to send multiple requests. Clients
// are safe to use across goroutines. When the client is no longer needed,
// call the Close method to cleanup its resources.
client, err := dlp.NewClient(ctx)
if err != nil {
return err
}
// Closing the client safely cleans up background resources.
defer client.Close()
// Specify an encrypted AES-256 key and the name of the Cloud KMS key that encrypted it.
//wrappedKey, err := base64.StdEncoding.DecodeString(cryptoKeyName)
//if err != nil {
// return err
//}
// Specify the type of info the inspection will look for.
// See https://cloud.google.com/dlp/docs/infotypes-reference for complete list of info types
var infoTypes []*dlppb.InfoType
for _, it := range infoTypeNames {
infoTypes = append(infoTypes, &dlppb.InfoType{Name: it})
}
// Specify the key used by the encryption function for deterministic encryption.
cryptoReplaceDeterministicConfig := &dlppb.CryptoDeterministicConfig{
CryptoKey: &dlppb.CryptoKey{
Source: &dlppb.CryptoKey_KmsWrapped{
KmsWrapped: &dlppb.KmsWrappedCryptoKey{
WrappedKey: []byte(cryptoKeyName),
CryptoKeyName: keyFileName,
},
},
},
SurrogateInfoType: &dlppb.InfoType{
Name: surrogateInfoType,
},
}
// Specifying the info-types to look for.
inspectConfig := &dlppb.InspectConfig{
InfoTypes: infoTypes,
}
// Specify what content you want the service to de-identify.
contentItem := &dlppb.ContentItem{
DataItem: &dlppb.ContentItem_Value{
Value: inputStr,
},
}
// Specifying the deterministic crypto.
primitiveTransformation := &dlppb.PrimitiveTransformation{
Transformation: &dlppb.PrimitiveTransformation_CryptoDeterministicConfig{
CryptoDeterministicConfig: cryptoReplaceDeterministicConfig,
},
}
// Construct a de-identification config for de-identify deterministic request.
deIdentifyConfig := &dlppb.DeidentifyConfig{
Transformation: &dlppb.DeidentifyConfig_InfoTypeTransformations{
InfoTypeTransformations: &dlppb.InfoTypeTransformations{
Transformations: []*dlppb.InfoTypeTransformations_InfoTypeTransformation{
{
PrimitiveTransformation: primitiveTransformation,
},
},
},
},
}
// Construct the de-identification request to be sent by the client.
req := &dlppb.DeidentifyContentRequest{
Parent: fmt.Sprintf("projects/%s/locations/us", projectID),
DeidentifyConfig: deIdentifyConfig,
InspectConfig: inspectConfig,
Item: contentItem,
}
// Send the request.
resp, err := client.DeidentifyContent(ctx, req)
if err != nil {
return err
}
// Print the results.
fmt.Printf("output : %v", resp.GetItem().GetValue())
return nil
}
func main() {
//TIP <p>Press <shortcut actionId="ShowIntentionActions"/> when your caret is at the underlined text
// to see how GoLand suggests fixing the warning.</p><p>Alternatively, if available, click the lightbulb to view possible fixes.</p>
err := deIdentifyDeterministicEncryption()
fmt.Println(err)
}