Create a Sensitive Data Protection inspection template

This quickstart shows you how to create and use a Sensitive Data Protection inspectiontemplate in the Google Cloud console.Sensitive Data Protection inspection templateslet you create and persist configuration information in Sensitive Data Protection.

To complete this quickstart, you need to have data that you can scan inCloud Storage, BigQuery, or Firestore in Datastore mode (Datastore).

To follow step-by-step guidance for this task directly in the Google Cloud console, clickGuide me:

Guide me

Before you begin

  1. Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.

  2. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Roles required to select or create a project

    • Select a project: Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
    • Create a project: To create a project, you need the Project Creator role (roles/resourcemanager.projectCreator), which contains theresourcemanager.projects.create permission.Learn how to grant roles.
    Note: If you don't plan to keep the resources that you create in this procedure, create a project instead of selecting an existing project. After you finish these steps, you can delete the project, removing all resources associated with the project.

    Go to project selector

  3. Verify that billing is enabled for your Google Cloud project.

  4. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Roles required to select or create a project

    • Select a project: Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
    • Create a project: To create a project, you need the Project Creator role (roles/resourcemanager.projectCreator), which contains theresourcemanager.projects.create permission.Learn how to grant roles.
    Note: If you don't plan to keep the resources that you create in this procedure, create a project instead of selecting an existing project. After you finish these steps, you can delete the project, removing all resources associated with the project.

    Go to project selector

  5. Verify that billing is enabled for your Google Cloud project.

  6. Enable the Sensitive Data Protection API.

    Roles required to enable APIs

    To enable APIs, you need the Service Usage Admin IAM role (roles/serviceusage.serviceUsageAdmin), which contains theserviceusage.services.enable permission.Learn how to grant roles.

    Enable the API

Create a template

In the following sections, you configure and create an inspection template.

Define template

  1. In the Sensitive Data Protection section of the Google Cloud console, goto theCreate template page.

    Go to Create template

  2. On theCreate template page, define the following options:

    • ForTemplate type, use the default settingInspect (find sensitivedata).

    • ForTemplate ID, enterquickstart-template.

    • ForDisplay name, enterQuickstart template.

    • ForDescription, leave the field empty.

    • ForResource location, use the default settingGlobal (anyregion).

  3. ClickContinue.

Configure detection

You now configure the template to detect for an infoType such as credit card numbers.

  1. In theConfigure detection section of theCreate template page, dothe following:

    • In theInfoTypes section, clickManage infoTypes, select theinfoTypes that you want to scan for, and then clickDone.

    • In theConfidence threshold section, selectPossiblefrom theLikelihood list.

      The default valuePossible is sufficient for most purposes. Ifyou routinely get matches that are too broad when you use thistemplate, move the slider up. If you get too few matches, move theslider down.

  2. To create the template, clickCreate.

    The template's summary information page appears. To return to the mainSensitive Data Protection page, clickInspection template details.

Use the template

The following steps describe how to configure the template for use in a scan:

  1. In the Google Cloud console, go to theCreate job or job trigger page.

    Go to Create job or job trigger

  2. Follow the prompts to create an inspection job or job trigger (a recurring job). When you are prompted to configure the detection, select the template that you created.

Clean up

To avoid incurring charges to your Google Cloud account for the resources used on this page, follow these steps.

Delete the project

The easiest way to eliminate billing is to delete the project that you created for the tutorial.

To delete the project:

    Caution: Deleting a project has the following effects:
    • Everything in the project is deleted. If you used an existing project for the tasks in this document, when you delete it, you also delete any other work you've done in the project.
    • Custom project IDs are lost. When you created this project, you might have created a custom project ID that you want to use in the future. To preserve the URLs that use the project ID, such as anappspot.com URL, delete selected resources inside the project instead of deleting the whole project.

    If you plan to explore multiple architectures, tutorials, or quickstarts, reusing projects can help you avoid exceeding project quota limits.

  1. In the Google Cloud console, go to theManage resources page.

    Go to Manage resources

  2. In the project list, select the project that you want to delete, and then clickDelete.
  3. In the dialog, type the project ID, and then clickShut down to delete the project.

Delete the template

There are no costs associated with creating and storing templates. However, ifyou want to delete a template, follow these steps:

  1. In the Google Cloud console, go to theConfiguration tab of Sensitive Data Protection.

    Go to Configuration

  2. Select the project that contains the inspection template that you want to delete.

  3. On theConfiguration tab, click theTemplates subtab. The Google Cloud console displays a list of all templates for the current project.

  4. In theActions column for the template you want to delete, click the trigger actions menu, clickDelete, and then clickConfirm.

What's next

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-12-17 UTC.