docs/dyn/dlp_v2.projects.content.html

<html><body>
<style>

body, h1, h2, h3, div, span, p, pre, a {
  margin: 0;
  padding: 0;
  border: 0;
  font-weight: inherit;
  font-style: inherit;
  font-size: 100%;
  font-family: inherit;
  vertical-align: baseline;
}

body {
  font-size: 13px;
  padding: 1em;
}

h1 {
  font-size: 26px;
  margin-bottom: 1em;
}

h2 {
  font-size: 24px;
  margin-bottom: 1em;
}

h3 {
  font-size: 20px;
  margin-bottom: 1em;
  margin-top: 1em;
}

pre, code {
  line-height: 1.5;
  font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
}

pre {
  margin-top: 0.5em;
}

h1, h2, h3, p {
  font-family: Arial, sans serif;
}

h1, h2, h3 {
  border-bottom: solid #CCC 1px;
}

.toc_element {
  margin-top: 0.5em;
}

.firstline {
  margin-left: 2 em;
}

.method  {
  margin-top: 1em;
  border: solid 1px #CCC;
  padding: 1em;
  background: #EEE;
}

.details {
  font-weight: bold;
  font-size: 14px;
}

</style>

<h1><a href="dlp_v2.html">Cloud Data Loss Prevention (DLP) API</a> . <a href="dlp_v2.projects.html">projects</a> . <a href="dlp_v2.projects.content.html">content</a></h1>
<h2>Instance Methods</h2>
<p class="toc_element">
  <code><a href="#deidentify">deidentify(parent, body=None, x__xgafv=None)</a></code></p>
<p class="firstline">De-identifies potentially sensitive info from a ContentItem.</p>
<p class="toc_element">
  <code><a href="#inspect">inspect(parent, body=None, x__xgafv=None)</a></code></p>
<p class="firstline">Finds potentially sensitive info in content.</p>
<p class="toc_element">
  <code><a href="#reidentify">reidentify(parent, body=None, x__xgafv=None)</a></code></p>
<p class="firstline">Re-identifies content that has been de-identified.</p>
<h3>Method Details</h3>
<div class="method">
    <code class="details" id="deidentify">deidentify(parent, body=None, x__xgafv=None)</code>
  <pre>De-identifies potentially sensitive info from a ContentItem.
This method has limits on input size and output size.
See https://cloud.google.com/dlp/docs/deidentify-sensitive-data to
learn more.

When no InfoTypes or CustomInfoTypes are specified in this request, the
system will automatically choose what detectors to run. By default this may
be all types, but may change over time as detectors are updated.

Args:
  parent: string, The parent resource name, for example projects/my-project-id. (required)
  body: object, The request body.
    The object takes the form of:

{ # Request to de-identify a list of items.
    &quot;item&quot;: { # Container structure for the content to inspect. # The item to de-identify. Will be treated as text.
      &quot;byteItem&quot;: { # Container for bytes to inspect or redact. # Content data to inspect or redact. Replaces `type` and `data`.
        &quot;type&quot;: &quot;A String&quot;, # The type of data stored in the bytes string. Default will be TEXT_UTF8.
        &quot;data&quot;: &quot;A String&quot;, # Content data to inspect or redact.
      },
      &quot;value&quot;: &quot;A String&quot;, # String data to inspect or redact.
      &quot;table&quot;: { # Structured content to inspect. Up to 50,000 `Value`s per request allowed. # Structured content for inspection. See
          # https://cloud.google.com/dlp/docs/inspecting-text#inspecting_a_table to
          # learn more.
          # See https://cloud.google.com/dlp/docs/inspecting-text#inspecting_a_table to
          # learn more.
        &quot;rows&quot;: [ # Rows of the table.
          { # Values of the row.
            &quot;values&quot;: [ # Individual cells.
              { # Set of primitive values supported by the system.
                  # Note that for the purposes of inspection or transformation, the number
                  # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                  # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                  # 123456789, the number of bytes would be counted as 9, even though an
                  # int64 only holds up to 8 bytes of data.
                &quot;booleanValue&quot;: True or False, # boolean
                &quot;floatValue&quot;: 3.14, # float
                &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                    # and time zone are either specified elsewhere or are not significant. The date
                    # is relative to the Proleptic Gregorian Calendar. This can represent:
                    #
                    # * A full date, with non-zero year, month and day values
                    # * A month and day value, with a zero year, e.g. an anniversary
                    # * A year on its own, with zero month and day values
                    # * A year and month value, with a zero day, e.g. a credit card expiration date
                    #
                    # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                  &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                      # a year.
                  &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                      # month and day.
                  &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                      # if specifying a year by itself or a year and month where the day is not
                      # significant.
                },
                &quot;stringValue&quot;: &quot;A String&quot;, # string
                &quot;integerValue&quot;: &quot;A String&quot;, # integer
                &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                    # or are specified elsewhere. An API may choose to allow leap seconds. Related
                    # types are google.type.Date and `google.protobuf.Timestamp`.
                  &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                      # allow the value 60 if it allows leap-seconds.
                  &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                  &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                      # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                  &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                },
              },
            ],
          },
        ],
        &quot;headers&quot;: [ # Headers of the table.
          { # General identifier of a data field in a storage service.
            &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
          },
        ],
      },
    },
    &quot;inspectTemplateName&quot;: &quot;A String&quot;, # Template to use. Any configuration directly specified in
        # inspect_config will override those set in the template. Singular fields
        # that are set in this request will replace their corresponding fields in the
        # template. Repeated fields are appended. Singular sub-messages and groups
        # are recursively merged.
    &quot;deidentifyTemplateName&quot;: &quot;A String&quot;, # Template to use. Any configuration directly specified in
        # deidentify_config will override those set in the template. Singular fields
        # that are set in this request will replace their corresponding fields in the
        # template. Repeated fields are appended. Singular sub-messages and groups
        # are recursively merged.
    &quot;inspectConfig&quot;: { # Configuration description of the scanning process. # Configuration for the inspector.
        # Items specified here will override the template referenced by the
        # inspect_template_name argument.
        # When used with redactContent only info_types and min_likelihood are currently
        # used.
      &quot;includeQuote&quot;: True or False, # When true, a contextual quote from the data that triggered a finding is
          # included in the response; see Finding.quote.
      &quot;ruleSet&quot;: [ # Set of rules to apply to the findings for this InspectConfig.
          # Exclusion rules, contained in the set are executed in the end, other
          # rules are executed in the order they are specified for each info type.
        { # Rule set for modifying a set of infoTypes to alter behavior under certain
            # circumstances, depending on the specific details of the rules within the set.
          &quot;infoTypes&quot;: [ # List of infoTypes this rule set is applied to.
            { # Type of information detected by the API.
              &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
                  # creating a CustomInfoType, or one of the names listed
                  # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
                  # a built-in type. InfoType names should conform to the pattern
                  # `[a-zA-Z0-9_]{1,64}`.
            },
          ],
          &quot;rules&quot;: [ # Set of rules to be applied to infoTypes. The rules are applied in order.
            { # A single inspection rule to be applied to infoTypes, specified in
                # `InspectionRuleSet`.
              &quot;hotwordRule&quot;: { # The rule that adjusts the likelihood of findings within a certain # Hotword-based detection rule.
                  # proximity of hotwords.
                &quot;likelihoodAdjustment&quot;: { # Message for specifying an adjustment to the likelihood of a finding as # Likelihood adjustment to apply to all matching findings.
                    # part of a detection rule.
                  &quot;relativeLikelihood&quot;: 42, # Increase or decrease the likelihood by the specified number of
                      # levels. For example, if a finding would be `POSSIBLE` without the
                      # detection rule and `relative_likelihood` is 1, then it is upgraded to
                      # `LIKELY`, while a value of -1 would downgrade it to `UNLIKELY`.
                      # Likelihood may never drop below `VERY_UNLIKELY` or exceed
                      # `VERY_LIKELY`, so applying an adjustment of 1 followed by an
                      # adjustment of -1 when base likelihood is `VERY_LIKELY` will result in
                      # a final likelihood of `LIKELY`.
                  &quot;fixedLikelihood&quot;: &quot;A String&quot;, # Set the likelihood of a finding to a fixed value.
                },
                &quot;hotwordRegex&quot;: { # Message defining a custom regular expression. # Regular expression pattern defining what qualifies as a hotword.
                  &quot;groupIndexes&quot;: [ # The index of the submatch to extract as findings. When not
                      # specified, the entire match is returned. No more than 3 may be included.
                    42,
                  ],
                  &quot;pattern&quot;: &quot;A String&quot;, # Pattern defining the regular expression. Its syntax
                      # (https://github.com/google/re2/wiki/Syntax) can be found under the
                      # google/re2 repository on GitHub.
                },
                &quot;proximity&quot;: { # Message for specifying a window around a finding to apply a detection # Proximity of the finding within which the entire hotword must reside.
                    # The total length of the window cannot exceed 1000 characters. Note that
                    # the finding itself will be included in the window, so that hotwords may
                    # be used to match substrings of the finding itself. For example, the
                    # certainty of a phone number regex &quot;\(\d{3}\) \d{3}-\d{4}&quot; could be
                    # adjusted upwards if the area code is known to be the local area code of
                    # a company office using the hotword regex &quot;\(xxx\)&quot;, where &quot;xxx&quot;
                    # is the area code in question.
                    # rule.
                  &quot;windowBefore&quot;: 42, # Number of characters before the finding to consider.
                  &quot;windowAfter&quot;: 42, # Number of characters after the finding to consider.
                },
              },
              &quot;exclusionRule&quot;: { # The rule that specifies conditions when findings of infoTypes specified in # Exclusion rule.
                  # `InspectionRuleSet` are removed from results.
                &quot;dictionary&quot;: { # Custom information type based on a dictionary of words or phrases. This can # Dictionary which defines the rule.
                    # be used to match sensitive information specific to the data, such as a list
                    # of employee IDs or job titles.
                    #
                    # Dictionary words are case-insensitive and all characters other than letters
                    # and digits in the unicode [Basic Multilingual
                    # Plane](https://en.wikipedia.org/wiki/Plane_%28Unicode%29#Basic_Multilingual_Plane)
                    # will be replaced with whitespace when scanning for matches, so the
                    # dictionary phrase &quot;Sam Johnson&quot; will match all three phrases &quot;sam johnson&quot;,
                    # &quot;Sam, Johnson&quot;, and &quot;Sam (Johnson)&quot;. Additionally, the characters
                    # surrounding any match must be of a different type than the adjacent
                    # characters within the word, so letters must be next to non-letters and
                    # digits next to non-digits. For example, the dictionary word &quot;jen&quot; will
                    # match the first three letters of the text &quot;jen123&quot; but will return no
                    # matches for &quot;jennifer&quot;.
                    #
                    # Dictionary words containing a large number of characters that are not
                    # letters or digits may result in unexpected findings because such characters
                    # are treated as whitespace. The
                    # [limits](https://cloud.google.com/dlp/limits) page contains details about
                    # the size limits of dictionaries. For dictionaries that do not fit within
                    # these constraints, consider using `LargeCustomDictionaryConfig` in the
                    # `StoredInfoType` API.
                  &quot;wordList&quot;: { # Message defining a list of words or phrases to search for in the data. # List of words or phrases to search for.
                    &quot;words&quot;: [ # Words or phrases defining the dictionary. The dictionary must contain
                        # at least one phrase and every phrase must contain at least 2 characters
                        # that are letters or digits. [required]
                      &quot;A String&quot;,
                    ],
                  },
                  &quot;cloudStoragePath&quot;: { # Message representing a single file or path in Cloud Storage. # Newline-delimited file of words in Cloud Storage. Only a single file
                      # is accepted.
                    &quot;path&quot;: &quot;A String&quot;, # A url representing a file or path (no wildcards) in Cloud Storage.
                        # Example: gs://[BUCKET_NAME]/dictionary.txt
                  },
                },
                &quot;regex&quot;: { # Message defining a custom regular expression. # Regular expression which defines the rule.
                  &quot;groupIndexes&quot;: [ # The index of the submatch to extract as findings. When not
                      # specified, the entire match is returned. No more than 3 may be included.
                    42,
                  ],
                  &quot;pattern&quot;: &quot;A String&quot;, # Pattern defining the regular expression. Its syntax
                      # (https://github.com/google/re2/wiki/Syntax) can be found under the
                      # google/re2 repository on GitHub.
                },
                &quot;excludeInfoTypes&quot;: { # List of exclude infoTypes. # Set of infoTypes for which findings would affect this rule.
                  &quot;infoTypes&quot;: [ # InfoType list in ExclusionRule rule drops a finding when it overlaps or
                      # contained within with a finding of an infoType from this list. For
                      # example, for `InspectionRuleSet.info_types` containing &quot;PHONE_NUMBER&quot;` and
                      # `exclusion_rule` containing `exclude_info_types.info_types` with
                      # &quot;EMAIL_ADDRESS&quot; the phone number findings are dropped if they overlap
                      # with EMAIL_ADDRESS finding.
                      # That leads to &quot;555-222-2222@example.org&quot; to generate only a single
                      # finding, namely email address.
                    { # Type of information detected by the API.
                      &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
                          # creating a CustomInfoType, or one of the names listed
                          # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
                          # a built-in type. InfoType names should conform to the pattern
                          # `[a-zA-Z0-9_]{1,64}`.
                    },
                  ],
                },
                &quot;matchingType&quot;: &quot;A String&quot;, # How the rule is applied, see MatchingType documentation for details.
              },
            },
          ],
        },
      ],
      &quot;limits&quot;: { # Configuration to control the number of findings returned. # Configuration to control the number of findings returned.
        &quot;maxFindingsPerItem&quot;: 42, # Max number of findings that will be returned for each item scanned.
            # When set within `InspectJobConfig`,
            # the maximum returned is 2000 regardless if this is set higher.
            # When set within `InspectContentRequest`, this field is ignored.
        &quot;maxFindingsPerInfoType&quot;: [ # Configuration of findings limit given for specified infoTypes.
          { # Max findings configuration per infoType, per content item or long
              # running DlpJob.
            &quot;maxFindings&quot;: 42, # Max findings limit for the given infoType.
            &quot;infoType&quot;: { # Type of information detected by the API. # Type of information the findings limit applies to. Only one limit per
                # info_type should be provided. If InfoTypeLimit does not have an
                # info_type, the DLP API applies the limit against all info_types that
                # are found but not specified in another InfoTypeLimit.
              &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
                  # creating a CustomInfoType, or one of the names listed
                  # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
                  # a built-in type. InfoType names should conform to the pattern
                  # `[a-zA-Z0-9_]{1,64}`.
            },
          },
        ],
        &quot;maxFindingsPerRequest&quot;: 42, # Max number of findings that will be returned per request/job.
            # When set within `InspectContentRequest`, the maximum returned is 2000
            # regardless if this is set higher.
      },
      &quot;contentOptions&quot;: [ # List of options defining data content to scan.
          # If empty, text, images, and other content will be included.
        &quot;A String&quot;,
      ],
      &quot;infoTypes&quot;: [ # Restricts what info_types to look for. The values must correspond to
          # InfoType values returned by ListInfoTypes or listed at
          # https://cloud.google.com/dlp/docs/infotypes-reference.
          #
          # When no InfoTypes or CustomInfoTypes are specified in a request, the
          # system may automatically choose what detectors to run. By default this may
          # be all types, but may change over time as detectors are updated.
          #
          # If you need precise control and predictability as to what detectors are
          # run you should specify specific InfoTypes listed in the reference,
          # otherwise a default list will be used, which may change over time.
        { # Type of information detected by the API.
          &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
              # creating a CustomInfoType, or one of the names listed
              # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
              # a built-in type. InfoType names should conform to the pattern
              # `[a-zA-Z0-9_]{1,64}`.
        },
      ],
      &quot;minLikelihood&quot;: &quot;A String&quot;, # Only returns findings equal or above this threshold. The default is
          # POSSIBLE.
          # See https://cloud.google.com/dlp/docs/likelihood to learn more.
      &quot;excludeInfoTypes&quot;: True or False, # When true, excludes type information of the findings.
      &quot;customInfoTypes&quot;: [ # CustomInfoTypes provided by the user. See
          # https://cloud.google.com/dlp/docs/creating-custom-infotypes to learn more.
        { # Custom information type provided by the user. Used to find domain-specific
            # sensitive information configurable to the data in question.
          &quot;likelihood&quot;: &quot;A String&quot;, # Likelihood to return for this CustomInfoType. This base value can be
              # altered by a detection rule if the finding meets the criteria specified by
              # the rule. Defaults to `VERY_LIKELY` if not specified.
          &quot;infoType&quot;: { # Type of information detected by the API. # CustomInfoType can either be a new infoType, or an extension of built-in
              # infoType, when the name matches one of existing infoTypes and that infoType
              # is specified in `InspectContent.info_types` field. Specifying the latter
              # adds findings to the one detected by the system. If built-in info type is
              # not specified in `InspectContent.info_types` list then the name is treated
              # as a custom info type.
            &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
                # creating a CustomInfoType, or one of the names listed
                # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
                # a built-in type. InfoType names should conform to the pattern
                # `[a-zA-Z0-9_]{1,64}`.
          },
          &quot;regex&quot;: { # Message defining a custom regular expression. # Regular expression based CustomInfoType.
            &quot;groupIndexes&quot;: [ # The index of the submatch to extract as findings. When not
                # specified, the entire match is returned. No more than 3 may be included.
              42,
            ],
            &quot;pattern&quot;: &quot;A String&quot;, # Pattern defining the regular expression. Its syntax
                # (https://github.com/google/re2/wiki/Syntax) can be found under the
                # google/re2 repository on GitHub.
          },
          &quot;detectionRules&quot;: [ # Set of detection rules to apply to all findings of this CustomInfoType.
              # Rules are applied in order that they are specified. Not supported for the
              # `surrogate_type` CustomInfoType.
            { # Deprecated; use `InspectionRuleSet` instead. Rule for modifying a
                # `CustomInfoType` to alter behavior under certain circumstances, depending
                # on the specific details of the rule. Not supported for the `surrogate_type`
                # custom infoType.
              &quot;hotwordRule&quot;: { # The rule that adjusts the likelihood of findings within a certain # Hotword-based detection rule.
                  # proximity of hotwords.
                &quot;likelihoodAdjustment&quot;: { # Message for specifying an adjustment to the likelihood of a finding as # Likelihood adjustment to apply to all matching findings.
                    # part of a detection rule.
                  &quot;relativeLikelihood&quot;: 42, # Increase or decrease the likelihood by the specified number of
                      # levels. For example, if a finding would be `POSSIBLE` without the
                      # detection rule and `relative_likelihood` is 1, then it is upgraded to
                      # `LIKELY`, while a value of -1 would downgrade it to `UNLIKELY`.
                      # Likelihood may never drop below `VERY_UNLIKELY` or exceed
                      # `VERY_LIKELY`, so applying an adjustment of 1 followed by an
                      # adjustment of -1 when base likelihood is `VERY_LIKELY` will result in
                      # a final likelihood of `LIKELY`.
                  &quot;fixedLikelihood&quot;: &quot;A String&quot;, # Set the likelihood of a finding to a fixed value.
                },
                &quot;hotwordRegex&quot;: { # Message defining a custom regular expression. # Regular expression pattern defining what qualifies as a hotword.
                  &quot;groupIndexes&quot;: [ # The index of the submatch to extract as findings. When not
                      # specified, the entire match is returned. No more than 3 may be included.
                    42,
                  ],
                  &quot;pattern&quot;: &quot;A String&quot;, # Pattern defining the regular expression. Its syntax
                      # (https://github.com/google/re2/wiki/Syntax) can be found under the
                      # google/re2 repository on GitHub.
                },
                &quot;proximity&quot;: { # Message for specifying a window around a finding to apply a detection # Proximity of the finding within which the entire hotword must reside.
                    # The total length of the window cannot exceed 1000 characters. Note that
                    # the finding itself will be included in the window, so that hotwords may
                    # be used to match substrings of the finding itself. For example, the
                    # certainty of a phone number regex &quot;\(\d{3}\) \d{3}-\d{4}&quot; could be
                    # adjusted upwards if the area code is known to be the local area code of
                    # a company office using the hotword regex &quot;\(xxx\)&quot;, where &quot;xxx&quot;
                    # is the area code in question.
                    # rule.
                  &quot;windowBefore&quot;: 42, # Number of characters before the finding to consider.
                  &quot;windowAfter&quot;: 42, # Number of characters after the finding to consider.
                },
              },
            },
          ],
          &quot;exclusionType&quot;: &quot;A String&quot;, # If set to EXCLUSION_TYPE_EXCLUDE this infoType will not cause a finding
              # to be returned. It still can be used for rules matching.
          &quot;dictionary&quot;: { # Custom information type based on a dictionary of words or phrases. This can # A list of phrases to detect as a CustomInfoType.
              # be used to match sensitive information specific to the data, such as a list
              # of employee IDs or job titles.
              #
              # Dictionary words are case-insensitive and all characters other than letters
              # and digits in the unicode [Basic Multilingual
              # Plane](https://en.wikipedia.org/wiki/Plane_%28Unicode%29#Basic_Multilingual_Plane)
              # will be replaced with whitespace when scanning for matches, so the
              # dictionary phrase &quot;Sam Johnson&quot; will match all three phrases &quot;sam johnson&quot;,
              # &quot;Sam, Johnson&quot;, and &quot;Sam (Johnson)&quot;. Additionally, the characters
              # surrounding any match must be of a different type than the adjacent
              # characters within the word, so letters must be next to non-letters and
              # digits next to non-digits. For example, the dictionary word &quot;jen&quot; will
              # match the first three letters of the text &quot;jen123&quot; but will return no
              # matches for &quot;jennifer&quot;.
              #
              # Dictionary words containing a large number of characters that are not
              # letters or digits may result in unexpected findings because such characters
              # are treated as whitespace. The
              # [limits](https://cloud.google.com/dlp/limits) page contains details about
              # the size limits of dictionaries. For dictionaries that do not fit within
              # these constraints, consider using `LargeCustomDictionaryConfig` in the
              # `StoredInfoType` API.
            &quot;wordList&quot;: { # Message defining a list of words or phrases to search for in the data. # List of words or phrases to search for.
              &quot;words&quot;: [ # Words or phrases defining the dictionary. The dictionary must contain
                  # at least one phrase and every phrase must contain at least 2 characters
                  # that are letters or digits. [required]
                &quot;A String&quot;,
              ],
            },
            &quot;cloudStoragePath&quot;: { # Message representing a single file or path in Cloud Storage. # Newline-delimited file of words in Cloud Storage. Only a single file
                # is accepted.
              &quot;path&quot;: &quot;A String&quot;, # A url representing a file or path (no wildcards) in Cloud Storage.
                  # Example: gs://[BUCKET_NAME]/dictionary.txt
            },
          },
          &quot;storedType&quot;: { # A reference to a StoredInfoType to use with scanning. # Load an existing `StoredInfoType` resource for use in
              # `InspectDataSource`. Not currently supported in `InspectContent`.
            &quot;name&quot;: &quot;A String&quot;, # Resource name of the requested `StoredInfoType`, for example
                # `organizations/433245324/storedInfoTypes/432452342` or
                # `projects/project-id/storedInfoTypes/432452342`.
            &quot;createTime&quot;: &quot;A String&quot;, # Timestamp indicating when the version of the `StoredInfoType` used for
                # inspection was created. Output-only field, populated by the system.
          },
          &quot;surrogateType&quot;: { # Message for detecting output from deidentification transformations # Message for detecting output from deidentification transformations that
              # support reversing.
              # such as
              # [`CryptoReplaceFfxFpeConfig`](/dlp/docs/reference/rest/v2/organizations.deidentifyTemplates#cryptoreplaceffxfpeconfig).
              # These types of transformations are
              # those that perform pseudonymization, thereby producing a &quot;surrogate&quot; as
              # output. This should be used in conjunction with a field on the
              # transformation such as `surrogate_info_type`. This CustomInfoType does
              # not support the use of `detection_rules`.
          },
        },
      ],
    },
    &quot;deidentifyConfig&quot;: { # The configuration that controls how the data will change. # Configuration for the de-identification of the content item.
        # Items specified here will override the template referenced by the
        # deidentify_template_name argument.
      &quot;transformationErrorHandling&quot;: { # How to handle transformation errors during de-identification. A # Mode for handling transformation errors. If left unspecified, the default
          # mode is `TransformationErrorHandling.ThrowError`.
          # transformation error occurs when the requested transformation is incompatible
          # with the data. For example, trying to de-identify an IP address using a
          # `DateShift` transformation would result in a transformation error, since date
          # info cannot be extracted from an IP address.
          # Information about any incompatible transformations, and how they were
          # handled, is returned in the response as part of the
          # `TransformationOverviews`.
        &quot;throwError&quot;: { # Throw an error and fail the request when a transformation error occurs. # Throw an error
        },
        &quot;leaveUntransformed&quot;: { # Skips the data without modifying it if the requested transformation would # Ignore errors
            # cause an error. For example, if a `DateShift` transformation were applied
            # an an IP address, this mode would leave the IP address unchanged in the
            # response.
        },
      },
      &quot;recordTransformations&quot;: { # A type of transformation that is applied over structured data such as a # Treat the dataset as structured. Transformations can be applied to
          # specific locations within structured datasets, such as transforming
          # a column within a table.
          # table.
        &quot;recordSuppressions&quot;: [ # Configuration defining which records get suppressed entirely. Records that
            # match any suppression rule are omitted from the output.
          { # Configuration to suppress records whose suppression conditions evaluate to
              # true.
            &quot;condition&quot;: { # A condition for determining whether a transformation should be applied to # A condition that when it evaluates to true will result in the record being
                # evaluated to be suppressed from the transformed content.
                # a field.
              &quot;expressions&quot;: { # An expression, consisting or an operator and conditions. # An expression.
                &quot;logicalOperator&quot;: &quot;A String&quot;, # The operator to apply to the result of conditions. Default and currently
                    # only supported value is `AND`.
                &quot;conditions&quot;: { # A collection of conditions. # Conditions to apply to the expression.
                  &quot;conditions&quot;: [ # A collection of conditions.
                    { # The field type of `value` and `field` do not need to match to be
                        # considered equal, but not all comparisons are possible.
                        # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types,
                        # but all other comparisons are invalid with incompatible types.
                        # A `value` of type:
                        #
                        # - `string` can be compared against all other types
                        # - `boolean` can only be compared against other booleans
                        # - `integer` can be compared against doubles or a string if the string value
                        # can be parsed as an integer.
                        # - `double` can be compared against integers or a string if the string can
                        # be parsed as a double.
                        # - `Timestamp` can be compared against strings in RFC 3339 date string
                        # format.
                        # - `TimeOfDay` can be compared against timestamps and strings in the format
                        # of &#x27;HH:mm:ss&#x27;.
                        #
                        # If we fail to compare do to type mismatch, a warning will be given and
                        # the condition will evaluate to false.
                      &quot;field&quot;: { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.
                        &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
                      },
                      &quot;operator&quot;: &quot;A String&quot;, # Required. Operator used to compare the field or infoType to the value.
                      &quot;value&quot;: { # Set of primitive values supported by the system. # Value to compare against. [Mandatory, except for `EXISTS` tests.]
                          # Note that for the purposes of inspection or transformation, the number
                          # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                          # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                          # 123456789, the number of bytes would be counted as 9, even though an
                          # int64 only holds up to 8 bytes of data.
                        &quot;booleanValue&quot;: True or False, # boolean
                        &quot;floatValue&quot;: 3.14, # float
                        &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                        &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                        &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                            # and time zone are either specified elsewhere or are not significant. The date
                            # is relative to the Proleptic Gregorian Calendar. This can represent:
                            #
                            # * A full date, with non-zero year, month and day values
                            # * A month and day value, with a zero year, e.g. an anniversary
                            # * A year on its own, with zero month and day values
                            # * A year and month value, with a zero day, e.g. a credit card expiration date
                            #
                            # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                          &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                              # a year.
                          &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                              # month and day.
                          &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                              # if specifying a year by itself or a year and month where the day is not
                              # significant.
                        },
                        &quot;stringValue&quot;: &quot;A String&quot;, # string
                        &quot;integerValue&quot;: &quot;A String&quot;, # integer
                        &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                            # or are specified elsewhere. An API may choose to allow leap seconds. Related
                            # types are google.type.Date and `google.protobuf.Timestamp`.
                          &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                              # allow the value 60 if it allows leap-seconds.
                          &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                          &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                              # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                          &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                        },
                      },
                    },
                  ],
                },
              },
            },
          },
        ],
        &quot;fieldTransformations&quot;: [ # Transform the record by applying various field transformations.
          { # The transformation to apply to the field.
            &quot;fields&quot;: [ # Required. Input field(s) to apply the transformation to.
              { # General identifier of a data field in a storage service.
                &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
              },
            ],
            &quot;infoTypeTransformations&quot;: { # A type of transformation that will scan unstructured text and # Treat the contents of the field as free text, and selectively
                # transform content that matches an `InfoType`.
                # apply various `PrimitiveTransformation`s to each finding, where the
                # transformation is applied to only values that were identified as a specific
                # info_type.
              &quot;transformations&quot;: [ # Required. Transformation for each infoType. Cannot specify more than one
                  # for a given infoType.
                { # A transformation to apply to text that is identified as a specific
                    # info_type.
                  &quot;infoTypes&quot;: [ # InfoTypes to apply the transformation to. An empty list will cause
                      # this transformation to apply to all findings that correspond to
                      # infoTypes that were requested in `InspectConfig`.
                    { # Type of information detected by the API.
                      &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
                          # creating a CustomInfoType, or one of the names listed
                          # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
                          # a built-in type. InfoType names should conform to the pattern
                          # `[a-zA-Z0-9_]{1,64}`.
                    },
                  ],
                  &quot;primitiveTransformation&quot;: { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.
                    &quot;timePartConfig&quot;: { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
                        # portion of the value.
                      &quot;partToExtract&quot;: &quot;A String&quot;, # The part of the time to keep.
                    },
                    &quot;dateShiftConfig&quot;: { # Shifts dates by random number of days, with option to be consistent for the # Date Shift
                        # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
                        # to learn more.
                      &quot;context&quot;: { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id.
                          # If set, must also set cryptoKey. If set, shift will be consistent for the
                          # given context.
                        &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
                      },
                      &quot;upperBoundDays&quot;: 42, # Required. Range of shift in days. Actual shift will be selected at random within this
                          # range (inclusive ends). Negative means shift to earlier in time. Must not
                          # be more than 365250 days (1000 years) each direction.
                          #
                          # For example, 3 means shift date to at most 3 days into the future.
                      &quot;lowerBoundDays&quot;: 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
                      &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
                          # results in the same shift for the same context and crypto_key. If
                          # set, must also set context. Can only be applied to table items.
                          # a key encryption key (KEK) stored by KMS).
                          # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
                          # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
                          # unwrap the data crypto key.
                        &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
                            # The wrapped key must be a 128/192/256 bit key.
                            # Authorization requires the following IAM permissions when sending a request
                            # to perform a crypto transformation using a kms-wrapped crypto key:
                            # dlp.kms.encrypt
                          &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
                          &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
                        },
                        &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
                            # leaking the key. Choose another type of key if possible.
                          &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
                        },
                        &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
                            # It will be discarded after the request finishes.
                          &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
                              # This is an arbitrary string used to differentiate different keys.
                              # A unique key is generated per name: two separate `TransientCryptoKey`
                              # protos share the same generated key if their names are the same.
                              # When the data crypto key is generated, this name is not used in any way
                              # (repeating the api call will result in a different key being generated).
                        },
                      },
                    },
                    &quot;replaceWithInfoTypeConfig&quot;: { # Replace each matching finding with the name of the info_type. # Replace with infotype
                    },
                    &quot;cryptoHashConfig&quot;: { # Pseudonymization method that generates surrogates via cryptographic hashing. # Crypto
                        # Uses SHA-256.
                        # The key size must be either 32 or 64 bytes.
                        # Outputs a base64 encoded representation of the hashed output
                        # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).
                        # Currently, only string and integer values can be hashed.
                        # See https://cloud.google.com/dlp/docs/pseudonymization to learn more.
                      &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function.
                          # a key encryption key (KEK) stored by KMS).
                          # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
                          # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
                          # unwrap the data crypto key.
                        &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
                            # The wrapped key must be a 128/192/256 bit key.
                            # Authorization requires the following IAM permissions when sending a request
                            # to perform a crypto transformation using a kms-wrapped crypto key:
                            # dlp.kms.encrypt
                          &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
                          &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
                        },
                        &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
                            # leaking the key. Choose another type of key if possible.
                          &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
                        },
                        &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
                            # It will be discarded after the request finishes.
                          &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
                              # This is an arbitrary string used to differentiate different keys.
                              # A unique key is generated per name: two separate `TransientCryptoKey`
                              # protos share the same generated key if their names are the same.
                              # When the data crypto key is generated, this name is not used in any way
                              # (repeating the api call will result in a different key being generated).
                        },
                      },
                    },
                    &quot;cryptoReplaceFfxFpeConfig&quot;: { # Replaces an identifier with a surrogate using Format Preserving Encryption # Ffx-Fpe
                        # (FPE) with the FFX mode of operation; however when used in the
                        # `ReidentifyContent` API method, it serves the opposite function by reversing
                        # the surrogate back into the original identifier. The identifier must be
                        # encoded as ASCII. For a given crypto key and context, the same identifier
                        # will be replaced with the same surrogate. Identifiers must be at least two
                        # characters long. In the case that the identifier is the empty string, it will
                        # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn
                        # more.
                        #
                        # Note: We recommend using  CryptoDeterministicConfig for all use cases which
                        # do not require preserving the input alphabet space and size, plus warrant
                        # referential integrity.
                      &quot;customAlphabet&quot;: &quot;A String&quot;, # This is supported by mapping these to the alphanumeric characters
                          # that the FFX mode natively supports. This happens before/after
                          # encryption/decryption.
                          # Each character listed must appear only once.
                          # Number of characters must be in the range [2, 95].
                          # This must be encoded as ASCII.
                          # The order of characters does not matter.
                      &quot;commonAlphabet&quot;: &quot;A String&quot;, # Common alphabets.
                      &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom infoType to annotate the surrogate with.
                          # This annotation will be applied to the surrogate by prefixing it with
                          # the name of the custom infoType followed by the number of
                          # characters comprising the surrogate. The following scheme defines the
                          # format: info_type_name(surrogate_character_count):surrogate
                          #
                          # For example, if the name of custom infoType is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
                          # the surrogate is &#x27;abc&#x27;, the full replacement value
                          # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
                          #
                          # This annotation identifies the surrogate when inspecting content using the
                          # custom infoType
                          # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
                          # This facilitates reversal of the surrogate when it occurs in free text.
                          #
                          # In order for inspection to work properly, the name of this infoType must
                          # not occur naturally anywhere in your data; otherwise, inspection may
                          # find a surrogate that does not correspond to an actual identifier.
                          # Therefore, choose your custom infoType name carefully after considering
                          # what your data looks like. One way to select a name that has a high chance
                          # of yielding reliable detection is to include one or more unicode characters
                          # that are highly improbable to exist in your data.
                          # For example, assuming your data is entered from a regular ASCII keyboard,
                          # the symbol with the hex code point 29DD might be used like so:
                          # ⧝MY_TOKEN_TYPE
                        &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
                            # creating a CustomInfoType, or one of the names listed
                            # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
                            # a built-in type. InfoType names should conform to the pattern
                            # `[a-zA-Z0-9_]{1,64}`.
                      },
                      &quot;context&quot;: { # General identifier of a data field in a storage service. # The &#x27;tweak&#x27;, a context may be used for higher security since the same
                          # identifier in two different contexts won&#x27;t be given the same surrogate. If
                          # the context is not set, a default tweak will be used.
                          #
                          # If the context is set but:
                          #
                          # 1. there is no record present when transforming a given value or
                          # 1. the field is not present when transforming a given value,
                          #
                          # a default tweak will be used.
                          #
                          # Note that case (1) is expected when an `InfoTypeTransformation` is
                          # applied to both structured and non-structured `ContentItem`s.
                          # Currently, the referenced field may be of value type integer or string.
                          #
                          # The tweak is constructed as a sequence of bytes in big endian byte order
                          # such that:
                          #
                          # - a 64 bit integer is encoded followed by a single byte of value 1
                          # - a string is encoded in UTF-8 format followed by a single byte of value 2
                        &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
                      },
                      &quot;radix&quot;: 42, # The native way to select the alphabet. Must be in the range [2, 95].
                      &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Required. The key used by the encryption algorithm.
                          # a key encryption key (KEK) stored by KMS).
                          # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
                          # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
                          # unwrap the data crypto key.
                        &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
                            # The wrapped key must be a 128/192/256 bit key.
                            # Authorization requires the following IAM permissions when sending a request
                            # to perform a crypto transformation using a kms-wrapped crypto key:
                            # dlp.kms.encrypt
                          &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
                          &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
                        },
                        &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
                            # leaking the key. Choose another type of key if possible.
                          &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
                        },
                        &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
                            # It will be discarded after the request finishes.
                          &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
                              # This is an arbitrary string used to differentiate different keys.
                              # A unique key is generated per name: two separate `TransientCryptoKey`
                              # protos share the same generated key if their names are the same.
                              # When the data crypto key is generated, this name is not used in any way
                              # (repeating the api call will result in a different key being generated).
                        },
                      },
                    },
                    &quot;cryptoDeterministicConfig&quot;: { # Pseudonymization method that generates deterministic encryption for the given # Deterministic Crypto
                        # input. Outputs a base64 encoded representation of the encrypted output.
                        # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
                      &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
                          # This annotation will be applied to the surrogate by prefixing it with
                          # the name of the custom info type followed by the number of
                          # characters comprising the surrogate. The following scheme defines the
                          # format: {info type name}({surrogate character count}):{surrogate}
                          #
                          # For example, if the name of custom info type is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
                          # the surrogate is &#x27;abc&#x27;, the full replacement value
                          # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
                          #
                          # This annotation identifies the surrogate when inspecting content using the
                          # custom info type &#x27;Surrogate&#x27;. This facilitates reversal of the
                          # surrogate when it occurs in free text.
                          #
                          # Note: For record transformations where the entire cell in a table is being
                          # transformed, surrogates are not mandatory. Surrogates are used to denote
                          # the location of the token and are necessary for re-identification in free
                          # form text.
                          #
                          # In order for inspection to work properly, the name of this info type must
                          # not occur naturally anywhere in your data; otherwise, inspection may either
                          #
                          # - reverse a surrogate that does not correspond to an actual identifier
                          # - be unable to parse the surrogate and result in an error
                          #
                          # Therefore, choose your custom info type name carefully after considering
                          # what your data looks like. One way to select a name that has a high chance
                          # of yielding reliable detection is to include one or more unicode characters
                          # that are highly improbable to exist in your data.
                          # For example, assuming your data is entered from a regular ASCII keyboard,
                          # the symbol with the hex code point 29DD might be used like so:
                          # ⧝MY_TOKEN_TYPE.
                        &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
                            # creating a CustomInfoType, or one of the names listed
                            # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
                            # a built-in type. InfoType names should conform to the pattern
                            # `[a-zA-Z0-9_]{1,64}`.
                      },
                      &quot;context&quot;: { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
                          # referential integrity such that the same identifier in two different
                          # contexts will be given a distinct surrogate. The context is appended to
                          # plaintext value being encrypted. On decryption the provided context is
                          # validated against the value used during encryption. If a context was
                          # provided during encryption, same context must be provided during decryption
                          # as well.
                          #
                          # If the context is not set, plaintext would be used as is for encryption.
                          # If the context is set but:
                          #
                          # 1. there is no record present when transforming a given value or
                          # 2. the field is not present when transforming a given value,
                          #
                          # plaintext would be used as is for encryption.
                          #
                          # Note that case (1) is expected when an `InfoTypeTransformation` is
                          # applied to both structured and non-structured `ContentItem`s.
                        &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
                      },
                      &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
                          # a key encryption key (KEK) stored by KMS).
                          # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
                          # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
                          # unwrap the data crypto key.
                        &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
                            # The wrapped key must be a 128/192/256 bit key.
                            # Authorization requires the following IAM permissions when sending a request
                            # to perform a crypto transformation using a kms-wrapped crypto key:
                            # dlp.kms.encrypt
                          &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
                          &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
                        },
                        &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
                            # leaking the key. Choose another type of key if possible.
                          &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
                        },
                        &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
                            # It will be discarded after the request finishes.
                          &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
                              # This is an arbitrary string used to differentiate different keys.
                              # A unique key is generated per name: two separate `TransientCryptoKey`
                              # protos share the same generated key if their names are the same.
                              # When the data crypto key is generated, this name is not used in any way
                              # (repeating the api call will result in a different key being generated).
                        },
                      },
                    },
                    &quot;redactConfig&quot;: { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
                        # transforming PHONE_NUMBER, and input &#x27;My phone number is 206-555-0123&#x27;, the
                        # output would be &#x27;My phone number is &#x27;.
                    },
                    &quot;bucketingConfig&quot;: { # Generalization function that buckets values based on ranges. The ranges and # Bucketing
                        # replacement values are dynamically provided by the user for custom behavior,
                        # such as 1-30 -&gt; LOW 31-65 -&gt; MEDIUM 66-100 -&gt; HIGH
                        # This can be used on
                        # data of type: number, long, string, timestamp.
                        # If the bound `Value` type differs from the type of data being transformed, we
                        # will first attempt converting the type of the data to be transformed to match
                        # the type of the bound before comparing.
                        # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
                      &quot;buckets&quot;: [ # Set of buckets. Ranges must be non-overlapping.
                        { # Bucket is represented as a range, along with replacement values.
                          &quot;min&quot;: { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
                              # used.
                              # Note that for the purposes of inspection or transformation, the number
                              # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                              # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                              # 123456789, the number of bytes would be counted as 9, even though an
                              # int64 only holds up to 8 bytes of data.
                            &quot;booleanValue&quot;: True or False, # boolean
                            &quot;floatValue&quot;: 3.14, # float
                            &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                            &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                            &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                                # and time zone are either specified elsewhere or are not significant. The date
                                # is relative to the Proleptic Gregorian Calendar. This can represent:
                                #
                                # * A full date, with non-zero year, month and day values
                                # * A month and day value, with a zero year, e.g. an anniversary
                                # * A year on its own, with zero month and day values
                                # * A year and month value, with a zero day, e.g. a credit card expiration date
                                #
                                # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                              &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                                  # a year.
                              &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                                  # month and day.
                              &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                                  # if specifying a year by itself or a year and month where the day is not
                                  # significant.
                            },
                            &quot;stringValue&quot;: &quot;A String&quot;, # string
                            &quot;integerValue&quot;: &quot;A String&quot;, # integer
                            &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                                # or are specified elsewhere. An API may choose to allow leap seconds. Related
                                # types are google.type.Date and `google.protobuf.Timestamp`.
                              &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                                  # allow the value 60 if it allows leap-seconds.
                              &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                              &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                                  # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                              &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                            },
                          },
                          &quot;max&quot;: { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
                              # Note that for the purposes of inspection or transformation, the number
                              # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                              # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                              # 123456789, the number of bytes would be counted as 9, even though an
                              # int64 only holds up to 8 bytes of data.
                            &quot;booleanValue&quot;: True or False, # boolean
                            &quot;floatValue&quot;: 3.14, # float
                            &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                            &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                            &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                                # and time zone are either specified elsewhere or are not significant. The date
                                # is relative to the Proleptic Gregorian Calendar. This can represent:
                                #
                                # * A full date, with non-zero year, month and day values
                                # * A month and day value, with a zero year, e.g. an anniversary
                                # * A year on its own, with zero month and day values
                                # * A year and month value, with a zero day, e.g. a credit card expiration date
                                #
                                # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                              &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                                  # a year.
                              &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                                  # month and day.
                              &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                                  # if specifying a year by itself or a year and month where the day is not
                                  # significant.
                            },
                            &quot;stringValue&quot;: &quot;A String&quot;, # string
                            &quot;integerValue&quot;: &quot;A String&quot;, # integer
                            &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                                # or are specified elsewhere. An API may choose to allow leap seconds. Related
                                # types are google.type.Date and `google.protobuf.Timestamp`.
                              &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                                  # allow the value 60 if it allows leap-seconds.
                              &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                              &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                                  # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                              &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                            },
                          },
                          &quot;replacementValue&quot;: { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
                              # the default behavior will be to hyphenate the min-max range.
                              # Note that for the purposes of inspection or transformation, the number
                              # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                              # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                              # 123456789, the number of bytes would be counted as 9, even though an
                              # int64 only holds up to 8 bytes of data.
                            &quot;booleanValue&quot;: True or False, # boolean
                            &quot;floatValue&quot;: 3.14, # float
                            &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                            &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                            &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                                # and time zone are either specified elsewhere or are not significant. The date
                                # is relative to the Proleptic Gregorian Calendar. This can represent:
                                #
                                # * A full date, with non-zero year, month and day values
                                # * A month and day value, with a zero year, e.g. an anniversary
                                # * A year on its own, with zero month and day values
                                # * A year and month value, with a zero day, e.g. a credit card expiration date
                                #
                                # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                              &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                                  # a year.
                              &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                                  # month and day.
                              &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                                  # if specifying a year by itself or a year and month where the day is not
                                  # significant.
                            },
                            &quot;stringValue&quot;: &quot;A String&quot;, # string
                            &quot;integerValue&quot;: &quot;A String&quot;, # integer
                            &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                                # or are specified elsewhere. An API may choose to allow leap seconds. Related
                                # types are google.type.Date and `google.protobuf.Timestamp`.
                              &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                                  # allow the value 60 if it allows leap-seconds.
                              &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                              &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                                  # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                              &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                            },
                          },
                        },
                      ],
                    },
                    &quot;replaceConfig&quot;: { # Replace each input value with a given `Value`. # Replace
                      &quot;newValue&quot;: { # Set of primitive values supported by the system. # Value to replace it with.
                          # Note that for the purposes of inspection or transformation, the number
                          # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                          # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                          # 123456789, the number of bytes would be counted as 9, even though an
                          # int64 only holds up to 8 bytes of data.
                        &quot;booleanValue&quot;: True or False, # boolean
                        &quot;floatValue&quot;: 3.14, # float
                        &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                        &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                        &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                            # and time zone are either specified elsewhere or are not significant. The date
                            # is relative to the Proleptic Gregorian Calendar. This can represent:
                            #
                            # * A full date, with non-zero year, month and day values
                            # * A month and day value, with a zero year, e.g. an anniversary
                            # * A year on its own, with zero month and day values
                            # * A year and month value, with a zero day, e.g. a credit card expiration date
                            #
                            # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                          &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                              # a year.
                          &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                              # month and day.
                          &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                              # if specifying a year by itself or a year and month where the day is not
                              # significant.
                        },
                        &quot;stringValue&quot;: &quot;A String&quot;, # string
                        &quot;integerValue&quot;: &quot;A String&quot;, # integer
                        &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                            # or are specified elsewhere. An API may choose to allow leap seconds. Related
                            # types are google.type.Date and `google.protobuf.Timestamp`.
                          &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                              # allow the value 60 if it allows leap-seconds.
                          &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                          &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                              # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                          &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                        },
                      },
                    },
                    &quot;characterMaskConfig&quot;: { # Partially mask a string by replacing a given number of characters with a # Mask
                        # fixed character. Masking can start from the beginning or end of the string.
                        # This can be used on data of any type (numbers, longs, and so on) and when
                        # de-identifying structured data we&#x27;ll attempt to preserve the original data&#x27;s
                        # type. (This allows you to take a long like 123 and modify it to a string like
                        # **3.
                      &quot;reverseOrder&quot;: True or False, # Mask characters in reverse order. For example, if `masking_character` is
                          # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
                          # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
                          # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
                          # is `true`, then the string `12345` is masked as `12***`.
                      &quot;charactersToIgnore&quot;: [ # When masking a string, items in this list will be skipped when replacing
                          # characters. For example, if the input string is `555-555-5555` and you
                          # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
                          # returns `***-**5-5555`.
                        { # Characters to skip when doing deidentification of a value. These will be left
                            # alone and skipped.
                          &quot;charactersToSkip&quot;: &quot;A String&quot;, # Characters to not transform when masking.
                          &quot;commonCharactersToIgnore&quot;: &quot;A String&quot;, # Common characters to not transform when masking. Useful to avoid removing
                              # punctuation.
                        },
                      ],
                      &quot;numberToMask&quot;: 42, # Number of characters to mask. If not set, all matching chars will be
                          # masked. Skipped characters do not count towards this tally.
                      &quot;maskingCharacter&quot;: &quot;A String&quot;, # Character to use to mask the sensitive values&amp;mdash;for example, `*` for an
                          # alphabetic string such as a name, or `0` for a numeric string such as ZIP
                          # code or credit card number. This string must have a length of 1. If not
                          # supplied, this value defaults to `*` for strings, and `0` for digits.
                    },
                    &quot;fixedSizeBucketingConfig&quot;: { # Buckets values based on fixed size ranges. The # Fixed size bucketing
                        # Bucketing transformation can provide all of this functionality,
                        # but requires more configuration. This message is provided as a convenience to
                        # the user for simple bucketing strategies.
                        #
                        # The transformed value will be a hyphenated string of
                        # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
                        # all values that are within this bucket will be replaced with &quot;10-20&quot;.
                        #
                        # This can be used on data of type: double, long.
                        #
                        # If the bound Value type differs from the type of data
                        # being transformed, we will first attempt converting the type of the data to
                        # be transformed to match the type of the bound before comparing.
                        #
                        # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
                      &quot;lowerBound&quot;: { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
                          # grouped together into a single bucket; for example if `lower_bound` = 10,
                          # then all values less than 10 are replaced with the value &quot;-10&quot;.
                          # Note that for the purposes of inspection or transformation, the number
                          # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                          # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                          # 123456789, the number of bytes would be counted as 9, even though an
                          # int64 only holds up to 8 bytes of data.
                        &quot;booleanValue&quot;: True or False, # boolean
                        &quot;floatValue&quot;: 3.14, # float
                        &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                        &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                        &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                            # and time zone are either specified elsewhere or are not significant. The date
                            # is relative to the Proleptic Gregorian Calendar. This can represent:
                            #
                            # * A full date, with non-zero year, month and day values
                            # * A month and day value, with a zero year, e.g. an anniversary
                            # * A year on its own, with zero month and day values
                            # * A year and month value, with a zero day, e.g. a credit card expiration date
                            #
                            # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                          &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                              # a year.
                          &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                              # month and day.
                          &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                              # if specifying a year by itself or a year and month where the day is not
                              # significant.
                        },
                        &quot;stringValue&quot;: &quot;A String&quot;, # string
                        &quot;integerValue&quot;: &quot;A String&quot;, # integer
                        &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                            # or are specified elsewhere. An API may choose to allow leap seconds. Related
                            # types are google.type.Date and `google.protobuf.Timestamp`.
                          &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                              # allow the value 60 if it allows leap-seconds.
                          &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                          &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                              # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                          &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                        },
                      },
                      &quot;upperBound&quot;: { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
                          # grouped together into a single bucket; for example if `upper_bound` = 89,
                          # then all values greater than 89 are replaced with the value &quot;89+&quot;.
                          # Note that for the purposes of inspection or transformation, the number
                          # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                          # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                          # 123456789, the number of bytes would be counted as 9, even though an
                          # int64 only holds up to 8 bytes of data.
                        &quot;booleanValue&quot;: True or False, # boolean
                        &quot;floatValue&quot;: 3.14, # float
                        &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                        &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                        &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                            # and time zone are either specified elsewhere or are not significant. The date
                            # is relative to the Proleptic Gregorian Calendar. This can represent:
                            #
                            # * A full date, with non-zero year, month and day values
                            # * A month and day value, with a zero year, e.g. an anniversary
                            # * A year on its own, with zero month and day values
                            # * A year and month value, with a zero day, e.g. a credit card expiration date
                            #
                            # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                          &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                              # a year.
                          &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                              # month and day.
                          &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                              # if specifying a year by itself or a year and month where the day is not
                              # significant.
                        },
                        &quot;stringValue&quot;: &quot;A String&quot;, # string
                        &quot;integerValue&quot;: &quot;A String&quot;, # integer
                        &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                            # or are specified elsewhere. An API may choose to allow leap seconds. Related
                            # types are google.type.Date and `google.protobuf.Timestamp`.
                          &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                              # allow the value 60 if it allows leap-seconds.
                          &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                          &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                              # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                          &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                        },
                      },
                      &quot;bucketSize&quot;: 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
                          # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
                          # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
                          # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
                    },
                  },
                },
              ],
            },
            &quot;primitiveTransformation&quot;: { # A rule for transforming a value. # Apply the transformation to the entire field.
              &quot;timePartConfig&quot;: { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
                  # portion of the value.
                &quot;partToExtract&quot;: &quot;A String&quot;, # The part of the time to keep.
              },
              &quot;dateShiftConfig&quot;: { # Shifts dates by random number of days, with option to be consistent for the # Date Shift
                  # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
                  # to learn more.
                &quot;context&quot;: { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id.
                    # If set, must also set cryptoKey. If set, shift will be consistent for the
                    # given context.
                  &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
                },
                &quot;upperBoundDays&quot;: 42, # Required. Range of shift in days. Actual shift will be selected at random within this
                    # range (inclusive ends). Negative means shift to earlier in time. Must not
                    # be more than 365250 days (1000 years) each direction.
                    #
                    # For example, 3 means shift date to at most 3 days into the future.
                &quot;lowerBoundDays&quot;: 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
                &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
                    # results in the same shift for the same context and crypto_key. If
                    # set, must also set context. Can only be applied to table items.
                    # a key encryption key (KEK) stored by KMS).
                    # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
                    # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
                    # unwrap the data crypto key.
                  &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
                      # The wrapped key must be a 128/192/256 bit key.
                      # Authorization requires the following IAM permissions when sending a request
                      # to perform a crypto transformation using a kms-wrapped crypto key:
                      # dlp.kms.encrypt
                    &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
                    &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
                  },
                  &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
                      # leaking the key. Choose another type of key if possible.
                    &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
                  },
                  &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
                      # It will be discarded after the request finishes.
                    &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
                        # This is an arbitrary string used to differentiate different keys.
                        # A unique key is generated per name: two separate `TransientCryptoKey`
                        # protos share the same generated key if their names are the same.
                        # When the data crypto key is generated, this name is not used in any way
                        # (repeating the api call will result in a different key being generated).
                  },
                },
              },
              &quot;replaceWithInfoTypeConfig&quot;: { # Replace each matching finding with the name of the info_type. # Replace with infotype
              },
              &quot;cryptoHashConfig&quot;: { # Pseudonymization method that generates surrogates via cryptographic hashing. # Crypto
                  # Uses SHA-256.
                  # The key size must be either 32 or 64 bytes.
                  # Outputs a base64 encoded representation of the hashed output
                  # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).
                  # Currently, only string and integer values can be hashed.
                  # See https://cloud.google.com/dlp/docs/pseudonymization to learn more.
                &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function.
                    # a key encryption key (KEK) stored by KMS).
                    # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
                    # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
                    # unwrap the data crypto key.
                  &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
                      # The wrapped key must be a 128/192/256 bit key.
                      # Authorization requires the following IAM permissions when sending a request
                      # to perform a crypto transformation using a kms-wrapped crypto key:
                      # dlp.kms.encrypt
                    &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
                    &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
                  },
                  &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
                      # leaking the key. Choose another type of key if possible.
                    &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
                  },
                  &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
                      # It will be discarded after the request finishes.
                    &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
                        # This is an arbitrary string used to differentiate different keys.
                        # A unique key is generated per name: two separate `TransientCryptoKey`
                        # protos share the same generated key if their names are the same.
                        # When the data crypto key is generated, this name is not used in any way
                        # (repeating the api call will result in a different key being generated).
                  },
                },
              },
              &quot;cryptoReplaceFfxFpeConfig&quot;: { # Replaces an identifier with a surrogate using Format Preserving Encryption # Ffx-Fpe
                  # (FPE) with the FFX mode of operation; however when used in the
                  # `ReidentifyContent` API method, it serves the opposite function by reversing
                  # the surrogate back into the original identifier. The identifier must be
                  # encoded as ASCII. For a given crypto key and context, the same identifier
                  # will be replaced with the same surrogate. Identifiers must be at least two
                  # characters long. In the case that the identifier is the empty string, it will
                  # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn
                  # more.
                  #
                  # Note: We recommend using  CryptoDeterministicConfig for all use cases which
                  # do not require preserving the input alphabet space and size, plus warrant
                  # referential integrity.
                &quot;customAlphabet&quot;: &quot;A String&quot;, # This is supported by mapping these to the alphanumeric characters
                    # that the FFX mode natively supports. This happens before/after
                    # encryption/decryption.
                    # Each character listed must appear only once.
                    # Number of characters must be in the range [2, 95].
                    # This must be encoded as ASCII.
                    # The order of characters does not matter.
                &quot;commonAlphabet&quot;: &quot;A String&quot;, # Common alphabets.
                &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom infoType to annotate the surrogate with.
                    # This annotation will be applied to the surrogate by prefixing it with
                    # the name of the custom infoType followed by the number of
                    # characters comprising the surrogate. The following scheme defines the
                    # format: info_type_name(surrogate_character_count):surrogate
                    #
                    # For example, if the name of custom infoType is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
                    # the surrogate is &#x27;abc&#x27;, the full replacement value
                    # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
                    #
                    # This annotation identifies the surrogate when inspecting content using the
                    # custom infoType
                    # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
                    # This facilitates reversal of the surrogate when it occurs in free text.
                    #
                    # In order for inspection to work properly, the name of this infoType must
                    # not occur naturally anywhere in your data; otherwise, inspection may
                    # find a surrogate that does not correspond to an actual identifier.
                    # Therefore, choose your custom infoType name carefully after considering
                    # what your data looks like. One way to select a name that has a high chance
                    # of yielding reliable detection is to include one or more unicode characters
                    # that are highly improbable to exist in your data.
                    # For example, assuming your data is entered from a regular ASCII keyboard,
                    # the symbol with the hex code point 29DD might be used like so:
                    # ⧝MY_TOKEN_TYPE
                  &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
                      # creating a CustomInfoType, or one of the names listed
                      # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
                      # a built-in type. InfoType names should conform to the pattern
                      # `[a-zA-Z0-9_]{1,64}`.
                },
                &quot;context&quot;: { # General identifier of a data field in a storage service. # The &#x27;tweak&#x27;, a context may be used for higher security since the same
                    # identifier in two different contexts won&#x27;t be given the same surrogate. If
                    # the context is not set, a default tweak will be used.
                    #
                    # If the context is set but:
                    #
                    # 1. there is no record present when transforming a given value or
                    # 1. the field is not present when transforming a given value,
                    #
                    # a default tweak will be used.
                    #
                    # Note that case (1) is expected when an `InfoTypeTransformation` is
                    # applied to both structured and non-structured `ContentItem`s.
                    # Currently, the referenced field may be of value type integer or string.
                    #
                    # The tweak is constructed as a sequence of bytes in big endian byte order
                    # such that:
                    #
                    # - a 64 bit integer is encoded followed by a single byte of value 1
                    # - a string is encoded in UTF-8 format followed by a single byte of value 2
                  &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
                },
                &quot;radix&quot;: 42, # The native way to select the alphabet. Must be in the range [2, 95].
                &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Required. The key used by the encryption algorithm.
                    # a key encryption key (KEK) stored by KMS).
                    # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
                    # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
                    # unwrap the data crypto key.
                  &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
                      # The wrapped key must be a 128/192/256 bit key.
                      # Authorization requires the following IAM permissions when sending a request
                      # to perform a crypto transformation using a kms-wrapped crypto key:
                      # dlp.kms.encrypt
                    &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
                    &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
                  },
                  &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
                      # leaking the key. Choose another type of key if possible.
                    &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
                  },
                  &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
                      # It will be discarded after the request finishes.
                    &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
                        # This is an arbitrary string used to differentiate different keys.
                        # A unique key is generated per name: two separate `TransientCryptoKey`
                        # protos share the same generated key if their names are the same.
                        # When the data crypto key is generated, this name is not used in any way
                        # (repeating the api call will result in a different key being generated).
                  },
                },
              },
              &quot;cryptoDeterministicConfig&quot;: { # Pseudonymization method that generates deterministic encryption for the given # Deterministic Crypto
                  # input. Outputs a base64 encoded representation of the encrypted output.
                  # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
                &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
                    # This annotation will be applied to the surrogate by prefixing it with
                    # the name of the custom info type followed by the number of
                    # characters comprising the surrogate. The following scheme defines the
                    # format: {info type name}({surrogate character count}):{surrogate}
                    #
                    # For example, if the name of custom info type is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
                    # the surrogate is &#x27;abc&#x27;, the full replacement value
                    # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
                    #
                    # This annotation identifies the surrogate when inspecting content using the
                    # custom info type &#x27;Surrogate&#x27;. This facilitates reversal of the
                    # surrogate when it occurs in free text.
                    #
                    # Note: For record transformations where the entire cell in a table is being
                    # transformed, surrogates are not mandatory. Surrogates are used to denote
                    # the location of the token and are necessary for re-identification in free
                    # form text.
                    #
                    # In order for inspection to work properly, the name of this info type must
                    # not occur naturally anywhere in your data; otherwise, inspection may either
                    #
                    # - reverse a surrogate that does not correspond to an actual identifier
                    # - be unable to parse the surrogate and result in an error
                    #
                    # Therefore, choose your custom info type name carefully after considering
                    # what your data looks like. One way to select a name that has a high chance
                    # of yielding reliable detection is to include one or more unicode characters
                    # that are highly improbable to exist in your data.
                    # For example, assuming your data is entered from a regular ASCII keyboard,
                    # the symbol with the hex code point 29DD might be used like so:
                    # ⧝MY_TOKEN_TYPE.
                  &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
                      # creating a CustomInfoType, or one of the names listed
                      # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
                      # a built-in type. InfoType names should conform to the pattern
                      # `[a-zA-Z0-9_]{1,64}`.
                },
                &quot;context&quot;: { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
                    # referential integrity such that the same identifier in two different
                    # contexts will be given a distinct surrogate. The context is appended to
                    # plaintext value being encrypted. On decryption the provided context is
                    # validated against the value used during encryption. If a context was
                    # provided during encryption, same context must be provided during decryption
                    # as well.
                    #
                    # If the context is not set, plaintext would be used as is for encryption.
                    # If the context is set but:
                    #
                    # 1. there is no record present when transforming a given value or
                    # 2. the field is not present when transforming a given value,
                    #
                    # plaintext would be used as is for encryption.
                    #
                    # Note that case (1) is expected when an `InfoTypeTransformation` is
                    # applied to both structured and non-structured `ContentItem`s.
                  &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
                },
                &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
                    # a key encryption key (KEK) stored by KMS).
                    # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
                    # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
                    # unwrap the data crypto key.
                  &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
                      # The wrapped key must be a 128/192/256 bit key.
                      # Authorization requires the following IAM permissions when sending a request
                      # to perform a crypto transformation using a kms-wrapped crypto key:
                      # dlp.kms.encrypt
                    &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
                    &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
                  },
                  &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
                      # leaking the key. Choose another type of key if possible.
                    &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
                  },
                  &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
                      # It will be discarded after the request finishes.
                    &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
                        # This is an arbitrary string used to differentiate different keys.
                        # A unique key is generated per name: two separate `TransientCryptoKey`
                        # protos share the same generated key if their names are the same.
                        # When the data crypto key is generated, this name is not used in any way
                        # (repeating the api call will result in a different key being generated).
                  },
                },
              },
              &quot;redactConfig&quot;: { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
                  # transforming PHONE_NUMBER, and input &#x27;My phone number is 206-555-0123&#x27;, the
                  # output would be &#x27;My phone number is &#x27;.
              },
              &quot;bucketingConfig&quot;: { # Generalization function that buckets values based on ranges. The ranges and # Bucketing
                  # replacement values are dynamically provided by the user for custom behavior,
                  # such as 1-30 -&gt; LOW 31-65 -&gt; MEDIUM 66-100 -&gt; HIGH
                  # This can be used on
                  # data of type: number, long, string, timestamp.
                  # If the bound `Value` type differs from the type of data being transformed, we
                  # will first attempt converting the type of the data to be transformed to match
                  # the type of the bound before comparing.
                  # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
                &quot;buckets&quot;: [ # Set of buckets. Ranges must be non-overlapping.
                  { # Bucket is represented as a range, along with replacement values.
                    &quot;min&quot;: { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
                        # used.
                        # Note that for the purposes of inspection or transformation, the number
                        # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                        # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                        # 123456789, the number of bytes would be counted as 9, even though an
                        # int64 only holds up to 8 bytes of data.
                      &quot;booleanValue&quot;: True or False, # boolean
                      &quot;floatValue&quot;: 3.14, # float
                      &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                      &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                      &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                          # and time zone are either specified elsewhere or are not significant. The date
                          # is relative to the Proleptic Gregorian Calendar. This can represent:
                          #
                          # * A full date, with non-zero year, month and day values
                          # * A month and day value, with a zero year, e.g. an anniversary
                          # * A year on its own, with zero month and day values
                          # * A year and month value, with a zero day, e.g. a credit card expiration date
                          #
                          # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                        &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                            # a year.
                        &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                            # month and day.
                        &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                            # if specifying a year by itself or a year and month where the day is not
                            # significant.
                      },
                      &quot;stringValue&quot;: &quot;A String&quot;, # string
                      &quot;integerValue&quot;: &quot;A String&quot;, # integer
                      &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                          # or are specified elsewhere. An API may choose to allow leap seconds. Related
                          # types are google.type.Date and `google.protobuf.Timestamp`.
                        &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                            # allow the value 60 if it allows leap-seconds.
                        &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                        &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                            # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                        &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                      },
                    },
                    &quot;max&quot;: { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
                        # Note that for the purposes of inspection or transformation, the number
                        # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                        # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                        # 123456789, the number of bytes would be counted as 9, even though an
                        # int64 only holds up to 8 bytes of data.
                      &quot;booleanValue&quot;: True or False, # boolean
                      &quot;floatValue&quot;: 3.14, # float
                      &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                      &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                      &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                          # and time zone are either specified elsewhere or are not significant. The date
                          # is relative to the Proleptic Gregorian Calendar. This can represent:
                          #
                          # * A full date, with non-zero year, month and day values
                          # * A month and day value, with a zero year, e.g. an anniversary
                          # * A year on its own, with zero month and day values
                          # * A year and month value, with a zero day, e.g. a credit card expiration date
                          #
                          # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                        &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                            # a year.
                        &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                            # month and day.
                        &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                            # if specifying a year by itself or a year and month where the day is not
                            # significant.
                      },
                      &quot;stringValue&quot;: &quot;A String&quot;, # string
                      &quot;integerValue&quot;: &quot;A String&quot;, # integer
                      &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                          # or are specified elsewhere. An API may choose to allow leap seconds. Related
                          # types are google.type.Date and `google.protobuf.Timestamp`.
                        &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                            # allow the value 60 if it allows leap-seconds.
                        &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                        &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                            # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                        &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                      },
                    },
                    &quot;replacementValue&quot;: { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
                        # the default behavior will be to hyphenate the min-max range.
                        # Note that for the purposes of inspection or transformation, the number
                        # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                        # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                        # 123456789, the number of bytes would be counted as 9, even though an
                        # int64 only holds up to 8 bytes of data.
                      &quot;booleanValue&quot;: True or False, # boolean
                      &quot;floatValue&quot;: 3.14, # float
                      &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                      &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                      &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                          # and time zone are either specified elsewhere or are not significant. The date
                          # is relative to the Proleptic Gregorian Calendar. This can represent:
                          #
                          # * A full date, with non-zero year, month and day values
                          # * A month and day value, with a zero year, e.g. an anniversary
                          # * A year on its own, with zero month and day values
                          # * A year and month value, with a zero day, e.g. a credit card expiration date
                          #
                          # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                        &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                            # a year.
                        &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                            # month and day.
                        &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                            # if specifying a year by itself or a year and month where the day is not
                            # significant.
                      },
                      &quot;stringValue&quot;: &quot;A String&quot;, # string
                      &quot;integerValue&quot;: &quot;A String&quot;, # integer
                      &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                          # or are specified elsewhere. An API may choose to allow leap seconds. Related
                          # types are google.type.Date and `google.protobuf.Timestamp`.
                        &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                            # allow the value 60 if it allows leap-seconds.
                        &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                        &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                            # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                        &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                      },
                    },
                  },
                ],
              },
              &quot;replaceConfig&quot;: { # Replace each input value with a given `Value`. # Replace
                &quot;newValue&quot;: { # Set of primitive values supported by the system. # Value to replace it with.
                    # Note that for the purposes of inspection or transformation, the number
                    # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                    # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                    # 123456789, the number of bytes would be counted as 9, even though an
                    # int64 only holds up to 8 bytes of data.
                  &quot;booleanValue&quot;: True or False, # boolean
                  &quot;floatValue&quot;: 3.14, # float
                  &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                  &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                  &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                      # and time zone are either specified elsewhere or are not significant. The date
                      # is relative to the Proleptic Gregorian Calendar. This can represent:
                      #
                      # * A full date, with non-zero year, month and day values
                      # * A month and day value, with a zero year, e.g. an anniversary
                      # * A year on its own, with zero month and day values
                      # * A year and month value, with a zero day, e.g. a credit card expiration date
                      #
                      # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                    &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                        # a year.
                    &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                        # month and day.
                    &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                        # if specifying a year by itself or a year and month where the day is not
                        # significant.
                  },
                  &quot;stringValue&quot;: &quot;A String&quot;, # string
                  &quot;integerValue&quot;: &quot;A String&quot;, # integer
                  &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                      # or are specified elsewhere. An API may choose to allow leap seconds. Related
                      # types are google.type.Date and `google.protobuf.Timestamp`.
                    &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                        # allow the value 60 if it allows leap-seconds.
                    &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                    &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                        # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                    &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                  },
                },
              },
              &quot;characterMaskConfig&quot;: { # Partially mask a string by replacing a given number of characters with a # Mask
                  # fixed character. Masking can start from the beginning or end of the string.
                  # This can be used on data of any type (numbers, longs, and so on) and when
                  # de-identifying structured data we&#x27;ll attempt to preserve the original data&#x27;s
                  # type. (This allows you to take a long like 123 and modify it to a string like
                  # **3.
                &quot;reverseOrder&quot;: True or False, # Mask characters in reverse order. For example, if `masking_character` is
                    # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
                    # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
                    # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
                    # is `true`, then the string `12345` is masked as `12***`.
                &quot;charactersToIgnore&quot;: [ # When masking a string, items in this list will be skipped when replacing
                    # characters. For example, if the input string is `555-555-5555` and you
                    # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
                    # returns `***-**5-5555`.
                  { # Characters to skip when doing deidentification of a value. These will be left
                      # alone and skipped.
                    &quot;charactersToSkip&quot;: &quot;A String&quot;, # Characters to not transform when masking.
                    &quot;commonCharactersToIgnore&quot;: &quot;A String&quot;, # Common characters to not transform when masking. Useful to avoid removing
                        # punctuation.
                  },
                ],
                &quot;numberToMask&quot;: 42, # Number of characters to mask. If not set, all matching chars will be
                    # masked. Skipped characters do not count towards this tally.
                &quot;maskingCharacter&quot;: &quot;A String&quot;, # Character to use to mask the sensitive values&amp;mdash;for example, `*` for an
                    # alphabetic string such as a name, or `0` for a numeric string such as ZIP
                    # code or credit card number. This string must have a length of 1. If not
                    # supplied, this value defaults to `*` for strings, and `0` for digits.
              },
              &quot;fixedSizeBucketingConfig&quot;: { # Buckets values based on fixed size ranges. The # Fixed size bucketing
                  # Bucketing transformation can provide all of this functionality,
                  # but requires more configuration. This message is provided as a convenience to
                  # the user for simple bucketing strategies.
                  #
                  # The transformed value will be a hyphenated string of
                  # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
                  # all values that are within this bucket will be replaced with &quot;10-20&quot;.
                  #
                  # This can be used on data of type: double, long.
                  #
                  # If the bound Value type differs from the type of data
                  # being transformed, we will first attempt converting the type of the data to
                  # be transformed to match the type of the bound before comparing.
                  #
                  # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
                &quot;lowerBound&quot;: { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
                    # grouped together into a single bucket; for example if `lower_bound` = 10,
                    # then all values less than 10 are replaced with the value &quot;-10&quot;.
                    # Note that for the purposes of inspection or transformation, the number
                    # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                    # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                    # 123456789, the number of bytes would be counted as 9, even though an
                    # int64 only holds up to 8 bytes of data.
                  &quot;booleanValue&quot;: True or False, # boolean
                  &quot;floatValue&quot;: 3.14, # float
                  &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                  &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                  &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                      # and time zone are either specified elsewhere or are not significant. The date
                      # is relative to the Proleptic Gregorian Calendar. This can represent:
                      #
                      # * A full date, with non-zero year, month and day values
                      # * A month and day value, with a zero year, e.g. an anniversary
                      # * A year on its own, with zero month and day values
                      # * A year and month value, with a zero day, e.g. a credit card expiration date
                      #
                      # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                    &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                        # a year.
                    &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                        # month and day.
                    &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                        # if specifying a year by itself or a year and month where the day is not
                        # significant.
                  },
                  &quot;stringValue&quot;: &quot;A String&quot;, # string
                  &quot;integerValue&quot;: &quot;A String&quot;, # integer
                  &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                      # or are specified elsewhere. An API may choose to allow leap seconds. Related
                      # types are google.type.Date and `google.protobuf.Timestamp`.
                    &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                        # allow the value 60 if it allows leap-seconds.
                    &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                    &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                        # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                    &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                  },
                },
                &quot;upperBound&quot;: { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
                    # grouped together into a single bucket; for example if `upper_bound` = 89,
                    # then all values greater than 89 are replaced with the value &quot;89+&quot;.
                    # Note that for the purposes of inspection or transformation, the number
                    # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                    # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                    # 123456789, the number of bytes would be counted as 9, even though an
                    # int64 only holds up to 8 bytes of data.
                  &quot;booleanValue&quot;: True or False, # boolean
                  &quot;floatValue&quot;: 3.14, # float
                  &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                  &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                  &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                      # and time zone are either specified elsewhere or are not significant. The date
                      # is relative to the Proleptic Gregorian Calendar. This can represent:
                      #
                      # * A full date, with non-zero year, month and day values
                      # * A month and day value, with a zero year, e.g. an anniversary
                      # * A year on its own, with zero month and day values
                      # * A year and month value, with a zero day, e.g. a credit card expiration date
                      #
                      # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                    &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                        # a year.
                    &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                        # month and day.
                    &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                        # if specifying a year by itself or a year and month where the day is not
                        # significant.
                  },
                  &quot;stringValue&quot;: &quot;A String&quot;, # string
                  &quot;integerValue&quot;: &quot;A String&quot;, # integer
                  &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                      # or are specified elsewhere. An API may choose to allow leap seconds. Related
                      # types are google.type.Date and `google.protobuf.Timestamp`.
                    &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                        # allow the value 60 if it allows leap-seconds.
                    &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                    &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                        # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                    &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                  },
                },
                &quot;bucketSize&quot;: 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
                    # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
                    # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
                    # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
              },
            },
            &quot;condition&quot;: { # A condition for determining whether a transformation should be applied to # Only apply the transformation if the condition evaluates to true for the
                # given `RecordCondition`. The conditions are allowed to reference fields
                # that are not used in the actual transformation.
                #
                # Example Use Cases:
                #
                # - Apply a different bucket transformation to an age column if the zip code
                # column for the same record is within a specific range.
                # - Redact a field if the date of birth field is greater than 85.
                # a field.
              &quot;expressions&quot;: { # An expression, consisting or an operator and conditions. # An expression.
                &quot;logicalOperator&quot;: &quot;A String&quot;, # The operator to apply to the result of conditions. Default and currently
                    # only supported value is `AND`.
                &quot;conditions&quot;: { # A collection of conditions. # Conditions to apply to the expression.
                  &quot;conditions&quot;: [ # A collection of conditions.
                    { # The field type of `value` and `field` do not need to match to be
                        # considered equal, but not all comparisons are possible.
                        # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types,
                        # but all other comparisons are invalid with incompatible types.
                        # A `value` of type:
                        #
                        # - `string` can be compared against all other types
                        # - `boolean` can only be compared against other booleans
                        # - `integer` can be compared against doubles or a string if the string value
                        # can be parsed as an integer.
                        # - `double` can be compared against integers or a string if the string can
                        # be parsed as a double.
                        # - `Timestamp` can be compared against strings in RFC 3339 date string
                        # format.
                        # - `TimeOfDay` can be compared against timestamps and strings in the format
                        # of &#x27;HH:mm:ss&#x27;.
                        #
                        # If we fail to compare do to type mismatch, a warning will be given and
                        # the condition will evaluate to false.
                      &quot;field&quot;: { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.
                        &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
                      },
                      &quot;operator&quot;: &quot;A String&quot;, # Required. Operator used to compare the field or infoType to the value.
                      &quot;value&quot;: { # Set of primitive values supported by the system. # Value to compare against. [Mandatory, except for `EXISTS` tests.]
                          # Note that for the purposes of inspection or transformation, the number
                          # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                          # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                          # 123456789, the number of bytes would be counted as 9, even though an
                          # int64 only holds up to 8 bytes of data.
                        &quot;booleanValue&quot;: True or False, # boolean
                        &quot;floatValue&quot;: 3.14, # float
                        &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                        &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                        &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                            # and time zone are either specified elsewhere or are not significant. The date
                            # is relative to the Proleptic Gregorian Calendar. This can represent:
                            #
                            # * A full date, with non-zero year, month and day values
                            # * A month and day value, with a zero year, e.g. an anniversary
                            # * A year on its own, with zero month and day values
                            # * A year and month value, with a zero day, e.g. a credit card expiration date
                            #
                            # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                          &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                              # a year.
                          &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                              # month and day.
                          &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                              # if specifying a year by itself or a year and month where the day is not
                              # significant.
                        },
                        &quot;stringValue&quot;: &quot;A String&quot;, # string
                        &quot;integerValue&quot;: &quot;A String&quot;, # integer
                        &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                            # or are specified elsewhere. An API may choose to allow leap seconds. Related
                            # types are google.type.Date and `google.protobuf.Timestamp`.
                          &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                              # allow the value 60 if it allows leap-seconds.
                          &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                          &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                              # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                          &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                        },
                      },
                    },
                  ],
                },
              },
            },
          },
        ],
      },
      &quot;infoTypeTransformations&quot;: { # A type of transformation that will scan unstructured text and # Treat the dataset as free-form text and apply the same free text
          # transformation everywhere.
          # apply various `PrimitiveTransformation`s to each finding, where the
          # transformation is applied to only values that were identified as a specific
          # info_type.
        &quot;transformations&quot;: [ # Required. Transformation for each infoType. Cannot specify more than one
            # for a given infoType.
          { # A transformation to apply to text that is identified as a specific
              # info_type.
            &quot;infoTypes&quot;: [ # InfoTypes to apply the transformation to. An empty list will cause
                # this transformation to apply to all findings that correspond to
                # infoTypes that were requested in `InspectConfig`.
              { # Type of information detected by the API.
                &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
                    # creating a CustomInfoType, or one of the names listed
                    # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
                    # a built-in type. InfoType names should conform to the pattern
                    # `[a-zA-Z0-9_]{1,64}`.
              },
            ],
            &quot;primitiveTransformation&quot;: { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.
              &quot;timePartConfig&quot;: { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
                  # portion of the value.
                &quot;partToExtract&quot;: &quot;A String&quot;, # The part of the time to keep.
              },
              &quot;dateShiftConfig&quot;: { # Shifts dates by random number of days, with option to be consistent for the # Date Shift
                  # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
                  # to learn more.
                &quot;context&quot;: { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id.
                    # If set, must also set cryptoKey. If set, shift will be consistent for the
                    # given context.
                  &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
                },
                &quot;upperBoundDays&quot;: 42, # Required. Range of shift in days. Actual shift will be selected at random within this
                    # range (inclusive ends). Negative means shift to earlier in time. Must not
                    # be more than 365250 days (1000 years) each direction.
                    #
                    # For example, 3 means shift date to at most 3 days into the future.
                &quot;lowerBoundDays&quot;: 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
                &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
                    # results in the same shift for the same context and crypto_key. If
                    # set, must also set context. Can only be applied to table items.
                    # a key encryption key (KEK) stored by KMS).
                    # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
                    # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
                    # unwrap the data crypto key.
                  &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
                      # The wrapped key must be a 128/192/256 bit key.
                      # Authorization requires the following IAM permissions when sending a request
                      # to perform a crypto transformation using a kms-wrapped crypto key:
                      # dlp.kms.encrypt
                    &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
                    &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
                  },
                  &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
                      # leaking the key. Choose another type of key if possible.
                    &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
                  },
                  &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
                      # It will be discarded after the request finishes.
                    &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
                        # This is an arbitrary string used to differentiate different keys.
                        # A unique key is generated per name: two separate `TransientCryptoKey`
                        # protos share the same generated key if their names are the same.
                        # When the data crypto key is generated, this name is not used in any way
                        # (repeating the api call will result in a different key being generated).
                  },
                },
              },
              &quot;replaceWithInfoTypeConfig&quot;: { # Replace each matching finding with the name of the info_type. # Replace with infotype
              },
              &quot;cryptoHashConfig&quot;: { # Pseudonymization method that generates surrogates via cryptographic hashing. # Crypto
                  # Uses SHA-256.
                  # The key size must be either 32 or 64 bytes.
                  # Outputs a base64 encoded representation of the hashed output
                  # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).
                  # Currently, only string and integer values can be hashed.
                  # See https://cloud.google.com/dlp/docs/pseudonymization to learn more.
                &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function.
                    # a key encryption key (KEK) stored by KMS).
                    # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
                    # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
                    # unwrap the data crypto key.
                  &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
                      # The wrapped key must be a 128/192/256 bit key.
                      # Authorization requires the following IAM permissions when sending a request
                      # to perform a crypto transformation using a kms-wrapped crypto key:
                      # dlp.kms.encrypt
                    &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
                    &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
                  },
                  &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
                      # leaking the key. Choose another type of key if possible.
                    &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
                  },
                  &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
                      # It will be discarded after the request finishes.
                    &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
                        # This is an arbitrary string used to differentiate different keys.
                        # A unique key is generated per name: two separate `TransientCryptoKey`
                        # protos share the same generated key if their names are the same.
                        # When the data crypto key is generated, this name is not used in any way
                        # (repeating the api call will result in a different key being generated).
                  },
                },
              },
              &quot;cryptoReplaceFfxFpeConfig&quot;: { # Replaces an identifier with a surrogate using Format Preserving Encryption # Ffx-Fpe
                  # (FPE) with the FFX mode of operation; however when used in the
                  # `ReidentifyContent` API method, it serves the opposite function by reversing
                  # the surrogate back into the original identifier. The identifier must be
                  # encoded as ASCII. For a given crypto key and context, the same identifier
                  # will be replaced with the same surrogate. Identifiers must be at least two
                  # characters long. In the case that the identifier is the empty string, it will
                  # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn
                  # more.
                  #
                  # Note: We recommend using  CryptoDeterministicConfig for all use cases which
                  # do not require preserving the input alphabet space and size, plus warrant
                  # referential integrity.
                &quot;customAlphabet&quot;: &quot;A String&quot;, # This is supported by mapping these to the alphanumeric characters
                    # that the FFX mode natively supports. This happens before/after
                    # encryption/decryption.
                    # Each character listed must appear only once.
                    # Number of characters must be in the range [2, 95].
                    # This must be encoded as ASCII.
                    # The order of characters does not matter.
                &quot;commonAlphabet&quot;: &quot;A String&quot;, # Common alphabets.
                &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom infoType to annotate the surrogate with.
                    # This annotation will be applied to the surrogate by prefixing it with
                    # the name of the custom infoType followed by the number of
                    # characters comprising the surrogate. The following scheme defines the
                    # format: info_type_name(surrogate_character_count):surrogate
                    #
                    # For example, if the name of custom infoType is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
                    # the surrogate is &#x27;abc&#x27;, the full replacement value
                    # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
                    #
                    # This annotation identifies the surrogate when inspecting content using the
                    # custom infoType
                    # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
                    # This facilitates reversal of the surrogate when it occurs in free text.
                    #
                    # In order for inspection to work properly, the name of this infoType must
                    # not occur naturally anywhere in your data; otherwise, inspection may
                    # find a surrogate that does not correspond to an actual identifier.
                    # Therefore, choose your custom infoType name carefully after considering
                    # what your data looks like. One way to select a name that has a high chance
                    # of yielding reliable detection is to include one or more unicode characters
                    # that are highly improbable to exist in your data.
                    # For example, assuming your data is entered from a regular ASCII keyboard,
                    # the symbol with the hex code point 29DD might be used like so:
                    # ⧝MY_TOKEN_TYPE
                  &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
                      # creating a CustomInfoType, or one of the names listed
                      # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
                      # a built-in type. InfoType names should conform to the pattern
                      # `[a-zA-Z0-9_]{1,64}`.
                },
                &quot;context&quot;: { # General identifier of a data field in a storage service. # The &#x27;tweak&#x27;, a context may be used for higher security since the same
                    # identifier in two different contexts won&#x27;t be given the same surrogate. If
                    # the context is not set, a default tweak will be used.
                    #
                    # If the context is set but:
                    #
                    # 1. there is no record present when transforming a given value or
                    # 1. the field is not present when transforming a given value,
                    #
                    # a default tweak will be used.
                    #
                    # Note that case (1) is expected when an `InfoTypeTransformation` is
                    # applied to both structured and non-structured `ContentItem`s.
                    # Currently, the referenced field may be of value type integer or string.
                    #
                    # The tweak is constructed as a sequence of bytes in big endian byte order
                    # such that:
                    #
                    # - a 64 bit integer is encoded followed by a single byte of value 1
                    # - a string is encoded in UTF-8 format followed by a single byte of value 2
                  &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
                },
                &quot;radix&quot;: 42, # The native way to select the alphabet. Must be in the range [2, 95].
                &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Required. The key used by the encryption algorithm.
                    # a key encryption key (KEK) stored by KMS).
                    # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
                    # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
                    # unwrap the data crypto key.
                  &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
                      # The wrapped key must be a 128/192/256 bit key.
                      # Authorization requires the following IAM permissions when sending a request
                      # to perform a crypto transformation using a kms-wrapped crypto key:
                      # dlp.kms.encrypt
                    &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
                    &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
                  },
                  &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
                      # leaking the key. Choose another type of key if possible.
                    &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
                  },
                  &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
                      # It will be discarded after the request finishes.
                    &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
                        # This is an arbitrary string used to differentiate different keys.
                        # A unique key is generated per name: two separate `TransientCryptoKey`
                        # protos share the same generated key if their names are the same.
                        # When the data crypto key is generated, this name is not used in any way
                        # (repeating the api call will result in a different key being generated).
                  },
                },
              },
              &quot;cryptoDeterministicConfig&quot;: { # Pseudonymization method that generates deterministic encryption for the given # Deterministic Crypto
                  # input. Outputs a base64 encoded representation of the encrypted output.
                  # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
                &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
                    # This annotation will be applied to the surrogate by prefixing it with
                    # the name of the custom info type followed by the number of
                    # characters comprising the surrogate. The following scheme defines the
                    # format: {info type name}({surrogate character count}):{surrogate}
                    #
                    # For example, if the name of custom info type is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
                    # the surrogate is &#x27;abc&#x27;, the full replacement value
                    # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
                    #
                    # This annotation identifies the surrogate when inspecting content using the
                    # custom info type &#x27;Surrogate&#x27;. This facilitates reversal of the
                    # surrogate when it occurs in free text.
                    #
                    # Note: For record transformations where the entire cell in a table is being
                    # transformed, surrogates are not mandatory. Surrogates are used to denote
                    # the location of the token and are necessary for re-identification in free
                    # form text.
                    #
                    # In order for inspection to work properly, the name of this info type must
                    # not occur naturally anywhere in your data; otherwise, inspection may either
                    #
                    # - reverse a surrogate that does not correspond to an actual identifier
                    # - be unable to parse the surrogate and result in an error
                    #
                    # Therefore, choose your custom info type name carefully after considering
                    # what your data looks like. One way to select a name that has a high chance
                    # of yielding reliable detection is to include one or more unicode characters
                    # that are highly improbable to exist in your data.
                    # For example, assuming your data is entered from a regular ASCII keyboard,
                    # the symbol with the hex code point 29DD might be used like so:
                    # ⧝MY_TOKEN_TYPE.
                  &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
                      # creating a CustomInfoType, or one of the names listed
                      # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
                      # a built-in type. InfoType names should conform to the pattern
                      # `[a-zA-Z0-9_]{1,64}`.
                },
                &quot;context&quot;: { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
                    # referential integrity such that the same identifier in two different
                    # contexts will be given a distinct surrogate. The context is appended to
                    # plaintext value being encrypted. On decryption the provided context is
                    # validated against the value used during encryption. If a context was
                    # provided during encryption, same context must be provided during decryption
                    # as well.
                    #
                    # If the context is not set, plaintext would be used as is for encryption.
                    # If the context is set but:
                    #
                    # 1. there is no record present when transforming a given value or
                    # 2. the field is not present when transforming a given value,
                    #
                    # plaintext would be used as is for encryption.
                    #
                    # Note that case (1) is expected when an `InfoTypeTransformation` is
                    # applied to both structured and non-structured `ContentItem`s.
                  &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
                },
                &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
                    # a key encryption key (KEK) stored by KMS).
                    # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
                    # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
                    # unwrap the data crypto key.
                  &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
                      # The wrapped key must be a 128/192/256 bit key.
                      # Authorization requires the following IAM permissions when sending a request
                      # to perform a crypto transformation using a kms-wrapped crypto key:
                      # dlp.kms.encrypt
                    &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
                    &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
                  },
                  &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
                      # leaking the key. Choose another type of key if possible.
                    &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
                  },
                  &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
                      # It will be discarded after the request finishes.
                    &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
                        # This is an arbitrary string used to differentiate different keys.
                        # A unique key is generated per name: two separate `TransientCryptoKey`
                        # protos share the same generated key if their names are the same.
                        # When the data crypto key is generated, this name is not used in any way
                        # (repeating the api call will result in a different key being generated).
                  },
                },
              },
              &quot;redactConfig&quot;: { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
                  # transforming PHONE_NUMBER, and input &#x27;My phone number is 206-555-0123&#x27;, the
                  # output would be &#x27;My phone number is &#x27;.
              },
              &quot;bucketingConfig&quot;: { # Generalization function that buckets values based on ranges. The ranges and # Bucketing
                  # replacement values are dynamically provided by the user for custom behavior,
                  # such as 1-30 -&gt; LOW 31-65 -&gt; MEDIUM 66-100 -&gt; HIGH
                  # This can be used on
                  # data of type: number, long, string, timestamp.
                  # If the bound `Value` type differs from the type of data being transformed, we
                  # will first attempt converting the type of the data to be transformed to match
                  # the type of the bound before comparing.
                  # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
                &quot;buckets&quot;: [ # Set of buckets. Ranges must be non-overlapping.
                  { # Bucket is represented as a range, along with replacement values.
                    &quot;min&quot;: { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
                        # used.
                        # Note that for the purposes of inspection or transformation, the number
                        # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                        # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                        # 123456789, the number of bytes would be counted as 9, even though an
                        # int64 only holds up to 8 bytes of data.
                      &quot;booleanValue&quot;: True or False, # boolean
                      &quot;floatValue&quot;: 3.14, # float
                      &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                      &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                      &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                          # and time zone are either specified elsewhere or are not significant. The date
                          # is relative to the Proleptic Gregorian Calendar. This can represent:
                          #
                          # * A full date, with non-zero year, month and day values
                          # * A month and day value, with a zero year, e.g. an anniversary
                          # * A year on its own, with zero month and day values
                          # * A year and month value, with a zero day, e.g. a credit card expiration date
                          #
                          # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                        &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                            # a year.
                        &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                            # month and day.
                        &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                            # if specifying a year by itself or a year and month where the day is not
                            # significant.
                      },
                      &quot;stringValue&quot;: &quot;A String&quot;, # string
                      &quot;integerValue&quot;: &quot;A String&quot;, # integer
                      &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                          # or are specified elsewhere. An API may choose to allow leap seconds. Related
                          # types are google.type.Date and `google.protobuf.Timestamp`.
                        &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                            # allow the value 60 if it allows leap-seconds.
                        &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                        &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                            # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                        &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                      },
                    },
                    &quot;max&quot;: { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
                        # Note that for the purposes of inspection or transformation, the number
                        # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                        # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                        # 123456789, the number of bytes would be counted as 9, even though an
                        # int64 only holds up to 8 bytes of data.
                      &quot;booleanValue&quot;: True or False, # boolean
                      &quot;floatValue&quot;: 3.14, # float
                      &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                      &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                      &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                          # and time zone are either specified elsewhere or are not significant. The date
                          # is relative to the Proleptic Gregorian Calendar. This can represent:
                          #
                          # * A full date, with non-zero year, month and day values
                          # * A month and day value, with a zero year, e.g. an anniversary
                          # * A year on its own, with zero month and day values
                          # * A year and month value, with a zero day, e.g. a credit card expiration date
                          #
                          # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                        &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                            # a year.
                        &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                            # month and day.
                        &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                            # if specifying a year by itself or a year and month where the day is not
                            # significant.
                      },
                      &quot;stringValue&quot;: &quot;A String&quot;, # string
                      &quot;integerValue&quot;: &quot;A String&quot;, # integer
                      &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                          # or are specified elsewhere. An API may choose to allow leap seconds. Related
                          # types are google.type.Date and `google.protobuf.Timestamp`.
                        &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                            # allow the value 60 if it allows leap-seconds.
                        &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                        &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                            # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                        &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                      },
                    },
                    &quot;replacementValue&quot;: { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
                        # the default behavior will be to hyphenate the min-max range.
                        # Note that for the purposes of inspection or transformation, the number
                        # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                        # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                        # 123456789, the number of bytes would be counted as 9, even though an
                        # int64 only holds up to 8 bytes of data.
                      &quot;booleanValue&quot;: True or False, # boolean
                      &quot;floatValue&quot;: 3.14, # float
                      &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                      &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                      &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                          # and time zone are either specified elsewhere or are not significant. The date
                          # is relative to the Proleptic Gregorian Calendar. This can represent:
                          #
                          # * A full date, with non-zero year, month and day values
                          # * A month and day value, with a zero year, e.g. an anniversary
                          # * A year on its own, with zero month and day values
                          # * A year and month value, with a zero day, e.g. a credit card expiration date
                          #
                          # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                        &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                            # a year.
                        &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                            # month and day.
                        &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                            # if specifying a year by itself or a year and month where the day is not
                            # significant.
                      },
                      &quot;stringValue&quot;: &quot;A String&quot;, # string
                      &quot;integerValue&quot;: &quot;A String&quot;, # integer
                      &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                          # or are specified elsewhere. An API may choose to allow leap seconds. Related
                          # types are google.type.Date and `google.protobuf.Timestamp`.
                        &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                            # allow the value 60 if it allows leap-seconds.
                        &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                        &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                            # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                        &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                      },
                    },
                  },
                ],
              },
              &quot;replaceConfig&quot;: { # Replace each input value with a given `Value`. # Replace
                &quot;newValue&quot;: { # Set of primitive values supported by the system. # Value to replace it with.
                    # Note that for the purposes of inspection or transformation, the number
                    # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                    # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                    # 123456789, the number of bytes would be counted as 9, even though an
                    # int64 only holds up to 8 bytes of data.
                  &quot;booleanValue&quot;: True or False, # boolean
                  &quot;floatValue&quot;: 3.14, # float
                  &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                  &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                  &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                      # and time zone are either specified elsewhere or are not significant. The date
                      # is relative to the Proleptic Gregorian Calendar. This can represent:
                      #
                      # * A full date, with non-zero year, month and day values
                      # * A month and day value, with a zero year, e.g. an anniversary
                      # * A year on its own, with zero month and day values
                      # * A year and month value, with a zero day, e.g. a credit card expiration date
                      #
                      # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                    &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                        # a year.
                    &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                        # month and day.
                    &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                        # if specifying a year by itself or a year and month where the day is not
                        # significant.
                  },
                  &quot;stringValue&quot;: &quot;A String&quot;, # string
                  &quot;integerValue&quot;: &quot;A String&quot;, # integer
                  &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                      # or are specified elsewhere. An API may choose to allow leap seconds. Related
                      # types are google.type.Date and `google.protobuf.Timestamp`.
                    &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                        # allow the value 60 if it allows leap-seconds.
                    &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                    &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                        # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                    &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                  },
                },
              },
              &quot;characterMaskConfig&quot;: { # Partially mask a string by replacing a given number of characters with a # Mask
                  # fixed character. Masking can start from the beginning or end of the string.
                  # This can be used on data of any type (numbers, longs, and so on) and when
                  # de-identifying structured data we&#x27;ll attempt to preserve the original data&#x27;s
                  # type. (This allows you to take a long like 123 and modify it to a string like
                  # **3.
                &quot;reverseOrder&quot;: True or False, # Mask characters in reverse order. For example, if `masking_character` is
                    # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
                    # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
                    # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
                    # is `true`, then the string `12345` is masked as `12***`.
                &quot;charactersToIgnore&quot;: [ # When masking a string, items in this list will be skipped when replacing
                    # characters. For example, if the input string is `555-555-5555` and you
                    # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
                    # returns `***-**5-5555`.
                  { # Characters to skip when doing deidentification of a value. These will be left
                      # alone and skipped.
                    &quot;charactersToSkip&quot;: &quot;A String&quot;, # Characters to not transform when masking.
                    &quot;commonCharactersToIgnore&quot;: &quot;A String&quot;, # Common characters to not transform when masking. Useful to avoid removing
                        # punctuation.
                  },
                ],
                &quot;numberToMask&quot;: 42, # Number of characters to mask. If not set, all matching chars will be
                    # masked. Skipped characters do not count towards this tally.
                &quot;maskingCharacter&quot;: &quot;A String&quot;, # Character to use to mask the sensitive values&amp;mdash;for example, `*` for an
                    # alphabetic string such as a name, or `0` for a numeric string such as ZIP
                    # code or credit card number. This string must have a length of 1. If not
                    # supplied, this value defaults to `*` for strings, and `0` for digits.
              },
              &quot;fixedSizeBucketingConfig&quot;: { # Buckets values based on fixed size ranges. The # Fixed size bucketing
                  # Bucketing transformation can provide all of this functionality,
                  # but requires more configuration. This message is provided as a convenience to
                  # the user for simple bucketing strategies.
                  #
                  # The transformed value will be a hyphenated string of
                  # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
                  # all values that are within this bucket will be replaced with &quot;10-20&quot;.
                  #
                  # This can be used on data of type: double, long.
                  #
                  # If the bound Value type differs from the type of data
                  # being transformed, we will first attempt converting the type of the data to
                  # be transformed to match the type of the bound before comparing.
                  #
                  # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
                &quot;lowerBound&quot;: { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
                    # grouped together into a single bucket; for example if `lower_bound` = 10,
                    # then all values less than 10 are replaced with the value &quot;-10&quot;.
                    # Note that for the purposes of inspection or transformation, the number
                    # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                    # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                    # 123456789, the number of bytes would be counted as 9, even though an
                    # int64 only holds up to 8 bytes of data.
                  &quot;booleanValue&quot;: True or False, # boolean
                  &quot;floatValue&quot;: 3.14, # float
                  &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                  &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                  &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                      # and time zone are either specified elsewhere or are not significant. The date
                      # is relative to the Proleptic Gregorian Calendar. This can represent:
                      #
                      # * A full date, with non-zero year, month and day values
                      # * A month and day value, with a zero year, e.g. an anniversary
                      # * A year on its own, with zero month and day values
                      # * A year and month value, with a zero day, e.g. a credit card expiration date
                      #
                      # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                    &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                        # a year.
                    &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                        # month and day.
                    &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                        # if specifying a year by itself or a year and month where the day is not
                        # significant.
                  },
                  &quot;stringValue&quot;: &quot;A String&quot;, # string
                  &quot;integerValue&quot;: &quot;A String&quot;, # integer
                  &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                      # or are specified elsewhere. An API may choose to allow leap seconds. Related
                      # types are google.type.Date and `google.protobuf.Timestamp`.
                    &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                        # allow the value 60 if it allows leap-seconds.
                    &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                    &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                        # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                    &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                  },
                },
                &quot;upperBound&quot;: { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
                    # grouped together into a single bucket; for example if `upper_bound` = 89,
                    # then all values greater than 89 are replaced with the value &quot;89+&quot;.
                    # Note that for the purposes of inspection or transformation, the number
                    # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                    # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                    # 123456789, the number of bytes would be counted as 9, even though an
                    # int64 only holds up to 8 bytes of data.
                  &quot;booleanValue&quot;: True or False, # boolean
                  &quot;floatValue&quot;: 3.14, # float
                  &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                  &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                  &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                      # and time zone are either specified elsewhere or are not significant. The date
                      # is relative to the Proleptic Gregorian Calendar. This can represent:
                      #
                      # * A full date, with non-zero year, month and day values
                      # * A month and day value, with a zero year, e.g. an anniversary
                      # * A year on its own, with zero month and day values
                      # * A year and month value, with a zero day, e.g. a credit card expiration date
                      #
                      # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                    &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                        # a year.
                    &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                        # month and day.
                    &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                        # if specifying a year by itself or a year and month where the day is not
                        # significant.
                  },
                  &quot;stringValue&quot;: &quot;A String&quot;, # string
                  &quot;integerValue&quot;: &quot;A String&quot;, # integer
                  &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                      # or are specified elsewhere. An API may choose to allow leap seconds. Related
                      # types are google.type.Date and `google.protobuf.Timestamp`.
                    &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                        # allow the value 60 if it allows leap-seconds.
                    &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                    &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                        # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                    &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                  },
                },
                &quot;bucketSize&quot;: 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
                    # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
                    # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
                    # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
              },
            },
          },
        ],
      },
    },
    &quot;locationId&quot;: &quot;A String&quot;, # The geographic location to process de-identification. Reserved for future
        # extensions.
  }

  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # Results of de-identifying a ContentItem.
    &quot;item&quot;: { # Container structure for the content to inspect. # The de-identified item.
      &quot;byteItem&quot;: { # Container for bytes to inspect or redact. # Content data to inspect or redact. Replaces `type` and `data`.
        &quot;type&quot;: &quot;A String&quot;, # The type of data stored in the bytes string. Default will be TEXT_UTF8.
        &quot;data&quot;: &quot;A String&quot;, # Content data to inspect or redact.
      },
      &quot;value&quot;: &quot;A String&quot;, # String data to inspect or redact.
      &quot;table&quot;: { # Structured content to inspect. Up to 50,000 `Value`s per request allowed. # Structured content for inspection. See
          # https://cloud.google.com/dlp/docs/inspecting-text#inspecting_a_table to
          # learn more.
          # See https://cloud.google.com/dlp/docs/inspecting-text#inspecting_a_table to
          # learn more.
        &quot;rows&quot;: [ # Rows of the table.
          { # Values of the row.
            &quot;values&quot;: [ # Individual cells.
              { # Set of primitive values supported by the system.
                  # Note that for the purposes of inspection or transformation, the number
                  # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                  # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                  # 123456789, the number of bytes would be counted as 9, even though an
                  # int64 only holds up to 8 bytes of data.
                &quot;booleanValue&quot;: True or False, # boolean
                &quot;floatValue&quot;: 3.14, # float
                &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                    # and time zone are either specified elsewhere or are not significant. The date
                    # is relative to the Proleptic Gregorian Calendar. This can represent:
                    #
                    # * A full date, with non-zero year, month and day values
                    # * A month and day value, with a zero year, e.g. an anniversary
                    # * A year on its own, with zero month and day values
                    # * A year and month value, with a zero day, e.g. a credit card expiration date
                    #
                    # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                  &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                      # a year.
                  &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                      # month and day.
                  &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                      # if specifying a year by itself or a year and month where the day is not
                      # significant.
                },
                &quot;stringValue&quot;: &quot;A String&quot;, # string
                &quot;integerValue&quot;: &quot;A String&quot;, # integer
                &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                    # or are specified elsewhere. An API may choose to allow leap seconds. Related
                    # types are google.type.Date and `google.protobuf.Timestamp`.
                  &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                      # allow the value 60 if it allows leap-seconds.
                  &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                  &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                      # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                  &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                },
              },
            ],
          },
        ],
        &quot;headers&quot;: [ # Headers of the table.
          { # General identifier of a data field in a storage service.
            &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
          },
        ],
      },
    },
    &quot;overview&quot;: { # Overview of the modifications that occurred. # An overview of the changes that were made on the `item`.
      &quot;transformationSummaries&quot;: [ # Transformations applied to the dataset.
        { # Summary of a single transformation.
            # Only one of &#x27;transformation&#x27;, &#x27;field_transformation&#x27;, or &#x27;record_suppress&#x27;
            # will be set.
          &quot;fieldTransformations&quot;: [ # The field transformation that was applied.
              # If multiple field transformations are requested for a single field,
              # this list will contain all of them; otherwise, only one is supplied.
            { # The transformation to apply to the field.
              &quot;fields&quot;: [ # Required. Input field(s) to apply the transformation to.
                { # General identifier of a data field in a storage service.
                  &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
                },
              ],
              &quot;infoTypeTransformations&quot;: { # A type of transformation that will scan unstructured text and # Treat the contents of the field as free text, and selectively
                  # transform content that matches an `InfoType`.
                  # apply various `PrimitiveTransformation`s to each finding, where the
                  # transformation is applied to only values that were identified as a specific
                  # info_type.
                &quot;transformations&quot;: [ # Required. Transformation for each infoType. Cannot specify more than one
                    # for a given infoType.
                  { # A transformation to apply to text that is identified as a specific
                      # info_type.
                    &quot;infoTypes&quot;: [ # InfoTypes to apply the transformation to. An empty list will cause
                        # this transformation to apply to all findings that correspond to
                        # infoTypes that were requested in `InspectConfig`.
                      { # Type of information detected by the API.
                        &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
                            # creating a CustomInfoType, or one of the names listed
                            # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
                            # a built-in type. InfoType names should conform to the pattern
                            # `[a-zA-Z0-9_]{1,64}`.
                      },
                    ],
                    &quot;primitiveTransformation&quot;: { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.
                      &quot;timePartConfig&quot;: { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
                          # portion of the value.
                        &quot;partToExtract&quot;: &quot;A String&quot;, # The part of the time to keep.
                      },
                      &quot;dateShiftConfig&quot;: { # Shifts dates by random number of days, with option to be consistent for the # Date Shift
                          # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
                          # to learn more.
                        &quot;context&quot;: { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id.
                            # If set, must also set cryptoKey. If set, shift will be consistent for the
                            # given context.
                          &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
                        },
                        &quot;upperBoundDays&quot;: 42, # Required. Range of shift in days. Actual shift will be selected at random within this
                            # range (inclusive ends). Negative means shift to earlier in time. Must not
                            # be more than 365250 days (1000 years) each direction.
                            #
                            # For example, 3 means shift date to at most 3 days into the future.
                        &quot;lowerBoundDays&quot;: 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
                        &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
                            # results in the same shift for the same context and crypto_key. If
                            # set, must also set context. Can only be applied to table items.
                            # a key encryption key (KEK) stored by KMS).
                            # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
                            # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
                            # unwrap the data crypto key.
                          &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
                              # The wrapped key must be a 128/192/256 bit key.
                              # Authorization requires the following IAM permissions when sending a request
                              # to perform a crypto transformation using a kms-wrapped crypto key:
                              # dlp.kms.encrypt
                            &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
                            &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
                          },
                          &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
                              # leaking the key. Choose another type of key if possible.
                            &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
                          },
                          &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
                              # It will be discarded after the request finishes.
                            &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
                                # This is an arbitrary string used to differentiate different keys.
                                # A unique key is generated per name: two separate `TransientCryptoKey`
                                # protos share the same generated key if their names are the same.
                                # When the data crypto key is generated, this name is not used in any way
                                # (repeating the api call will result in a different key being generated).
                          },
                        },
                      },
                      &quot;replaceWithInfoTypeConfig&quot;: { # Replace each matching finding with the name of the info_type. # Replace with infotype
                      },
                      &quot;cryptoHashConfig&quot;: { # Pseudonymization method that generates surrogates via cryptographic hashing. # Crypto
                          # Uses SHA-256.
                          # The key size must be either 32 or 64 bytes.
                          # Outputs a base64 encoded representation of the hashed output
                          # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).
                          # Currently, only string and integer values can be hashed.
                          # See https://cloud.google.com/dlp/docs/pseudonymization to learn more.
                        &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function.
                            # a key encryption key (KEK) stored by KMS).
                            # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
                            # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
                            # unwrap the data crypto key.
                          &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
                              # The wrapped key must be a 128/192/256 bit key.
                              # Authorization requires the following IAM permissions when sending a request
                              # to perform a crypto transformation using a kms-wrapped crypto key:
                              # dlp.kms.encrypt
                            &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
                            &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
                          },
                          &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
                              # leaking the key. Choose another type of key if possible.
                            &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
                          },
                          &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
                              # It will be discarded after the request finishes.
                            &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
                                # This is an arbitrary string used to differentiate different keys.
                                # A unique key is generated per name: two separate `TransientCryptoKey`
                                # protos share the same generated key if their names are the same.
                                # When the data crypto key is generated, this name is not used in any way
                                # (repeating the api call will result in a different key being generated).
                          },
                        },
                      },
                      &quot;cryptoReplaceFfxFpeConfig&quot;: { # Replaces an identifier with a surrogate using Format Preserving Encryption # Ffx-Fpe
                          # (FPE) with the FFX mode of operation; however when used in the
                          # `ReidentifyContent` API method, it serves the opposite function by reversing
                          # the surrogate back into the original identifier. The identifier must be
                          # encoded as ASCII. For a given crypto key and context, the same identifier
                          # will be replaced with the same surrogate. Identifiers must be at least two
                          # characters long. In the case that the identifier is the empty string, it will
                          # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn
                          # more.
                          #
                          # Note: We recommend using  CryptoDeterministicConfig for all use cases which
                          # do not require preserving the input alphabet space and size, plus warrant
                          # referential integrity.
                        &quot;customAlphabet&quot;: &quot;A String&quot;, # This is supported by mapping these to the alphanumeric characters
                            # that the FFX mode natively supports. This happens before/after
                            # encryption/decryption.
                            # Each character listed must appear only once.
                            # Number of characters must be in the range [2, 95].
                            # This must be encoded as ASCII.
                            # The order of characters does not matter.
                        &quot;commonAlphabet&quot;: &quot;A String&quot;, # Common alphabets.
                        &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom infoType to annotate the surrogate with.
                            # This annotation will be applied to the surrogate by prefixing it with
                            # the name of the custom infoType followed by the number of
                            # characters comprising the surrogate. The following scheme defines the
                            # format: info_type_name(surrogate_character_count):surrogate
                            #
                            # For example, if the name of custom infoType is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
                            # the surrogate is &#x27;abc&#x27;, the full replacement value
                            # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
                            #
                            # This annotation identifies the surrogate when inspecting content using the
                            # custom infoType
                            # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
                            # This facilitates reversal of the surrogate when it occurs in free text.
                            #
                            # In order for inspection to work properly, the name of this infoType must
                            # not occur naturally anywhere in your data; otherwise, inspection may
                            # find a surrogate that does not correspond to an actual identifier.
                            # Therefore, choose your custom infoType name carefully after considering
                            # what your data looks like. One way to select a name that has a high chance
                            # of yielding reliable detection is to include one or more unicode characters
                            # that are highly improbable to exist in your data.
                            # For example, assuming your data is entered from a regular ASCII keyboard,
                            # the symbol with the hex code point 29DD might be used like so:
                            # ⧝MY_TOKEN_TYPE
                          &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
                              # creating a CustomInfoType, or one of the names listed
                              # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
                              # a built-in type. InfoType names should conform to the pattern
                              # `[a-zA-Z0-9_]{1,64}`.
                        },
                        &quot;context&quot;: { # General identifier of a data field in a storage service. # The &#x27;tweak&#x27;, a context may be used for higher security since the same
                            # identifier in two different contexts won&#x27;t be given the same surrogate. If
                            # the context is not set, a default tweak will be used.
                            #
                            # If the context is set but:
                            #
                            # 1. there is no record present when transforming a given value or
                            # 1. the field is not present when transforming a given value,
                            #
                            # a default tweak will be used.
                            #
                            # Note that case (1) is expected when an `InfoTypeTransformation` is
                            # applied to both structured and non-structured `ContentItem`s.
                            # Currently, the referenced field may be of value type integer or string.
                            #
                            # The tweak is constructed as a sequence of bytes in big endian byte order
                            # such that:
                            #
                            # - a 64 bit integer is encoded followed by a single byte of value 1
                            # - a string is encoded in UTF-8 format followed by a single byte of value 2
                          &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
                        },
                        &quot;radix&quot;: 42, # The native way to select the alphabet. Must be in the range [2, 95].
                        &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Required. The key used by the encryption algorithm.
                            # a key encryption key (KEK) stored by KMS).
                            # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
                            # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
                            # unwrap the data crypto key.
                          &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
                              # The wrapped key must be a 128/192/256 bit key.
                              # Authorization requires the following IAM permissions when sending a request
                              # to perform a crypto transformation using a kms-wrapped crypto key:
                              # dlp.kms.encrypt
                            &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
                            &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
                          },
                          &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
                              # leaking the key. Choose another type of key if possible.
                            &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
                          },
                          &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
                              # It will be discarded after the request finishes.
                            &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
                                # This is an arbitrary string used to differentiate different keys.
                                # A unique key is generated per name: two separate `TransientCryptoKey`
                                # protos share the same generated key if their names are the same.
                                # When the data crypto key is generated, this name is not used in any way
                                # (repeating the api call will result in a different key being generated).
                          },
                        },
                      },
                      &quot;cryptoDeterministicConfig&quot;: { # Pseudonymization method that generates deterministic encryption for the given # Deterministic Crypto
                          # input. Outputs a base64 encoded representation of the encrypted output.
                          # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
                        &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
                            # This annotation will be applied to the surrogate by prefixing it with
                            # the name of the custom info type followed by the number of
                            # characters comprising the surrogate. The following scheme defines the
                            # format: {info type name}({surrogate character count}):{surrogate}
                            #
                            # For example, if the name of custom info type is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
                            # the surrogate is &#x27;abc&#x27;, the full replacement value
                            # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
                            #
                            # This annotation identifies the surrogate when inspecting content using the
                            # custom info type &#x27;Surrogate&#x27;. This facilitates reversal of the
                            # surrogate when it occurs in free text.
                            #
                            # Note: For record transformations where the entire cell in a table is being
                            # transformed, surrogates are not mandatory. Surrogates are used to denote
                            # the location of the token and are necessary for re-identification in free
                            # form text.
                            #
                            # In order for inspection to work properly, the name of this info type must
                            # not occur naturally anywhere in your data; otherwise, inspection may either
                            #
                            # - reverse a surrogate that does not correspond to an actual identifier
                            # - be unable to parse the surrogate and result in an error
                            #
                            # Therefore, choose your custom info type name carefully after considering
                            # what your data looks like. One way to select a name that has a high chance
                            # of yielding reliable detection is to include one or more unicode characters
                            # that are highly improbable to exist in your data.
                            # For example, assuming your data is entered from a regular ASCII keyboard,
                            # the symbol with the hex code point 29DD might be used like so:
                            # ⧝MY_TOKEN_TYPE.
                          &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
                              # creating a CustomInfoType, or one of the names listed
                              # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
                              # a built-in type. InfoType names should conform to the pattern
                              # `[a-zA-Z0-9_]{1,64}`.
                        },
                        &quot;context&quot;: { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
                            # referential integrity such that the same identifier in two different
                            # contexts will be given a distinct surrogate. The context is appended to
                            # plaintext value being encrypted. On decryption the provided context is
                            # validated against the value used during encryption. If a context was
                            # provided during encryption, same context must be provided during decryption
                            # as well.
                            #
                            # If the context is not set, plaintext would be used as is for encryption.
                            # If the context is set but:
                            #
                            # 1. there is no record present when transforming a given value or
                            # 2. the field is not present when transforming a given value,
                            #
                            # plaintext would be used as is for encryption.
                            #
                            # Note that case (1) is expected when an `InfoTypeTransformation` is
                            # applied to both structured and non-structured `ContentItem`s.
                          &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
                        },
                        &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
                            # a key encryption key (KEK) stored by KMS).
                            # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
                            # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
                            # unwrap the data crypto key.
                          &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
                              # The wrapped key must be a 128/192/256 bit key.
                              # Authorization requires the following IAM permissions when sending a request
                              # to perform a crypto transformation using a kms-wrapped crypto key:
                              # dlp.kms.encrypt
                            &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
                            &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
                          },
                          &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
                              # leaking the key. Choose another type of key if possible.
                            &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
                          },
                          &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
                              # It will be discarded after the request finishes.
                            &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
                                # This is an arbitrary string used to differentiate different keys.
                                # A unique key is generated per name: two separate `TransientCryptoKey`
                                # protos share the same generated key if their names are the same.
                                # When the data crypto key is generated, this name is not used in any way
                                # (repeating the api call will result in a different key being generated).
                          },
                        },
                      },
                      &quot;redactConfig&quot;: { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
                          # transforming PHONE_NUMBER, and input &#x27;My phone number is 206-555-0123&#x27;, the
                          # output would be &#x27;My phone number is &#x27;.
                      },
                      &quot;bucketingConfig&quot;: { # Generalization function that buckets values based on ranges. The ranges and # Bucketing
                          # replacement values are dynamically provided by the user for custom behavior,
                          # such as 1-30 -&gt; LOW 31-65 -&gt; MEDIUM 66-100 -&gt; HIGH
                          # This can be used on
                          # data of type: number, long, string, timestamp.
                          # If the bound `Value` type differs from the type of data being transformed, we
                          # will first attempt converting the type of the data to be transformed to match
                          # the type of the bound before comparing.
                          # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
                        &quot;buckets&quot;: [ # Set of buckets. Ranges must be non-overlapping.
                          { # Bucket is represented as a range, along with replacement values.
                            &quot;min&quot;: { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
                                # used.
                                # Note that for the purposes of inspection or transformation, the number
                                # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                                # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                                # 123456789, the number of bytes would be counted as 9, even though an
                                # int64 only holds up to 8 bytes of data.
                              &quot;booleanValue&quot;: True or False, # boolean
                              &quot;floatValue&quot;: 3.14, # float
                              &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                              &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                              &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                                  # and time zone are either specified elsewhere or are not significant. The date
                                  # is relative to the Proleptic Gregorian Calendar. This can represent:
                                  #
                                  # * A full date, with non-zero year, month and day values
                                  # * A month and day value, with a zero year, e.g. an anniversary
                                  # * A year on its own, with zero month and day values
                                  # * A year and month value, with a zero day, e.g. a credit card expiration date
                                  #
                                  # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                                &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                                    # a year.
                                &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                                    # month and day.
                                &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                                    # if specifying a year by itself or a year and month where the day is not
                                    # significant.
                              },
                              &quot;stringValue&quot;: &quot;A String&quot;, # string
                              &quot;integerValue&quot;: &quot;A String&quot;, # integer
                              &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                                  # or are specified elsewhere. An API may choose to allow leap seconds. Related
                                  # types are google.type.Date and `google.protobuf.Timestamp`.
                                &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                                    # allow the value 60 if it allows leap-seconds.
                                &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                                &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                                    # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                                &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                              },
                            },
                            &quot;max&quot;: { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
                                # Note that for the purposes of inspection or transformation, the number
                                # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                                # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                                # 123456789, the number of bytes would be counted as 9, even though an
                                # int64 only holds up to 8 bytes of data.
                              &quot;booleanValue&quot;: True or False, # boolean
                              &quot;floatValue&quot;: 3.14, # float
                              &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                              &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                              &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                                  # and time zone are either specified elsewhere or are not significant. The date
                                  # is relative to the Proleptic Gregorian Calendar. This can represent:
                                  #
                                  # * A full date, with non-zero year, month and day values
                                  # * A month and day value, with a zero year, e.g. an anniversary
                                  # * A year on its own, with zero month and day values
                                  # * A year and month value, with a zero day, e.g. a credit card expiration date
                                  #
                                  # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                                &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                                    # a year.
                                &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                                    # month and day.
                                &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                                    # if specifying a year by itself or a year and month where the day is not
                                    # significant.
                              },
                              &quot;stringValue&quot;: &quot;A String&quot;, # string
                              &quot;integerValue&quot;: &quot;A String&quot;, # integer
                              &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                                  # or are specified elsewhere. An API may choose to allow leap seconds. Related
                                  # types are google.type.Date and `google.protobuf.Timestamp`.
                                &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                                    # allow the value 60 if it allows leap-seconds.
                                &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                                &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                                    # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                                &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                              },
                            },
                            &quot;replacementValue&quot;: { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
                                # the default behavior will be to hyphenate the min-max range.
                                # Note that for the purposes of inspection or transformation, the number
                                # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                                # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                                # 123456789, the number of bytes would be counted as 9, even though an
                                # int64 only holds up to 8 bytes of data.
                              &quot;booleanValue&quot;: True or False, # boolean
                              &quot;floatValue&quot;: 3.14, # float
                              &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                              &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                              &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                                  # and time zone are either specified elsewhere or are not significant. The date
                                  # is relative to the Proleptic Gregorian Calendar. This can represent:
                                  #
                                  # * A full date, with non-zero year, month and day values
                                  # * A month and day value, with a zero year, e.g. an anniversary
                                  # * A year on its own, with zero month and day values
                                  # * A year and month value, with a zero day, e.g. a credit card expiration date
                                  #
                                  # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                                &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                                    # a year.
                                &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                                    # month and day.
                                &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                                    # if specifying a year by itself or a year and month where the day is not
                                    # significant.
                              },
                              &quot;stringValue&quot;: &quot;A String&quot;, # string
                              &quot;integerValue&quot;: &quot;A String&quot;, # integer
                              &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                                  # or are specified elsewhere. An API may choose to allow leap seconds. Related
                                  # types are google.type.Date and `google.protobuf.Timestamp`.
                                &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                                    # allow the value 60 if it allows leap-seconds.
                                &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                                &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                                    # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                                &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                              },
                            },
                          },
                        ],
                      },
                      &quot;replaceConfig&quot;: { # Replace each input value with a given `Value`. # Replace
                        &quot;newValue&quot;: { # Set of primitive values supported by the system. # Value to replace it with.
                            # Note that for the purposes of inspection or transformation, the number
                            # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                            # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                            # 123456789, the number of bytes would be counted as 9, even though an
                            # int64 only holds up to 8 bytes of data.
                          &quot;booleanValue&quot;: True or False, # boolean
                          &quot;floatValue&quot;: 3.14, # float
                          &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                          &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                          &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                              # and time zone are either specified elsewhere or are not significant. The date
                              # is relative to the Proleptic Gregorian Calendar. This can represent:
                              #
                              # * A full date, with non-zero year, month and day values
                              # * A month and day value, with a zero year, e.g. an anniversary
                              # * A year on its own, with zero month and day values
                              # * A year and month value, with a zero day, e.g. a credit card expiration date
                              #
                              # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                            &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                                # a year.
                            &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                                # month and day.
                            &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                                # if specifying a year by itself or a year and month where the day is not
                                # significant.
                          },
                          &quot;stringValue&quot;: &quot;A String&quot;, # string
                          &quot;integerValue&quot;: &quot;A String&quot;, # integer
                          &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                              # or are specified elsewhere. An API may choose to allow leap seconds. Related
                              # types are google.type.Date and `google.protobuf.Timestamp`.
                            &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                                # allow the value 60 if it allows leap-seconds.
                            &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                            &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                                # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                            &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                          },
                        },
                      },
                      &quot;characterMaskConfig&quot;: { # Partially mask a string by replacing a given number of characters with a # Mask
                          # fixed character. Masking can start from the beginning or end of the string.
                          # This can be used on data of any type (numbers, longs, and so on) and when
                          # de-identifying structured data we&#x27;ll attempt to preserve the original data&#x27;s
                          # type. (This allows you to take a long like 123 and modify it to a string like
                          # **3.
                        &quot;reverseOrder&quot;: True or False, # Mask characters in reverse order. For example, if `masking_character` is
                            # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
                            # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
                            # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
                            # is `true`, then the string `12345` is masked as `12***`.
                        &quot;charactersToIgnore&quot;: [ # When masking a string, items in this list will be skipped when replacing
                            # characters. For example, if the input string is `555-555-5555` and you
                            # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
                            # returns `***-**5-5555`.
                          { # Characters to skip when doing deidentification of a value. These will be left
                              # alone and skipped.
                            &quot;charactersToSkip&quot;: &quot;A String&quot;, # Characters to not transform when masking.
                            &quot;commonCharactersToIgnore&quot;: &quot;A String&quot;, # Common characters to not transform when masking. Useful to avoid removing
                                # punctuation.
                          },
                        ],
                        &quot;numberToMask&quot;: 42, # Number of characters to mask. If not set, all matching chars will be
                            # masked. Skipped characters do not count towards this tally.
                        &quot;maskingCharacter&quot;: &quot;A String&quot;, # Character to use to mask the sensitive values&amp;mdash;for example, `*` for an
                            # alphabetic string such as a name, or `0` for a numeric string such as ZIP
                            # code or credit card number. This string must have a length of 1. If not
                            # supplied, this value defaults to `*` for strings, and `0` for digits.
                      },
                      &quot;fixedSizeBucketingConfig&quot;: { # Buckets values based on fixed size ranges. The # Fixed size bucketing
                          # Bucketing transformation can provide all of this functionality,
                          # but requires more configuration. This message is provided as a convenience to
                          # the user for simple bucketing strategies.
                          #
                          # The transformed value will be a hyphenated string of
                          # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
                          # all values that are within this bucket will be replaced with &quot;10-20&quot;.
                          #
                          # This can be used on data of type: double, long.
                          #
                          # If the bound Value type differs from the type of data
                          # being transformed, we will first attempt converting the type of the data to
                          # be transformed to match the type of the bound before comparing.
                          #
                          # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
                        &quot;lowerBound&quot;: { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
                            # grouped together into a single bucket; for example if `lower_bound` = 10,
                            # then all values less than 10 are replaced with the value &quot;-10&quot;.
                            # Note that for the purposes of inspection or transformation, the number
                            # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                            # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                            # 123456789, the number of bytes would be counted as 9, even though an
                            # int64 only holds up to 8 bytes of data.
                          &quot;booleanValue&quot;: True or False, # boolean
                          &quot;floatValue&quot;: 3.14, # float
                          &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                          &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                          &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                              # and time zone are either specified elsewhere or are not significant. The date
                              # is relative to the Proleptic Gregorian Calendar. This can represent:
                              #
                              # * A full date, with non-zero year, month and day values
                              # * A month and day value, with a zero year, e.g. an anniversary
                              # * A year on its own, with zero month and day values
                              # * A year and month value, with a zero day, e.g. a credit card expiration date
                              #
                              # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                            &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                                # a year.
                            &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                                # month and day.
                            &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                                # if specifying a year by itself or a year and month where the day is not
                                # significant.
                          },
                          &quot;stringValue&quot;: &quot;A String&quot;, # string
                          &quot;integerValue&quot;: &quot;A String&quot;, # integer
                          &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                              # or are specified elsewhere. An API may choose to allow leap seconds. Related
                              # types are google.type.Date and `google.protobuf.Timestamp`.
                            &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                                # allow the value 60 if it allows leap-seconds.
                            &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                            &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                                # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                            &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                          },
                        },
                        &quot;upperBound&quot;: { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
                            # grouped together into a single bucket; for example if `upper_bound` = 89,
                            # then all values greater than 89 are replaced with the value &quot;89+&quot;.
                            # Note that for the purposes of inspection or transformation, the number
                            # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                            # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                            # 123456789, the number of bytes would be counted as 9, even though an
                            # int64 only holds up to 8 bytes of data.
                          &quot;booleanValue&quot;: True or False, # boolean
                          &quot;floatValue&quot;: 3.14, # float
                          &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                          &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                          &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                              # and time zone are either specified elsewhere or are not significant. The date
                              # is relative to the Proleptic Gregorian Calendar. This can represent:
                              #
                              # * A full date, with non-zero year, month and day values
                              # * A month and day value, with a zero year, e.g. an anniversary
                              # * A year on its own, with zero month and day values
                              # * A year and month value, with a zero day, e.g. a credit card expiration date
                              #
                              # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                            &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                                # a year.
                            &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                                # month and day.
                            &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                                # if specifying a year by itself or a year and month where the day is not
                                # significant.
                          },
                          &quot;stringValue&quot;: &quot;A String&quot;, # string
                          &quot;integerValue&quot;: &quot;A String&quot;, # integer
                          &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                              # or are specified elsewhere. An API may choose to allow leap seconds. Related
                              # types are google.type.Date and `google.protobuf.Timestamp`.
                            &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                                # allow the value 60 if it allows leap-seconds.
                            &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                            &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                                # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                            &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                          },
                        },
                        &quot;bucketSize&quot;: 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
                            # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
                            # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
                            # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
                      },
                    },
                  },
                ],
              },
              &quot;primitiveTransformation&quot;: { # A rule for transforming a value. # Apply the transformation to the entire field.
                &quot;timePartConfig&quot;: { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
                    # portion of the value.
                  &quot;partToExtract&quot;: &quot;A String&quot;, # The part of the time to keep.
                },
                &quot;dateShiftConfig&quot;: { # Shifts dates by random number of days, with option to be consistent for the # Date Shift
                    # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
                    # to learn more.
                  &quot;context&quot;: { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id.
                      # If set, must also set cryptoKey. If set, shift will be consistent for the
                      # given context.
                    &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
                  },
                  &quot;upperBoundDays&quot;: 42, # Required. Range of shift in days. Actual shift will be selected at random within this
                      # range (inclusive ends). Negative means shift to earlier in time. Must not
                      # be more than 365250 days (1000 years) each direction.
                      #
                      # For example, 3 means shift date to at most 3 days into the future.
                  &quot;lowerBoundDays&quot;: 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
                  &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
                      # results in the same shift for the same context and crypto_key. If
                      # set, must also set context. Can only be applied to table items.
                      # a key encryption key (KEK) stored by KMS).
                      # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
                      # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
                      # unwrap the data crypto key.
                    &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
                        # The wrapped key must be a 128/192/256 bit key.
                        # Authorization requires the following IAM permissions when sending a request
                        # to perform a crypto transformation using a kms-wrapped crypto key:
                        # dlp.kms.encrypt
                      &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
                      &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
                    },
                    &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
                        # leaking the key. Choose another type of key if possible.
                      &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
                    },
                    &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
                        # It will be discarded after the request finishes.
                      &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
                          # This is an arbitrary string used to differentiate different keys.
                          # A unique key is generated per name: two separate `TransientCryptoKey`
                          # protos share the same generated key if their names are the same.
                          # When the data crypto key is generated, this name is not used in any way
                          # (repeating the api call will result in a different key being generated).
                    },
                  },
                },
                &quot;replaceWithInfoTypeConfig&quot;: { # Replace each matching finding with the name of the info_type. # Replace with infotype
                },
                &quot;cryptoHashConfig&quot;: { # Pseudonymization method that generates surrogates via cryptographic hashing. # Crypto
                    # Uses SHA-256.
                    # The key size must be either 32 or 64 bytes.
                    # Outputs a base64 encoded representation of the hashed output
                    # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).
                    # Currently, only string and integer values can be hashed.
                    # See https://cloud.google.com/dlp/docs/pseudonymization to learn more.
                  &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function.
                      # a key encryption key (KEK) stored by KMS).
                      # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
                      # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
                      # unwrap the data crypto key.
                    &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
                        # The wrapped key must be a 128/192/256 bit key.
                        # Authorization requires the following IAM permissions when sending a request
                        # to perform a crypto transformation using a kms-wrapped crypto key:
                        # dlp.kms.encrypt
                      &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
                      &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
                    },
                    &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
                        # leaking the key. Choose another type of key if possible.
                      &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
                    },
                    &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
                        # It will be discarded after the request finishes.
                      &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
                          # This is an arbitrary string used to differentiate different keys.
                          # A unique key is generated per name: two separate `TransientCryptoKey`
                          # protos share the same generated key if their names are the same.
                          # When the data crypto key is generated, this name is not used in any way
                          # (repeating the api call will result in a different key being generated).
                    },
                  },
                },
                &quot;cryptoReplaceFfxFpeConfig&quot;: { # Replaces an identifier with a surrogate using Format Preserving Encryption # Ffx-Fpe
                    # (FPE) with the FFX mode of operation; however when used in the
                    # `ReidentifyContent` API method, it serves the opposite function by reversing
                    # the surrogate back into the original identifier. The identifier must be
                    # encoded as ASCII. For a given crypto key and context, the same identifier
                    # will be replaced with the same surrogate. Identifiers must be at least two
                    # characters long. In the case that the identifier is the empty string, it will
                    # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn
                    # more.
                    #
                    # Note: We recommend using  CryptoDeterministicConfig for all use cases which
                    # do not require preserving the input alphabet space and size, plus warrant
                    # referential integrity.
                  &quot;customAlphabet&quot;: &quot;A String&quot;, # This is supported by mapping these to the alphanumeric characters
                      # that the FFX mode natively supports. This happens before/after
                      # encryption/decryption.
                      # Each character listed must appear only once.
                      # Number of characters must be in the range [2, 95].
                      # This must be encoded as ASCII.
                      # The order of characters does not matter.
                  &quot;commonAlphabet&quot;: &quot;A String&quot;, # Common alphabets.
                  &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom infoType to annotate the surrogate with.
                      # This annotation will be applied to the surrogate by prefixing it with
                      # the name of the custom infoType followed by the number of
                      # characters comprising the surrogate. The following scheme defines the
                      # format: info_type_name(surrogate_character_count):surrogate
                      #
                      # For example, if the name of custom infoType is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
                      # the surrogate is &#x27;abc&#x27;, the full replacement value
                      # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
                      #
                      # This annotation identifies the surrogate when inspecting content using the
                      # custom infoType
                      # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
                      # This facilitates reversal of the surrogate when it occurs in free text.
                      #
                      # In order for inspection to work properly, the name of this infoType must
                      # not occur naturally anywhere in your data; otherwise, inspection may
                      # find a surrogate that does not correspond to an actual identifier.
                      # Therefore, choose your custom infoType name carefully after considering
                      # what your data looks like. One way to select a name that has a high chance
                      # of yielding reliable detection is to include one or more unicode characters
                      # that are highly improbable to exist in your data.
                      # For example, assuming your data is entered from a regular ASCII keyboard,
                      # the symbol with the hex code point 29DD might be used like so:
                      # ⧝MY_TOKEN_TYPE
                    &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
                        # creating a CustomInfoType, or one of the names listed
                        # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
                        # a built-in type. InfoType names should conform to the pattern
                        # `[a-zA-Z0-9_]{1,64}`.
                  },
                  &quot;context&quot;: { # General identifier of a data field in a storage service. # The &#x27;tweak&#x27;, a context may be used for higher security since the same
                      # identifier in two different contexts won&#x27;t be given the same surrogate. If
                      # the context is not set, a default tweak will be used.
                      #
                      # If the context is set but:
                      #
                      # 1. there is no record present when transforming a given value or
                      # 1. the field is not present when transforming a given value,
                      #
                      # a default tweak will be used.
                      #
                      # Note that case (1) is expected when an `InfoTypeTransformation` is
                      # applied to both structured and non-structured `ContentItem`s.
                      # Currently, the referenced field may be of value type integer or string.
                      #
                      # The tweak is constructed as a sequence of bytes in big endian byte order
                      # such that:
                      #
                      # - a 64 bit integer is encoded followed by a single byte of value 1
                      # - a string is encoded in UTF-8 format followed by a single byte of value 2
                    &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
                  },
                  &quot;radix&quot;: 42, # The native way to select the alphabet. Must be in the range [2, 95].
                  &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Required. The key used by the encryption algorithm.
                      # a key encryption key (KEK) stored by KMS).
                      # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
                      # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
                      # unwrap the data crypto key.
                    &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
                        # The wrapped key must be a 128/192/256 bit key.
                        # Authorization requires the following IAM permissions when sending a request
                        # to perform a crypto transformation using a kms-wrapped crypto key:
                        # dlp.kms.encrypt
                      &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
                      &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
                    },
                    &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
                        # leaking the key. Choose another type of key if possible.
                      &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
                    },
                    &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
                        # It will be discarded after the request finishes.
                      &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
                          # This is an arbitrary string used to differentiate different keys.
                          # A unique key is generated per name: two separate `TransientCryptoKey`
                          # protos share the same generated key if their names are the same.
                          # When the data crypto key is generated, this name is not used in any way
                          # (repeating the api call will result in a different key being generated).
                    },
                  },
                },
                &quot;cryptoDeterministicConfig&quot;: { # Pseudonymization method that generates deterministic encryption for the given # Deterministic Crypto
                    # input. Outputs a base64 encoded representation of the encrypted output.
                    # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
                  &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
                      # This annotation will be applied to the surrogate by prefixing it with
                      # the name of the custom info type followed by the number of
                      # characters comprising the surrogate. The following scheme defines the
                      # format: {info type name}({surrogate character count}):{surrogate}
                      #
                      # For example, if the name of custom info type is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
                      # the surrogate is &#x27;abc&#x27;, the full replacement value
                      # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
                      #
                      # This annotation identifies the surrogate when inspecting content using the
                      # custom info type &#x27;Surrogate&#x27;. This facilitates reversal of the
                      # surrogate when it occurs in free text.
                      #
                      # Note: For record transformations where the entire cell in a table is being
                      # transformed, surrogates are not mandatory. Surrogates are used to denote
                      # the location of the token and are necessary for re-identification in free
                      # form text.
                      #
                      # In order for inspection to work properly, the name of this info type must
                      # not occur naturally anywhere in your data; otherwise, inspection may either
                      #
                      # - reverse a surrogate that does not correspond to an actual identifier
                      # - be unable to parse the surrogate and result in an error
                      #
                      # Therefore, choose your custom info type name carefully after considering
                      # what your data looks like. One way to select a name that has a high chance
                      # of yielding reliable detection is to include one or more unicode characters
                      # that are highly improbable to exist in your data.
                      # For example, assuming your data is entered from a regular ASCII keyboard,
                      # the symbol with the hex code point 29DD might be used like so:
                      # ⧝MY_TOKEN_TYPE.
                    &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
                        # creating a CustomInfoType, or one of the names listed
                        # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
                        # a built-in type. InfoType names should conform to the pattern
                        # `[a-zA-Z0-9_]{1,64}`.
                  },
                  &quot;context&quot;: { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
                      # referential integrity such that the same identifier in two different
                      # contexts will be given a distinct surrogate. The context is appended to
                      # plaintext value being encrypted. On decryption the provided context is
                      # validated against the value used during encryption. If a context was
                      # provided during encryption, same context must be provided during decryption
                      # as well.
                      #
                      # If the context is not set, plaintext would be used as is for encryption.
                      # If the context is set but:
                      #
                      # 1. there is no record present when transforming a given value or
                      # 2. the field is not present when transforming a given value,
                      #
                      # plaintext would be used as is for encryption.
                      #
                      # Note that case (1) is expected when an `InfoTypeTransformation` is
                      # applied to both structured and non-structured `ContentItem`s.
                    &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
                  },
                  &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
                      # a key encryption key (KEK) stored by KMS).
                      # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
                      # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
                      # unwrap the data crypto key.
                    &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
                        # The wrapped key must be a 128/192/256 bit key.
                        # Authorization requires the following IAM permissions when sending a request
                        # to perform a crypto transformation using a kms-wrapped crypto key:
                        # dlp.kms.encrypt
                      &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
                      &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
                    },
                    &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
                        # leaking the key. Choose another type of key if possible.
                      &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
                    },
                    &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
                        # It will be discarded after the request finishes.
                      &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
                          # This is an arbitrary string used to differentiate different keys.
                          # A unique key is generated per name: two separate `TransientCryptoKey`
                          # protos share the same generated key if their names are the same.
                          # When the data crypto key is generated, this name is not used in any way
                          # (repeating the api call will result in a different key being generated).
                    },
                  },
                },
                &quot;redactConfig&quot;: { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
                    # transforming PHONE_NUMBER, and input &#x27;My phone number is 206-555-0123&#x27;, the
                    # output would be &#x27;My phone number is &#x27;.
                },
                &quot;bucketingConfig&quot;: { # Generalization function that buckets values based on ranges. The ranges and # Bucketing
                    # replacement values are dynamically provided by the user for custom behavior,
                    # such as 1-30 -&gt; LOW 31-65 -&gt; MEDIUM 66-100 -&gt; HIGH
                    # This can be used on
                    # data of type: number, long, string, timestamp.
                    # If the bound `Value` type differs from the type of data being transformed, we
                    # will first attempt converting the type of the data to be transformed to match
                    # the type of the bound before comparing.
                    # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
                  &quot;buckets&quot;: [ # Set of buckets. Ranges must be non-overlapping.
                    { # Bucket is represented as a range, along with replacement values.
                      &quot;min&quot;: { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
                          # used.
                          # Note that for the purposes of inspection or transformation, the number
                          # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                          # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                          # 123456789, the number of bytes would be counted as 9, even though an
                          # int64 only holds up to 8 bytes of data.
                        &quot;booleanValue&quot;: True or False, # boolean
                        &quot;floatValue&quot;: 3.14, # float
                        &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                        &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                        &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                            # and time zone are either specified elsewhere or are not significant. The date
                            # is relative to the Proleptic Gregorian Calendar. This can represent:
                            #
                            # * A full date, with non-zero year, month and day values
                            # * A month and day value, with a zero year, e.g. an anniversary
                            # * A year on its own, with zero month and day values
                            # * A year and month value, with a zero day, e.g. a credit card expiration date
                            #
                            # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                          &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                              # a year.
                          &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                              # month and day.
                          &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                              # if specifying a year by itself or a year and month where the day is not
                              # significant.
                        },
                        &quot;stringValue&quot;: &quot;A String&quot;, # string
                        &quot;integerValue&quot;: &quot;A String&quot;, # integer
                        &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                            # or are specified elsewhere. An API may choose to allow leap seconds. Related
                            # types are google.type.Date and `google.protobuf.Timestamp`.
                          &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                              # allow the value 60 if it allows leap-seconds.
                          &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                          &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                              # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                          &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                        },
                      },
                      &quot;max&quot;: { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
                          # Note that for the purposes of inspection or transformation, the number
                          # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                          # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                          # 123456789, the number of bytes would be counted as 9, even though an
                          # int64 only holds up to 8 bytes of data.
                        &quot;booleanValue&quot;: True or False, # boolean
                        &quot;floatValue&quot;: 3.14, # float
                        &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                        &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                        &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                            # and time zone are either specified elsewhere or are not significant. The date
                            # is relative to the Proleptic Gregorian Calendar. This can represent:
                            #
                            # * A full date, with non-zero year, month and day values
                            # * A month and day value, with a zero year, e.g. an anniversary
                            # * A year on its own, with zero month and day values
                            # * A year and month value, with a zero day, e.g. a credit card expiration date
                            #
                            # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                          &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                              # a year.
                          &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                              # month and day.
                          &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                              # if specifying a year by itself or a year and month where the day is not
                              # significant.
                        },
                        &quot;stringValue&quot;: &quot;A String&quot;, # string
                        &quot;integerValue&quot;: &quot;A String&quot;, # integer
                        &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                            # or are specified elsewhere. An API may choose to allow leap seconds. Related
                            # types are google.type.Date and `google.protobuf.Timestamp`.
                          &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                              # allow the value 60 if it allows leap-seconds.
                          &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                          &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                              # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                          &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                        },
                      },
                      &quot;replacementValue&quot;: { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
                          # the default behavior will be to hyphenate the min-max range.
                          # Note that for the purposes of inspection or transformation, the number
                          # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                          # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                          # 123456789, the number of bytes would be counted as 9, even though an
                          # int64 only holds up to 8 bytes of data.
                        &quot;booleanValue&quot;: True or False, # boolean
                        &quot;floatValue&quot;: 3.14, # float
                        &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                        &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                        &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                            # and time zone are either specified elsewhere or are not significant. The date
                            # is relative to the Proleptic Gregorian Calendar. This can represent:
                            #
                            # * A full date, with non-zero year, month and day values
                            # * A month and day value, with a zero year, e.g. an anniversary
                            # * A year on its own, with zero month and day values
                            # * A year and month value, with a zero day, e.g. a credit card expiration date
                            #
                            # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                          &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                              # a year.
                          &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                              # month and day.
                          &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                              # if specifying a year by itself or a year and month where the day is not
                              # significant.
                        },
                        &quot;stringValue&quot;: &quot;A String&quot;, # string
                        &quot;integerValue&quot;: &quot;A String&quot;, # integer
                        &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                            # or are specified elsewhere. An API may choose to allow leap seconds. Related
                            # types are google.type.Date and `google.protobuf.Timestamp`.
                          &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                              # allow the value 60 if it allows leap-seconds.
                          &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                          &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                              # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                          &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                        },
                      },
                    },
                  ],
                },
                &quot;replaceConfig&quot;: { # Replace each input value with a given `Value`. # Replace
                  &quot;newValue&quot;: { # Set of primitive values supported by the system. # Value to replace it with.
                      # Note that for the purposes of inspection or transformation, the number
                      # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                      # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                      # 123456789, the number of bytes would be counted as 9, even though an
                      # int64 only holds up to 8 bytes of data.
                    &quot;booleanValue&quot;: True or False, # boolean
                    &quot;floatValue&quot;: 3.14, # float
                    &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                    &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                    &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                        # and time zone are either specified elsewhere or are not significant. The date
                        # is relative to the Proleptic Gregorian Calendar. This can represent:
                        #
                        # * A full date, with non-zero year, month and day values
                        # * A month and day value, with a zero year, e.g. an anniversary
                        # * A year on its own, with zero month and day values
                        # * A year and month value, with a zero day, e.g. a credit card expiration date
                        #
                        # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                      &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                          # a year.
                      &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                          # month and day.
                      &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                          # if specifying a year by itself or a year and month where the day is not
                          # significant.
                    },
                    &quot;stringValue&quot;: &quot;A String&quot;, # string
                    &quot;integerValue&quot;: &quot;A String&quot;, # integer
                    &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                        # or are specified elsewhere. An API may choose to allow leap seconds. Related
                        # types are google.type.Date and `google.protobuf.Timestamp`.
                      &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                          # allow the value 60 if it allows leap-seconds.
                      &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                      &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                          # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                      &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                    },
                  },
                },
                &quot;characterMaskConfig&quot;: { # Partially mask a string by replacing a given number of characters with a # Mask
                    # fixed character. Masking can start from the beginning or end of the string.
                    # This can be used on data of any type (numbers, longs, and so on) and when
                    # de-identifying structured data we&#x27;ll attempt to preserve the original data&#x27;s
                    # type. (This allows you to take a long like 123 and modify it to a string like
                    # **3.
                  &quot;reverseOrder&quot;: True or False, # Mask characters in reverse order. For example, if `masking_character` is
                      # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
                      # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
                      # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
                      # is `true`, then the string `12345` is masked as `12***`.
                  &quot;charactersToIgnore&quot;: [ # When masking a string, items in this list will be skipped when replacing
                      # characters. For example, if the input string is `555-555-5555` and you
                      # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
                      # returns `***-**5-5555`.
                    { # Characters to skip when doing deidentification of a value. These will be left
                        # alone and skipped.
                      &quot;charactersToSkip&quot;: &quot;A String&quot;, # Characters to not transform when masking.
                      &quot;commonCharactersToIgnore&quot;: &quot;A String&quot;, # Common characters to not transform when masking. Useful to avoid removing
                          # punctuation.
                    },
                  ],
                  &quot;numberToMask&quot;: 42, # Number of characters to mask. If not set, all matching chars will be
                      # masked. Skipped characters do not count towards this tally.
                  &quot;maskingCharacter&quot;: &quot;A String&quot;, # Character to use to mask the sensitive values&amp;mdash;for example, `*` for an
                      # alphabetic string such as a name, or `0` for a numeric string such as ZIP
                      # code or credit card number. This string must have a length of 1. If not
                      # supplied, this value defaults to `*` for strings, and `0` for digits.
                },
                &quot;fixedSizeBucketingConfig&quot;: { # Buckets values based on fixed size ranges. The # Fixed size bucketing
                    # Bucketing transformation can provide all of this functionality,
                    # but requires more configuration. This message is provided as a convenience to
                    # the user for simple bucketing strategies.
                    #
                    # The transformed value will be a hyphenated string of
                    # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
                    # all values that are within this bucket will be replaced with &quot;10-20&quot;.
                    #
                    # This can be used on data of type: double, long.
                    #
                    # If the bound Value type differs from the type of data
                    # being transformed, we will first attempt converting the type of the data to
                    # be transformed to match the type of the bound before comparing.
                    #
                    # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
                  &quot;lowerBound&quot;: { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
                      # grouped together into a single bucket; for example if `lower_bound` = 10,
                      # then all values less than 10 are replaced with the value &quot;-10&quot;.
                      # Note that for the purposes of inspection or transformation, the number
                      # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                      # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                      # 123456789, the number of bytes would be counted as 9, even though an
                      # int64 only holds up to 8 bytes of data.
                    &quot;booleanValue&quot;: True or False, # boolean
                    &quot;floatValue&quot;: 3.14, # float
                    &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                    &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                    &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                        # and time zone are either specified elsewhere or are not significant. The date
                        # is relative to the Proleptic Gregorian Calendar. This can represent:
                        #
                        # * A full date, with non-zero year, month and day values
                        # * A month and day value, with a zero year, e.g. an anniversary
                        # * A year on its own, with zero month and day values
                        # * A year and month value, with a zero day, e.g. a credit card expiration date
                        #
                        # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                      &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                          # a year.
                      &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                          # month and day.
                      &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                          # if specifying a year by itself or a year and month where the day is not
                          # significant.
                    },
                    &quot;stringValue&quot;: &quot;A String&quot;, # string
                    &quot;integerValue&quot;: &quot;A String&quot;, # integer
                    &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                        # or are specified elsewhere. An API may choose to allow leap seconds. Related
                        # types are google.type.Date and `google.protobuf.Timestamp`.
                      &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                          # allow the value 60 if it allows leap-seconds.
                      &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                      &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                          # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                      &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                    },
                  },
                  &quot;upperBound&quot;: { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
                      # grouped together into a single bucket; for example if `upper_bound` = 89,
                      # then all values greater than 89 are replaced with the value &quot;89+&quot;.
                      # Note that for the purposes of inspection or transformation, the number
                      # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                      # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                      # 123456789, the number of bytes would be counted as 9, even though an
                      # int64 only holds up to 8 bytes of data.
                    &quot;booleanValue&quot;: True or False, # boolean
                    &quot;floatValue&quot;: 3.14, # float
                    &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                    &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                    &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                        # and time zone are either specified elsewhere or are not significant. The date
                        # is relative to the Proleptic Gregorian Calendar. This can represent:
                        #
                        # * A full date, with non-zero year, month and day values
                        # * A month and day value, with a zero year, e.g. an anniversary
                        # * A year on its own, with zero month and day values
                        # * A year and month value, with a zero day, e.g. a credit card expiration date
                        #
                        # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                      &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                          # a year.
                      &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                          # month and day.
                      &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                          # if specifying a year by itself or a year and month where the day is not
                          # significant.
                    },
                    &quot;stringValue&quot;: &quot;A String&quot;, # string
                    &quot;integerValue&quot;: &quot;A String&quot;, # integer
                    &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                        # or are specified elsewhere. An API may choose to allow leap seconds. Related
                        # types are google.type.Date and `google.protobuf.Timestamp`.
                      &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                          # allow the value 60 if it allows leap-seconds.
                      &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                      &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                          # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                      &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                    },
                  },
                  &quot;bucketSize&quot;: 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
                      # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
                      # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
                      # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
                },
              },
              &quot;condition&quot;: { # A condition for determining whether a transformation should be applied to # Only apply the transformation if the condition evaluates to true for the
                  # given `RecordCondition`. The conditions are allowed to reference fields
                  # that are not used in the actual transformation.
                  #
                  # Example Use Cases:
                  #
                  # - Apply a different bucket transformation to an age column if the zip code
                  # column for the same record is within a specific range.
                  # - Redact a field if the date of birth field is greater than 85.
                  # a field.
                &quot;expressions&quot;: { # An expression, consisting or an operator and conditions. # An expression.
                  &quot;logicalOperator&quot;: &quot;A String&quot;, # The operator to apply to the result of conditions. Default and currently
                      # only supported value is `AND`.
                  &quot;conditions&quot;: { # A collection of conditions. # Conditions to apply to the expression.
                    &quot;conditions&quot;: [ # A collection of conditions.
                      { # The field type of `value` and `field` do not need to match to be
                          # considered equal, but not all comparisons are possible.
                          # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types,
                          # but all other comparisons are invalid with incompatible types.
                          # A `value` of type:
                          #
                          # - `string` can be compared against all other types
                          # - `boolean` can only be compared against other booleans
                          # - `integer` can be compared against doubles or a string if the string value
                          # can be parsed as an integer.
                          # - `double` can be compared against integers or a string if the string can
                          # be parsed as a double.
                          # - `Timestamp` can be compared against strings in RFC 3339 date string
                          # format.
                          # - `TimeOfDay` can be compared against timestamps and strings in the format
                          # of &#x27;HH:mm:ss&#x27;.
                          #
                          # If we fail to compare do to type mismatch, a warning will be given and
                          # the condition will evaluate to false.
                        &quot;field&quot;: { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.
                          &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
                        },
                        &quot;operator&quot;: &quot;A String&quot;, # Required. Operator used to compare the field or infoType to the value.
                        &quot;value&quot;: { # Set of primitive values supported by the system. # Value to compare against. [Mandatory, except for `EXISTS` tests.]
                            # Note that for the purposes of inspection or transformation, the number
                            # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                            # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                            # 123456789, the number of bytes would be counted as 9, even though an
                            # int64 only holds up to 8 bytes of data.
                          &quot;booleanValue&quot;: True or False, # boolean
                          &quot;floatValue&quot;: 3.14, # float
                          &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                          &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                          &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                              # and time zone are either specified elsewhere or are not significant. The date
                              # is relative to the Proleptic Gregorian Calendar. This can represent:
                              #
                              # * A full date, with non-zero year, month and day values
                              # * A month and day value, with a zero year, e.g. an anniversary
                              # * A year on its own, with zero month and day values
                              # * A year and month value, with a zero day, e.g. a credit card expiration date
                              #
                              # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                            &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                                # a year.
                            &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                                # month and day.
                            &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                                # if specifying a year by itself or a year and month where the day is not
                                # significant.
                          },
                          &quot;stringValue&quot;: &quot;A String&quot;, # string
                          &quot;integerValue&quot;: &quot;A String&quot;, # integer
                          &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                              # or are specified elsewhere. An API may choose to allow leap seconds. Related
                              # types are google.type.Date and `google.protobuf.Timestamp`.
                            &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                                # allow the value 60 if it allows leap-seconds.
                            &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                            &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                                # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                            &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                          },
                        },
                      },
                    ],
                  },
                },
              },
            },
          ],
          &quot;field&quot;: { # General identifier of a data field in a storage service. # Set if the transformation was limited to a specific FieldId.
            &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
          },
          &quot;transformation&quot;: { # A rule for transforming a value. # The specific transformation these stats apply to.
            &quot;timePartConfig&quot;: { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
                # portion of the value.
              &quot;partToExtract&quot;: &quot;A String&quot;, # The part of the time to keep.
            },
            &quot;dateShiftConfig&quot;: { # Shifts dates by random number of days, with option to be consistent for the # Date Shift
                # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
                # to learn more.
              &quot;context&quot;: { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id.
                  # If set, must also set cryptoKey. If set, shift will be consistent for the
                  # given context.
                &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
              },
              &quot;upperBoundDays&quot;: 42, # Required. Range of shift in days. Actual shift will be selected at random within this
                  # range (inclusive ends). Negative means shift to earlier in time. Must not
                  # be more than 365250 days (1000 years) each direction.
                  #
                  # For example, 3 means shift date to at most 3 days into the future.
              &quot;lowerBoundDays&quot;: 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
              &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
                  # results in the same shift for the same context and crypto_key. If
                  # set, must also set context. Can only be applied to table items.
                  # a key encryption key (KEK) stored by KMS).
                  # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
                  # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
                  # unwrap the data crypto key.
                &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
                    # The wrapped key must be a 128/192/256 bit key.
                    # Authorization requires the following IAM permissions when sending a request
                    # to perform a crypto transformation using a kms-wrapped crypto key:
                    # dlp.kms.encrypt
                  &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
                  &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
                },
                &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
                    # leaking the key. Choose another type of key if possible.
                  &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
                },
                &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
                    # It will be discarded after the request finishes.
                  &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
                      # This is an arbitrary string used to differentiate different keys.
                      # A unique key is generated per name: two separate `TransientCryptoKey`
                      # protos share the same generated key if their names are the same.
                      # When the data crypto key is generated, this name is not used in any way
                      # (repeating the api call will result in a different key being generated).
                },
              },
            },
            &quot;replaceWithInfoTypeConfig&quot;: { # Replace each matching finding with the name of the info_type. # Replace with infotype
            },
            &quot;cryptoHashConfig&quot;: { # Pseudonymization method that generates surrogates via cryptographic hashing. # Crypto
                # Uses SHA-256.
                # The key size must be either 32 or 64 bytes.
                # Outputs a base64 encoded representation of the hashed output
                # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).
                # Currently, only string and integer values can be hashed.
                # See https://cloud.google.com/dlp/docs/pseudonymization to learn more.
              &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function.
                  # a key encryption key (KEK) stored by KMS).
                  # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
                  # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
                  # unwrap the data crypto key.
                &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
                    # The wrapped key must be a 128/192/256 bit key.
                    # Authorization requires the following IAM permissions when sending a request
                    # to perform a crypto transformation using a kms-wrapped crypto key:
                    # dlp.kms.encrypt
                  &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
                  &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
                },
                &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
                    # leaking the key. Choose another type of key if possible.
                  &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
                },
                &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
                    # It will be discarded after the request finishes.
                  &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
                      # This is an arbitrary string used to differentiate different keys.
                      # A unique key is generated per name: two separate `TransientCryptoKey`
                      # protos share the same generated key if their names are the same.
                      # When the data crypto key is generated, this name is not used in any way
                      # (repeating the api call will result in a different key being generated).
                },
              },
            },
            &quot;cryptoReplaceFfxFpeConfig&quot;: { # Replaces an identifier with a surrogate using Format Preserving Encryption # Ffx-Fpe
                # (FPE) with the FFX mode of operation; however when used in the
                # `ReidentifyContent` API method, it serves the opposite function by reversing
                # the surrogate back into the original identifier. The identifier must be
                # encoded as ASCII. For a given crypto key and context, the same identifier
                # will be replaced with the same surrogate. Identifiers must be at least two
                # characters long. In the case that the identifier is the empty string, it will
                # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn
                # more.
                #
                # Note: We recommend using  CryptoDeterministicConfig for all use cases which
                # do not require preserving the input alphabet space and size, plus warrant
                # referential integrity.
              &quot;customAlphabet&quot;: &quot;A String&quot;, # This is supported by mapping these to the alphanumeric characters
                  # that the FFX mode natively supports. This happens before/after
                  # encryption/decryption.
                  # Each character listed must appear only once.
                  # Number of characters must be in the range [2, 95].
                  # This must be encoded as ASCII.
                  # The order of characters does not matter.
              &quot;commonAlphabet&quot;: &quot;A String&quot;, # Common alphabets.
              &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom infoType to annotate the surrogate with.
                  # This annotation will be applied to the surrogate by prefixing it with
                  # the name of the custom infoType followed by the number of
                  # characters comprising the surrogate. The following scheme defines the
                  # format: info_type_name(surrogate_character_count):surrogate
                  #
                  # For example, if the name of custom infoType is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
                  # the surrogate is &#x27;abc&#x27;, the full replacement value
                  # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
                  #
                  # This annotation identifies the surrogate when inspecting content using the
                  # custom infoType
                  # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
                  # This facilitates reversal of the surrogate when it occurs in free text.
                  #
                  # In order for inspection to work properly, the name of this infoType must
                  # not occur naturally anywhere in your data; otherwise, inspection may
                  # find a surrogate that does not correspond to an actual identifier.
                  # Therefore, choose your custom infoType name carefully after considering
                  # what your data looks like. One way to select a name that has a high chance
                  # of yielding reliable detection is to include one or more unicode characters
                  # that are highly improbable to exist in your data.
                  # For example, assuming your data is entered from a regular ASCII keyboard,
                  # the symbol with the hex code point 29DD might be used like so:
                  # ⧝MY_TOKEN_TYPE
                &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
                    # creating a CustomInfoType, or one of the names listed
                    # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
                    # a built-in type. InfoType names should conform to the pattern
                    # `[a-zA-Z0-9_]{1,64}`.
              },
              &quot;context&quot;: { # General identifier of a data field in a storage service. # The &#x27;tweak&#x27;, a context may be used for higher security since the same
                  # identifier in two different contexts won&#x27;t be given the same surrogate. If
                  # the context is not set, a default tweak will be used.
                  #
                  # If the context is set but:
                  #
                  # 1. there is no record present when transforming a given value or
                  # 1. the field is not present when transforming a given value,
                  #
                  # a default tweak will be used.
                  #
                  # Note that case (1) is expected when an `InfoTypeTransformation` is
                  # applied to both structured and non-structured `ContentItem`s.
                  # Currently, the referenced field may be of value type integer or string.
                  #
                  # The tweak is constructed as a sequence of bytes in big endian byte order
                  # such that:
                  #
                  # - a 64 bit integer is encoded followed by a single byte of value 1
                  # - a string is encoded in UTF-8 format followed by a single byte of value 2
                &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
              },
              &quot;radix&quot;: 42, # The native way to select the alphabet. Must be in the range [2, 95].
              &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Required. The key used by the encryption algorithm.
                  # a key encryption key (KEK) stored by KMS).
                  # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
                  # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
                  # unwrap the data crypto key.
                &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
                    # The wrapped key must be a 128/192/256 bit key.
                    # Authorization requires the following IAM permissions when sending a request
                    # to perform a crypto transformation using a kms-wrapped crypto key:
                    # dlp.kms.encrypt
                  &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
                  &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
                },
                &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
                    # leaking the key. Choose another type of key if possible.
                  &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
                },
                &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
                    # It will be discarded after the request finishes.
                  &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
                      # This is an arbitrary string used to differentiate different keys.
                      # A unique key is generated per name: two separate `TransientCryptoKey`
                      # protos share the same generated key if their names are the same.
                      # When the data crypto key is generated, this name is not used in any way
                      # (repeating the api call will result in a different key being generated).
                },
              },
            },
            &quot;cryptoDeterministicConfig&quot;: { # Pseudonymization method that generates deterministic encryption for the given # Deterministic Crypto
                # input. Outputs a base64 encoded representation of the encrypted output.
                # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
              &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
                  # This annotation will be applied to the surrogate by prefixing it with
                  # the name of the custom info type followed by the number of
                  # characters comprising the surrogate. The following scheme defines the
                  # format: {info type name}({surrogate character count}):{surrogate}
                  #
                  # For example, if the name of custom info type is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
                  # the surrogate is &#x27;abc&#x27;, the full replacement value
                  # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
                  #
                  # This annotation identifies the surrogate when inspecting content using the
                  # custom info type &#x27;Surrogate&#x27;. This facilitates reversal of the
                  # surrogate when it occurs in free text.
                  #
                  # Note: For record transformations where the entire cell in a table is being
                  # transformed, surrogates are not mandatory. Surrogates are used to denote
                  # the location of the token and are necessary for re-identification in free
                  # form text.
                  #
                  # In order for inspection to work properly, the name of this info type must
                  # not occur naturally anywhere in your data; otherwise, inspection may either
                  #
                  # - reverse a surrogate that does not correspond to an actual identifier
                  # - be unable to parse the surrogate and result in an error
                  #
                  # Therefore, choose your custom info type name carefully after considering
                  # what your data looks like. One way to select a name that has a high chance
                  # of yielding reliable detection is to include one or more unicode characters
                  # that are highly improbable to exist in your data.
                  # For example, assuming your data is entered from a regular ASCII keyboard,
                  # the symbol with the hex code point 29DD might be used like so:
                  # ⧝MY_TOKEN_TYPE.
                &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
                    # creating a CustomInfoType, or one of the names listed
                    # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
                    # a built-in type. InfoType names should conform to the pattern
                    # `[a-zA-Z0-9_]{1,64}`.
              },
              &quot;context&quot;: { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
                  # referential integrity such that the same identifier in two different
                  # contexts will be given a distinct surrogate. The context is appended to
                  # plaintext value being encrypted. On decryption the provided context is
                  # validated against the value used during encryption. If a context was
                  # provided during encryption, same context must be provided during decryption
                  # as well.
                  #
                  # If the context is not set, plaintext would be used as is for encryption.
                  # If the context is set but:
                  #
                  # 1. there is no record present when transforming a given value or
                  # 2. the field is not present when transforming a given value,
                  #
                  # plaintext would be used as is for encryption.
                  #
                  # Note that case (1) is expected when an `InfoTypeTransformation` is
                  # applied to both structured and non-structured `ContentItem`s.
                &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
              },
              &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
                  # a key encryption key (KEK) stored by KMS).
                  # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
                  # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
                  # unwrap the data crypto key.
                &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
                    # The wrapped key must be a 128/192/256 bit key.
                    # Authorization requires the following IAM permissions when sending a request
                    # to perform a crypto transformation using a kms-wrapped crypto key:
                    # dlp.kms.encrypt
                  &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
                  &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
                },
                &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
                    # leaking the key. Choose another type of key if possible.
                  &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
                },
                &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
                    # It will be discarded after the request finishes.
                  &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
                      # This is an arbitrary string used to differentiate different keys.
                      # A unique key is generated per name: two separate `TransientCryptoKey`
                      # protos share the same generated key if their names are the same.
                      # When the data crypto key is generated, this name is not used in any way
                      # (repeating the api call will result in a different key being generated).
                },
              },
            },
            &quot;redactConfig&quot;: { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
                # transforming PHONE_NUMBER, and input &#x27;My phone number is 206-555-0123&#x27;, the
                # output would be &#x27;My phone number is &#x27;.
            },
            &quot;bucketingConfig&quot;: { # Generalization function that buckets values based on ranges. The ranges and # Bucketing
                # replacement values are dynamically provided by the user for custom behavior,
                # such as 1-30 -&gt; LOW 31-65 -&gt; MEDIUM 66-100 -&gt; HIGH
                # This can be used on
                # data of type: number, long, string, timestamp.
                # If the bound `Value` type differs from the type of data being transformed, we
                # will first attempt converting the type of the data to be transformed to match
                # the type of the bound before comparing.
                # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
              &quot;buckets&quot;: [ # Set of buckets. Ranges must be non-overlapping.
                { # Bucket is represented as a range, along with replacement values.
                  &quot;min&quot;: { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
                      # used.
                      # Note that for the purposes of inspection or transformation, the number
                      # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                      # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                      # 123456789, the number of bytes would be counted as 9, even though an
                      # int64 only holds up to 8 bytes of data.
                    &quot;booleanValue&quot;: True or False, # boolean
                    &quot;floatValue&quot;: 3.14, # float
                    &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                    &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                    &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                        # and time zone are either specified elsewhere or are not significant. The date
                        # is relative to the Proleptic Gregorian Calendar. This can represent:
                        #
                        # * A full date, with non-zero year, month and day values
                        # * A month and day value, with a zero year, e.g. an anniversary
                        # * A year on its own, with zero month and day values
                        # * A year and month value, with a zero day, e.g. a credit card expiration date
                        #
                        # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                      &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                          # a year.
                      &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                          # month and day.
                      &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                          # if specifying a year by itself or a year and month where the day is not
                          # significant.
                    },
                    &quot;stringValue&quot;: &quot;A String&quot;, # string
                    &quot;integerValue&quot;: &quot;A String&quot;, # integer
                    &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                        # or are specified elsewhere. An API may choose to allow leap seconds. Related
                        # types are google.type.Date and `google.protobuf.Timestamp`.
                      &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                          # allow the value 60 if it allows leap-seconds.
                      &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                      &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                          # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                      &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                    },
                  },
                  &quot;max&quot;: { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
                      # Note that for the purposes of inspection or transformation, the number
                      # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                      # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                      # 123456789, the number of bytes would be counted as 9, even though an
                      # int64 only holds up to 8 bytes of data.
                    &quot;booleanValue&quot;: True or False, # boolean
                    &quot;floatValue&quot;: 3.14, # float
                    &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                    &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                    &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                        # and time zone are either specified elsewhere or are not significant. The date
                        # is relative to the Proleptic Gregorian Calendar. This can represent:
                        #
                        # * A full date, with non-zero year, month and day values
                        # * A month and day value, with a zero year, e.g. an anniversary
                        # * A year on its own, with zero month and day values
                        # * A year and month value, with a zero day, e.g. a credit card expiration date
                        #
                        # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                      &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                          # a year.
                      &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                          # month and day.
                      &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                          # if specifying a year by itself or a year and month where the day is not
                          # significant.
                    },
                    &quot;stringValue&quot;: &quot;A String&quot;, # string
                    &quot;integerValue&quot;: &quot;A String&quot;, # integer
                    &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                        # or are specified elsewhere. An API may choose to allow leap seconds. Related
                        # types are google.type.Date and `google.protobuf.Timestamp`.
                      &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                          # allow the value 60 if it allows leap-seconds.
                      &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                      &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                          # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                      &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                    },
                  },
                  &quot;replacementValue&quot;: { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
                      # the default behavior will be to hyphenate the min-max range.
                      # Note that for the purposes of inspection or transformation, the number
                      # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                      # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                      # 123456789, the number of bytes would be counted as 9, even though an
                      # int64 only holds up to 8 bytes of data.
                    &quot;booleanValue&quot;: True or False, # boolean
                    &quot;floatValue&quot;: 3.14, # float
                    &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                    &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                    &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                        # and time zone are either specified elsewhere or are not significant. The date
                        # is relative to the Proleptic Gregorian Calendar. This can represent:
                        #
                        # * A full date, with non-zero year, month and day values
                        # * A month and day value, with a zero year, e.g. an anniversary
                        # * A year on its own, with zero month and day values
                        # * A year and month value, with a zero day, e.g. a credit card expiration date
                        #
                        # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                      &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                          # a year.
                      &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                          # month and day.
                      &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                          # if specifying a year by itself or a year and month where the day is not
                          # significant.
                    },
                    &quot;stringValue&quot;: &quot;A String&quot;, # string
                    &quot;integerValue&quot;: &quot;A String&quot;, # integer
                    &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                        # or are specified elsewhere. An API may choose to allow leap seconds. Related
                        # types are google.type.Date and `google.protobuf.Timestamp`.
                      &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                          # allow the value 60 if it allows leap-seconds.
                      &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                      &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                          # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                      &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                    },
                  },
                },
              ],
            },
            &quot;replaceConfig&quot;: { # Replace each input value with a given `Value`. # Replace
              &quot;newValue&quot;: { # Set of primitive values supported by the system. # Value to replace it with.
                  # Note that for the purposes of inspection or transformation, the number
                  # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                  # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                  # 123456789, the number of bytes would be counted as 9, even though an
                  # int64 only holds up to 8 bytes of data.
                &quot;booleanValue&quot;: True or False, # boolean
                &quot;floatValue&quot;: 3.14, # float
                &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                    # and time zone are either specified elsewhere or are not significant. The date
                    # is relative to the Proleptic Gregorian Calendar. This can represent:
                    #
                    # * A full date, with non-zero year, month and day values
                    # * A month and day value, with a zero year, e.g. an anniversary
                    # * A year on its own, with zero month and day values
                    # * A year and month value, with a zero day, e.g. a credit card expiration date
                    #
                    # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                  &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                      # a year.
                  &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                      # month and day.
                  &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                      # if specifying a year by itself or a year and month where the day is not
                      # significant.
                },
                &quot;stringValue&quot;: &quot;A String&quot;, # string
                &quot;integerValue&quot;: &quot;A String&quot;, # integer
                &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                    # or are specified elsewhere. An API may choose to allow leap seconds. Related
                    # types are google.type.Date and `google.protobuf.Timestamp`.
                  &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                      # allow the value 60 if it allows leap-seconds.
                  &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                  &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                      # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                  &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                },
              },
            },
            &quot;characterMaskConfig&quot;: { # Partially mask a string by replacing a given number of characters with a # Mask
                # fixed character. Masking can start from the beginning or end of the string.
                # This can be used on data of any type (numbers, longs, and so on) and when
                # de-identifying structured data we&#x27;ll attempt to preserve the original data&#x27;s
                # type. (This allows you to take a long like 123 and modify it to a string like
                # **3.
              &quot;reverseOrder&quot;: True or False, # Mask characters in reverse order. For example, if `masking_character` is
                  # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
                  # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
                  # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
                  # is `true`, then the string `12345` is masked as `12***`.
              &quot;charactersToIgnore&quot;: [ # When masking a string, items in this list will be skipped when replacing
                  # characters. For example, if the input string is `555-555-5555` and you
                  # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
                  # returns `***-**5-5555`.
                { # Characters to skip when doing deidentification of a value. These will be left
                    # alone and skipped.
                  &quot;charactersToSkip&quot;: &quot;A String&quot;, # Characters to not transform when masking.
                  &quot;commonCharactersToIgnore&quot;: &quot;A String&quot;, # Common characters to not transform when masking. Useful to avoid removing
                      # punctuation.
                },
              ],
              &quot;numberToMask&quot;: 42, # Number of characters to mask. If not set, all matching chars will be
                  # masked. Skipped characters do not count towards this tally.
              &quot;maskingCharacter&quot;: &quot;A String&quot;, # Character to use to mask the sensitive values&amp;mdash;for example, `*` for an
                  # alphabetic string such as a name, or `0` for a numeric string such as ZIP
                  # code or credit card number. This string must have a length of 1. If not
                  # supplied, this value defaults to `*` for strings, and `0` for digits.
            },
            &quot;fixedSizeBucketingConfig&quot;: { # Buckets values based on fixed size ranges. The # Fixed size bucketing
                # Bucketing transformation can provide all of this functionality,
                # but requires more configuration. This message is provided as a convenience to
                # the user for simple bucketing strategies.
                #
                # The transformed value will be a hyphenated string of
                # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
                # all values that are within this bucket will be replaced with &quot;10-20&quot;.
                #
                # This can be used on data of type: double, long.
                #
                # If the bound Value type differs from the type of data
                # being transformed, we will first attempt converting the type of the data to
                # be transformed to match the type of the bound before comparing.
                #
                # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
              &quot;lowerBound&quot;: { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
                  # grouped together into a single bucket; for example if `lower_bound` = 10,
                  # then all values less than 10 are replaced with the value &quot;-10&quot;.
                  # Note that for the purposes of inspection or transformation, the number
                  # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                  # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                  # 123456789, the number of bytes would be counted as 9, even though an
                  # int64 only holds up to 8 bytes of data.
                &quot;booleanValue&quot;: True or False, # boolean
                &quot;floatValue&quot;: 3.14, # float
                &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                    # and time zone are either specified elsewhere or are not significant. The date
                    # is relative to the Proleptic Gregorian Calendar. This can represent:
                    #
                    # * A full date, with non-zero year, month and day values
                    # * A month and day value, with a zero year, e.g. an anniversary
                    # * A year on its own, with zero month and day values
                    # * A year and month value, with a zero day, e.g. a credit card expiration date
                    #
                    # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                  &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                      # a year.
                  &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                      # month and day.
                  &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                      # if specifying a year by itself or a year and month where the day is not
                      # significant.
                },
                &quot;stringValue&quot;: &quot;A String&quot;, # string
                &quot;integerValue&quot;: &quot;A String&quot;, # integer
                &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                    # or are specified elsewhere. An API may choose to allow leap seconds. Related
                    # types are google.type.Date and `google.protobuf.Timestamp`.
                  &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                      # allow the value 60 if it allows leap-seconds.
                  &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                  &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                      # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                  &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                },
              },
              &quot;upperBound&quot;: { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
                  # grouped together into a single bucket; for example if `upper_bound` = 89,
                  # then all values greater than 89 are replaced with the value &quot;89+&quot;.
                  # Note that for the purposes of inspection or transformation, the number
                  # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                  # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                  # 123456789, the number of bytes would be counted as 9, even though an
                  # int64 only holds up to 8 bytes of data.
                &quot;booleanValue&quot;: True or False, # boolean
                &quot;floatValue&quot;: 3.14, # float
                &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                    # and time zone are either specified elsewhere or are not significant. The date
                    # is relative to the Proleptic Gregorian Calendar. This can represent:
                    #
                    # * A full date, with non-zero year, month and day values
                    # * A month and day value, with a zero year, e.g. an anniversary
                    # * A year on its own, with zero month and day values
                    # * A year and month value, with a zero day, e.g. a credit card expiration date
                    #
                    # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                  &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                      # a year.
                  &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                      # month and day.
                  &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                      # if specifying a year by itself or a year and month where the day is not
                      # significant.
                },
                &quot;stringValue&quot;: &quot;A String&quot;, # string
                &quot;integerValue&quot;: &quot;A String&quot;, # integer
                &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                    # or are specified elsewhere. An API may choose to allow leap seconds. Related
                    # types are google.type.Date and `google.protobuf.Timestamp`.
                  &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                      # allow the value 60 if it allows leap-seconds.
                  &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                  &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                      # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                  &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                },
              },
              &quot;bucketSize&quot;: 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
                  # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
                  # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
                  # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
            },
          },
          &quot;transformedBytes&quot;: &quot;A String&quot;, # Total size in bytes that were transformed in some way.
          &quot;recordSuppress&quot;: { # Configuration to suppress records whose suppression conditions evaluate to # The specific suppression option these stats apply to.
              # true.
            &quot;condition&quot;: { # A condition for determining whether a transformation should be applied to # A condition that when it evaluates to true will result in the record being
                # evaluated to be suppressed from the transformed content.
                # a field.
              &quot;expressions&quot;: { # An expression, consisting or an operator and conditions. # An expression.
                &quot;logicalOperator&quot;: &quot;A String&quot;, # The operator to apply to the result of conditions. Default and currently
                    # only supported value is `AND`.
                &quot;conditions&quot;: { # A collection of conditions. # Conditions to apply to the expression.
                  &quot;conditions&quot;: [ # A collection of conditions.
                    { # The field type of `value` and `field` do not need to match to be
                        # considered equal, but not all comparisons are possible.
                        # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types,
                        # but all other comparisons are invalid with incompatible types.
                        # A `value` of type:
                        #
                        # - `string` can be compared against all other types
                        # - `boolean` can only be compared against other booleans
                        # - `integer` can be compared against doubles or a string if the string value
                        # can be parsed as an integer.
                        # - `double` can be compared against integers or a string if the string can
                        # be parsed as a double.
                        # - `Timestamp` can be compared against strings in RFC 3339 date string
                        # format.
                        # - `TimeOfDay` can be compared against timestamps and strings in the format
                        # of &#x27;HH:mm:ss&#x27;.
                        #
                        # If we fail to compare do to type mismatch, a warning will be given and
                        # the condition will evaluate to false.
                      &quot;field&quot;: { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.
                        &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
                      },
                      &quot;operator&quot;: &quot;A String&quot;, # Required. Operator used to compare the field or infoType to the value.
                      &quot;value&quot;: { # Set of primitive values supported by the system. # Value to compare against. [Mandatory, except for `EXISTS` tests.]
                          # Note that for the purposes of inspection or transformation, the number
                          # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                          # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                          # 123456789, the number of bytes would be counted as 9, even though an
                          # int64 only holds up to 8 bytes of data.
                        &quot;booleanValue&quot;: True or False, # boolean
                        &quot;floatValue&quot;: 3.14, # float
                        &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                        &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                        &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                            # and time zone are either specified elsewhere or are not significant. The date
                            # is relative to the Proleptic Gregorian Calendar. This can represent:
                            #
                            # * A full date, with non-zero year, month and day values
                            # * A month and day value, with a zero year, e.g. an anniversary
                            # * A year on its own, with zero month and day values
                            # * A year and month value, with a zero day, e.g. a credit card expiration date
                            #
                            # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                          &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                              # a year.
                          &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                              # month and day.
                          &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                              # if specifying a year by itself or a year and month where the day is not
                              # significant.
                        },
                        &quot;stringValue&quot;: &quot;A String&quot;, # string
                        &quot;integerValue&quot;: &quot;A String&quot;, # integer
                        &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                            # or are specified elsewhere. An API may choose to allow leap seconds. Related
                            # types are google.type.Date and `google.protobuf.Timestamp`.
                          &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                              # allow the value 60 if it allows leap-seconds.
                          &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                          &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                              # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                          &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                        },
                      },
                    },
                  ],
                },
              },
            },
          },
          &quot;infoType&quot;: { # Type of information detected by the API. # Set if the transformation was limited to a specific InfoType.
            &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
                # creating a CustomInfoType, or one of the names listed
                # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
                # a built-in type. InfoType names should conform to the pattern
                # `[a-zA-Z0-9_]{1,64}`.
          },
          &quot;results&quot;: [ # Collection of all transformations that took place or had an error.
            { # A collection that informs the user the number of times a particular
                # `TransformationResultCode` and error details occurred.
              &quot;code&quot;: &quot;A String&quot;, # Outcome of the transformation.
              &quot;count&quot;: &quot;A String&quot;, # Number of transformations counted by this result.
              &quot;details&quot;: &quot;A String&quot;, # A place for warnings or errors to show up if a transformation didn&#x27;t
                  # work as expected.
            },
          ],
        },
      ],
      &quot;transformedBytes&quot;: &quot;A String&quot;, # Total size in bytes that were transformed in some way.
    },
  }</pre>
</div>

<div class="method">
    <code class="details" id="inspect">inspect(parent, body=None, x__xgafv=None)</code>
  <pre>Finds potentially sensitive info in content.
This method has limits on input size, processing time, and output size.

When no InfoTypes or CustomInfoTypes are specified in this request, the
system will automatically choose what detectors to run. By default this may
be all types, but may change over time as detectors are updated.

For how to guides, see https://cloud.google.com/dlp/docs/inspecting-images
and https://cloud.google.com/dlp/docs/inspecting-text,

Args:
  parent: string, The parent resource name, for example projects/my-project-id. (required)
  body: object, The request body.
    The object takes the form of:

{ # Request to search for potentially sensitive info in a ContentItem.
    &quot;item&quot;: { # Container structure for the content to inspect. # The item to inspect.
      &quot;byteItem&quot;: { # Container for bytes to inspect or redact. # Content data to inspect or redact. Replaces `type` and `data`.
        &quot;type&quot;: &quot;A String&quot;, # The type of data stored in the bytes string. Default will be TEXT_UTF8.
        &quot;data&quot;: &quot;A String&quot;, # Content data to inspect or redact.
      },
      &quot;value&quot;: &quot;A String&quot;, # String data to inspect or redact.
      &quot;table&quot;: { # Structured content to inspect. Up to 50,000 `Value`s per request allowed. # Structured content for inspection. See
          # https://cloud.google.com/dlp/docs/inspecting-text#inspecting_a_table to
          # learn more.
          # See https://cloud.google.com/dlp/docs/inspecting-text#inspecting_a_table to
          # learn more.
        &quot;rows&quot;: [ # Rows of the table.
          { # Values of the row.
            &quot;values&quot;: [ # Individual cells.
              { # Set of primitive values supported by the system.
                  # Note that for the purposes of inspection or transformation, the number
                  # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                  # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                  # 123456789, the number of bytes would be counted as 9, even though an
                  # int64 only holds up to 8 bytes of data.
                &quot;booleanValue&quot;: True or False, # boolean
                &quot;floatValue&quot;: 3.14, # float
                &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                    # and time zone are either specified elsewhere or are not significant. The date
                    # is relative to the Proleptic Gregorian Calendar. This can represent:
                    #
                    # * A full date, with non-zero year, month and day values
                    # * A month and day value, with a zero year, e.g. an anniversary
                    # * A year on its own, with zero month and day values
                    # * A year and month value, with a zero day, e.g. a credit card expiration date
                    #
                    # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                  &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                      # a year.
                  &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                      # month and day.
                  &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                      # if specifying a year by itself or a year and month where the day is not
                      # significant.
                },
                &quot;stringValue&quot;: &quot;A String&quot;, # string
                &quot;integerValue&quot;: &quot;A String&quot;, # integer
                &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                    # or are specified elsewhere. An API may choose to allow leap seconds. Related
                    # types are google.type.Date and `google.protobuf.Timestamp`.
                  &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                      # allow the value 60 if it allows leap-seconds.
                  &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                  &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                      # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                  &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                },
              },
            ],
          },
        ],
        &quot;headers&quot;: [ # Headers of the table.
          { # General identifier of a data field in a storage service.
            &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
          },
        ],
      },
    },
    &quot;inspectTemplateName&quot;: &quot;A String&quot;, # Template to use. Any configuration directly specified in
        # inspect_config will override those set in the template. Singular fields
        # that are set in this request will replace their corresponding fields in the
        # template. Repeated fields are appended. Singular sub-messages and groups
        # are recursively merged.
    &quot;inspectConfig&quot;: { # Configuration description of the scanning process. # Configuration for the inspector. What specified here will override
        # the template referenced by the inspect_template_name argument.
        # When used with redactContent only info_types and min_likelihood are currently
        # used.
      &quot;includeQuote&quot;: True or False, # When true, a contextual quote from the data that triggered a finding is
          # included in the response; see Finding.quote.
      &quot;ruleSet&quot;: [ # Set of rules to apply to the findings for this InspectConfig.
          # Exclusion rules, contained in the set are executed in the end, other
          # rules are executed in the order they are specified for each info type.
        { # Rule set for modifying a set of infoTypes to alter behavior under certain
            # circumstances, depending on the specific details of the rules within the set.
          &quot;infoTypes&quot;: [ # List of infoTypes this rule set is applied to.
            { # Type of information detected by the API.
              &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
                  # creating a CustomInfoType, or one of the names listed
                  # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
                  # a built-in type. InfoType names should conform to the pattern
                  # `[a-zA-Z0-9_]{1,64}`.
            },
          ],
          &quot;rules&quot;: [ # Set of rules to be applied to infoTypes. The rules are applied in order.
            { # A single inspection rule to be applied to infoTypes, specified in
                # `InspectionRuleSet`.
              &quot;hotwordRule&quot;: { # The rule that adjusts the likelihood of findings within a certain # Hotword-based detection rule.
                  # proximity of hotwords.
                &quot;likelihoodAdjustment&quot;: { # Message for specifying an adjustment to the likelihood of a finding as # Likelihood adjustment to apply to all matching findings.
                    # part of a detection rule.
                  &quot;relativeLikelihood&quot;: 42, # Increase or decrease the likelihood by the specified number of
                      # levels. For example, if a finding would be `POSSIBLE` without the
                      # detection rule and `relative_likelihood` is 1, then it is upgraded to
                      # `LIKELY`, while a value of -1 would downgrade it to `UNLIKELY`.
                      # Likelihood may never drop below `VERY_UNLIKELY` or exceed
                      # `VERY_LIKELY`, so applying an adjustment of 1 followed by an
                      # adjustment of -1 when base likelihood is `VERY_LIKELY` will result in
                      # a final likelihood of `LIKELY`.
                  &quot;fixedLikelihood&quot;: &quot;A String&quot;, # Set the likelihood of a finding to a fixed value.
                },
                &quot;hotwordRegex&quot;: { # Message defining a custom regular expression. # Regular expression pattern defining what qualifies as a hotword.
                  &quot;groupIndexes&quot;: [ # The index of the submatch to extract as findings. When not
                      # specified, the entire match is returned. No more than 3 may be included.
                    42,
                  ],
                  &quot;pattern&quot;: &quot;A String&quot;, # Pattern defining the regular expression. Its syntax
                      # (https://github.com/google/re2/wiki/Syntax) can be found under the
                      # google/re2 repository on GitHub.
                },
                &quot;proximity&quot;: { # Message for specifying a window around a finding to apply a detection # Proximity of the finding within which the entire hotword must reside.
                    # The total length of the window cannot exceed 1000 characters. Note that
                    # the finding itself will be included in the window, so that hotwords may
                    # be used to match substrings of the finding itself. For example, the
                    # certainty of a phone number regex &quot;\(\d{3}\) \d{3}-\d{4}&quot; could be
                    # adjusted upwards if the area code is known to be the local area code of
                    # a company office using the hotword regex &quot;\(xxx\)&quot;, where &quot;xxx&quot;
                    # is the area code in question.
                    # rule.
                  &quot;windowBefore&quot;: 42, # Number of characters before the finding to consider.
                  &quot;windowAfter&quot;: 42, # Number of characters after the finding to consider.
                },
              },
              &quot;exclusionRule&quot;: { # The rule that specifies conditions when findings of infoTypes specified in # Exclusion rule.
                  # `InspectionRuleSet` are removed from results.
                &quot;dictionary&quot;: { # Custom information type based on a dictionary of words or phrases. This can # Dictionary which defines the rule.
                    # be used to match sensitive information specific to the data, such as a list
                    # of employee IDs or job titles.
                    #
                    # Dictionary words are case-insensitive and all characters other than letters
                    # and digits in the unicode [Basic Multilingual
                    # Plane](https://en.wikipedia.org/wiki/Plane_%28Unicode%29#Basic_Multilingual_Plane)
                    # will be replaced with whitespace when scanning for matches, so the
                    # dictionary phrase &quot;Sam Johnson&quot; will match all three phrases &quot;sam johnson&quot;,
                    # &quot;Sam, Johnson&quot;, and &quot;Sam (Johnson)&quot;. Additionally, the characters
                    # surrounding any match must be of a different type than the adjacent
                    # characters within the word, so letters must be next to non-letters and
                    # digits next to non-digits. For example, the dictionary word &quot;jen&quot; will
                    # match the first three letters of the text &quot;jen123&quot; but will return no
                    # matches for &quot;jennifer&quot;.
                    #
                    # Dictionary words containing a large number of characters that are not
                    # letters or digits may result in unexpected findings because such characters
                    # are treated as whitespace. The
                    # [limits](https://cloud.google.com/dlp/limits) page contains details about
                    # the size limits of dictionaries. For dictionaries that do not fit within
                    # these constraints, consider using `LargeCustomDictionaryConfig` in the
                    # `StoredInfoType` API.
                  &quot;wordList&quot;: { # Message defining a list of words or phrases to search for in the data. # List of words or phrases to search for.
                    &quot;words&quot;: [ # Words or phrases defining the dictionary. The dictionary must contain
                        # at least one phrase and every phrase must contain at least 2 characters
                        # that are letters or digits. [required]
                      &quot;A String&quot;,
                    ],
                  },
                  &quot;cloudStoragePath&quot;: { # Message representing a single file or path in Cloud Storage. # Newline-delimited file of words in Cloud Storage. Only a single file
                      # is accepted.
                    &quot;path&quot;: &quot;A String&quot;, # A url representing a file or path (no wildcards) in Cloud Storage.
                        # Example: gs://[BUCKET_NAME]/dictionary.txt
                  },
                },
                &quot;regex&quot;: { # Message defining a custom regular expression. # Regular expression which defines the rule.
                  &quot;groupIndexes&quot;: [ # The index of the submatch to extract as findings. When not
                      # specified, the entire match is returned. No more than 3 may be included.
                    42,
                  ],
                  &quot;pattern&quot;: &quot;A String&quot;, # Pattern defining the regular expression. Its syntax
                      # (https://github.com/google/re2/wiki/Syntax) can be found under the
                      # google/re2 repository on GitHub.
                },
                &quot;excludeInfoTypes&quot;: { # List of exclude infoTypes. # Set of infoTypes for which findings would affect this rule.
                  &quot;infoTypes&quot;: [ # InfoType list in ExclusionRule rule drops a finding when it overlaps or
                      # contained within with a finding of an infoType from this list. For
                      # example, for `InspectionRuleSet.info_types` containing &quot;PHONE_NUMBER&quot;` and
                      # `exclusion_rule` containing `exclude_info_types.info_types` with
                      # &quot;EMAIL_ADDRESS&quot; the phone number findings are dropped if they overlap
                      # with EMAIL_ADDRESS finding.
                      # That leads to &quot;555-222-2222@example.org&quot; to generate only a single
                      # finding, namely email address.
                    { # Type of information detected by the API.
                      &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
                          # creating a CustomInfoType, or one of the names listed
                          # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
                          # a built-in type. InfoType names should conform to the pattern
                          # `[a-zA-Z0-9_]{1,64}`.
                    },
                  ],
                },
                &quot;matchingType&quot;: &quot;A String&quot;, # How the rule is applied, see MatchingType documentation for details.
              },
            },
          ],
        },
      ],
      &quot;limits&quot;: { # Configuration to control the number of findings returned. # Configuration to control the number of findings returned.
        &quot;maxFindingsPerItem&quot;: 42, # Max number of findings that will be returned for each item scanned.
            # When set within `InspectJobConfig`,
            # the maximum returned is 2000 regardless if this is set higher.
            # When set within `InspectContentRequest`, this field is ignored.
        &quot;maxFindingsPerInfoType&quot;: [ # Configuration of findings limit given for specified infoTypes.
          { # Max findings configuration per infoType, per content item or long
              # running DlpJob.
            &quot;maxFindings&quot;: 42, # Max findings limit for the given infoType.
            &quot;infoType&quot;: { # Type of information detected by the API. # Type of information the findings limit applies to. Only one limit per
                # info_type should be provided. If InfoTypeLimit does not have an
                # info_type, the DLP API applies the limit against all info_types that
                # are found but not specified in another InfoTypeLimit.
              &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
                  # creating a CustomInfoType, or one of the names listed
                  # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
                  # a built-in type. InfoType names should conform to the pattern
                  # `[a-zA-Z0-9_]{1,64}`.
            },
          },
        ],
        &quot;maxFindingsPerRequest&quot;: 42, # Max number of findings that will be returned per request/job.
            # When set within `InspectContentRequest`, the maximum returned is 2000
            # regardless if this is set higher.
      },
      &quot;contentOptions&quot;: [ # List of options defining data content to scan.
          # If empty, text, images, and other content will be included.
        &quot;A String&quot;,
      ],
      &quot;infoTypes&quot;: [ # Restricts what info_types to look for. The values must correspond to
          # InfoType values returned by ListInfoTypes or listed at
          # https://cloud.google.com/dlp/docs/infotypes-reference.
          #
          # When no InfoTypes or CustomInfoTypes are specified in a request, the
          # system may automatically choose what detectors to run. By default this may
          # be all types, but may change over time as detectors are updated.
          #
          # If you need precise control and predictability as to what detectors are
          # run you should specify specific InfoTypes listed in the reference,
          # otherwise a default list will be used, which may change over time.
        { # Type of information detected by the API.
          &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
              # creating a CustomInfoType, or one of the names listed
              # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
              # a built-in type. InfoType names should conform to the pattern
              # `[a-zA-Z0-9_]{1,64}`.
        },
      ],
      &quot;minLikelihood&quot;: &quot;A String&quot;, # Only returns findings equal or above this threshold. The default is
          # POSSIBLE.
          # See https://cloud.google.com/dlp/docs/likelihood to learn more.
      &quot;excludeInfoTypes&quot;: True or False, # When true, excludes type information of the findings.
      &quot;customInfoTypes&quot;: [ # CustomInfoTypes provided by the user. See
          # https://cloud.google.com/dlp/docs/creating-custom-infotypes to learn more.
        { # Custom information type provided by the user. Used to find domain-specific
            # sensitive information configurable to the data in question.
          &quot;likelihood&quot;: &quot;A String&quot;, # Likelihood to return for this CustomInfoType. This base value can be
              # altered by a detection rule if the finding meets the criteria specified by
              # the rule. Defaults to `VERY_LIKELY` if not specified.
          &quot;infoType&quot;: { # Type of information detected by the API. # CustomInfoType can either be a new infoType, or an extension of built-in
              # infoType, when the name matches one of existing infoTypes and that infoType
              # is specified in `InspectContent.info_types` field. Specifying the latter
              # adds findings to the one detected by the system. If built-in info type is
              # not specified in `InspectContent.info_types` list then the name is treated
              # as a custom info type.
            &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
                # creating a CustomInfoType, or one of the names listed
                # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
                # a built-in type. InfoType names should conform to the pattern
                # `[a-zA-Z0-9_]{1,64}`.
          },
          &quot;regex&quot;: { # Message defining a custom regular expression. # Regular expression based CustomInfoType.
            &quot;groupIndexes&quot;: [ # The index of the submatch to extract as findings. When not
                # specified, the entire match is returned. No more than 3 may be included.
              42,
            ],
            &quot;pattern&quot;: &quot;A String&quot;, # Pattern defining the regular expression. Its syntax
                # (https://github.com/google/re2/wiki/Syntax) can be found under the
                # google/re2 repository on GitHub.
          },
          &quot;detectionRules&quot;: [ # Set of detection rules to apply to all findings of this CustomInfoType.
              # Rules are applied in order that they are specified. Not supported for the
              # `surrogate_type` CustomInfoType.
            { # Deprecated; use `InspectionRuleSet` instead. Rule for modifying a
                # `CustomInfoType` to alter behavior under certain circumstances, depending
                # on the specific details of the rule. Not supported for the `surrogate_type`
                # custom infoType.
              &quot;hotwordRule&quot;: { # The rule that adjusts the likelihood of findings within a certain # Hotword-based detection rule.
                  # proximity of hotwords.
                &quot;likelihoodAdjustment&quot;: { # Message for specifying an adjustment to the likelihood of a finding as # Likelihood adjustment to apply to all matching findings.
                    # part of a detection rule.
                  &quot;relativeLikelihood&quot;: 42, # Increase or decrease the likelihood by the specified number of
                      # levels. For example, if a finding would be `POSSIBLE` without the
                      # detection rule and `relative_likelihood` is 1, then it is upgraded to
                      # `LIKELY`, while a value of -1 would downgrade it to `UNLIKELY`.
                      # Likelihood may never drop below `VERY_UNLIKELY` or exceed
                      # `VERY_LIKELY`, so applying an adjustment of 1 followed by an
                      # adjustment of -1 when base likelihood is `VERY_LIKELY` will result in
                      # a final likelihood of `LIKELY`.
                  &quot;fixedLikelihood&quot;: &quot;A String&quot;, # Set the likelihood of a finding to a fixed value.
                },
                &quot;hotwordRegex&quot;: { # Message defining a custom regular expression. # Regular expression pattern defining what qualifies as a hotword.
                  &quot;groupIndexes&quot;: [ # The index of the submatch to extract as findings. When not
                      # specified, the entire match is returned. No more than 3 may be included.
                    42,
                  ],
                  &quot;pattern&quot;: &quot;A String&quot;, # Pattern defining the regular expression. Its syntax
                      # (https://github.com/google/re2/wiki/Syntax) can be found under the
                      # google/re2 repository on GitHub.
                },
                &quot;proximity&quot;: { # Message for specifying a window around a finding to apply a detection # Proximity of the finding within which the entire hotword must reside.
                    # The total length of the window cannot exceed 1000 characters. Note that
                    # the finding itself will be included in the window, so that hotwords may
                    # be used to match substrings of the finding itself. For example, the
                    # certainty of a phone number regex &quot;\(\d{3}\) \d{3}-\d{4}&quot; could be
                    # adjusted upwards if the area code is known to be the local area code of
                    # a company office using the hotword regex &quot;\(xxx\)&quot;, where &quot;xxx&quot;
                    # is the area code in question.
                    # rule.
                  &quot;windowBefore&quot;: 42, # Number of characters before the finding to consider.
                  &quot;windowAfter&quot;: 42, # Number of characters after the finding to consider.
                },
              },
            },
          ],
          &quot;exclusionType&quot;: &quot;A String&quot;, # If set to EXCLUSION_TYPE_EXCLUDE this infoType will not cause a finding
              # to be returned. It still can be used for rules matching.
          &quot;dictionary&quot;: { # Custom information type based on a dictionary of words or phrases. This can # A list of phrases to detect as a CustomInfoType.
              # be used to match sensitive information specific to the data, such as a list
              # of employee IDs or job titles.
              #
              # Dictionary words are case-insensitive and all characters other than letters
              # and digits in the unicode [Basic Multilingual
              # Plane](https://en.wikipedia.org/wiki/Plane_%28Unicode%29#Basic_Multilingual_Plane)
              # will be replaced with whitespace when scanning for matches, so the
              # dictionary phrase &quot;Sam Johnson&quot; will match all three phrases &quot;sam johnson&quot;,
              # &quot;Sam, Johnson&quot;, and &quot;Sam (Johnson)&quot;. Additionally, the characters
              # surrounding any match must be of a different type than the adjacent
              # characters within the word, so letters must be next to non-letters and
              # digits next to non-digits. For example, the dictionary word &quot;jen&quot; will
              # match the first three letters of the text &quot;jen123&quot; but will return no
              # matches for &quot;jennifer&quot;.
              #
              # Dictionary words containing a large number of characters that are not
              # letters or digits may result in unexpected findings because such characters
              # are treated as whitespace. The
              # [limits](https://cloud.google.com/dlp/limits) page contains details about
              # the size limits of dictionaries. For dictionaries that do not fit within
              # these constraints, consider using `LargeCustomDictionaryConfig` in the
              # `StoredInfoType` API.
            &quot;wordList&quot;: { # Message defining a list of words or phrases to search for in the data. # List of words or phrases to search for.
              &quot;words&quot;: [ # Words or phrases defining the dictionary. The dictionary must contain
                  # at least one phrase and every phrase must contain at least 2 characters
                  # that are letters or digits. [required]
                &quot;A String&quot;,
              ],
            },
            &quot;cloudStoragePath&quot;: { # Message representing a single file or path in Cloud Storage. # Newline-delimited file of words in Cloud Storage. Only a single file
                # is accepted.
              &quot;path&quot;: &quot;A String&quot;, # A url representing a file or path (no wildcards) in Cloud Storage.
                  # Example: gs://[BUCKET_NAME]/dictionary.txt
            },
          },
          &quot;storedType&quot;: { # A reference to a StoredInfoType to use with scanning. # Load an existing `StoredInfoType` resource for use in
              # `InspectDataSource`. Not currently supported in `InspectContent`.
            &quot;name&quot;: &quot;A String&quot;, # Resource name of the requested `StoredInfoType`, for example
                # `organizations/433245324/storedInfoTypes/432452342` or
                # `projects/project-id/storedInfoTypes/432452342`.
            &quot;createTime&quot;: &quot;A String&quot;, # Timestamp indicating when the version of the `StoredInfoType` used for
                # inspection was created. Output-only field, populated by the system.
          },
          &quot;surrogateType&quot;: { # Message for detecting output from deidentification transformations # Message for detecting output from deidentification transformations that
              # support reversing.
              # such as
              # [`CryptoReplaceFfxFpeConfig`](/dlp/docs/reference/rest/v2/organizations.deidentifyTemplates#cryptoreplaceffxfpeconfig).
              # These types of transformations are
              # those that perform pseudonymization, thereby producing a &quot;surrogate&quot; as
              # output. This should be used in conjunction with a field on the
              # transformation such as `surrogate_info_type`. This CustomInfoType does
              # not support the use of `detection_rules`.
          },
        },
      ],
    },
    &quot;locationId&quot;: &quot;A String&quot;, # The geographic location to process content inspection. Reserved for future
        # extensions.
        # When inspecting images location is restricted to &#x27;global&#x27;, &#x27;us&#x27;, &#x27;asia&#x27;,
        # and &#x27;europe&#x27;.
  }

  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # Results of inspecting an item.
    &quot;result&quot;: { # All the findings for a single scanned item. # The findings.
      &quot;findings&quot;: [ # List of findings for an item.
        { # Represents a piece of potentially sensitive content.
          &quot;resourceName&quot;: &quot;A String&quot;, # The job that stored the finding.
          &quot;triggerName&quot;: &quot;A String&quot;, # Job trigger name, if applicable, for this finding.
          &quot;jobCreateTime&quot;: &quot;A String&quot;, # Time the job started that produced this finding.
          &quot;quoteInfo&quot;: { # Message for infoType-dependent details parsed from quote. # Contains data parsed from quotes. Only populated if include_quote was set
              # to true and a supported infoType was requested. Currently supported
              # infoTypes: DATE, DATE_OF_BIRTH and TIME.
            &quot;dateTime&quot;: { # Message for a date time object. # The date time indicated by the quote.
                # e.g. 2018-01-01, 5th August.
              &quot;date&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # One or more of the following must be set.
                  # Must be a valid date or time value.
                  # and time zone are either specified elsewhere or are not significant. The date
                  # is relative to the Proleptic Gregorian Calendar. This can represent:
                  #
                  # * A full date, with non-zero year, month and day values
                  # * A month and day value, with a zero year, e.g. an anniversary
                  # * A year on its own, with zero month and day values
                  # * A year and month value, with a zero day, e.g. a credit card expiration date
                  #
                  # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                    # a year.
                &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                    # month and day.
                &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                    # if specifying a year by itself or a year and month where the day is not
                    # significant.
              },
              &quot;timeZone&quot;: { # Time zone of the date time object. # Time zone
                &quot;offsetMinutes&quot;: 42, # Set only if the offset can be determined. Positive for time ahead of UTC.
                    # E.g. For &quot;UTC-9&quot;, this value is -540.
              },
              &quot;dayOfWeek&quot;: &quot;A String&quot;, # Day of week
              &quot;time&quot;: { # Represents a time of day. The date and time zone are either not significant # Time of day
                  # or are specified elsewhere. An API may choose to allow leap seconds. Related
                  # types are google.type.Date and `google.protobuf.Timestamp`.
                &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                    # allow the value 60 if it allows leap-seconds.
                &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                    # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
              },
            },
          },
          &quot;labels&quot;: { # The labels associated with this `Finding`.
              #
              # Label keys must be between 1 and 63 characters long and must conform
              # to the following regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`.
              #
              # Label values must be between 0 and 63 characters long and must conform
              # to the regular expression `([a-z]([-a-z0-9]*[a-z0-9])?)?`.
              #
              # No more than 10 labels can be associated with a given finding.
              #
              # Examples:
              # * `&quot;environment&quot; : &quot;production&quot;`
              # * `&quot;pipeline&quot; : &quot;etl&quot;`
            &quot;a_key&quot;: &quot;A String&quot;,
          },
          &quot;infoType&quot;: { # Type of information detected by the API. # The type of content that might have been found.
              # Provided if `excluded_types` is false.
            &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
                # creating a CustomInfoType, or one of the names listed
                # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
                # a built-in type. InfoType names should conform to the pattern
                # `[a-zA-Z0-9_]{1,64}`.
          },
          &quot;likelihood&quot;: &quot;A String&quot;, # Confidence of how likely it is that the `info_type` is correct.
          &quot;name&quot;: &quot;A String&quot;, # Resource name in format
              # projects/{project}/locations/{location}/findings/{finding} Populated only
              # when viewing persisted findings.
          &quot;location&quot;: { # Specifies the location of the finding. # Where the content was found.
            &quot;codepointRange&quot;: { # Generic half-open interval [start, end) # Unicode character offsets delimiting the finding.
                # These are relative to the finding&#x27;s containing element.
                # Provided when the content is text.
              &quot;start&quot;: &quot;A String&quot;, # Index of the first character of the range (inclusive).
              &quot;end&quot;: &quot;A String&quot;, # Index of the last character of the range (exclusive).
            },
            &quot;byteRange&quot;: { # Generic half-open interval [start, end) # Zero-based byte offsets delimiting the finding.
                # These are relative to the finding&#x27;s containing element.
                # Note that when the content is not textual, this references
                # the UTF-8 encoded textual representation of the content.
                # Omitted if content is an image.
              &quot;start&quot;: &quot;A String&quot;, # Index of the first character of the range (inclusive).
              &quot;end&quot;: &quot;A String&quot;, # Index of the last character of the range (exclusive).
            },
            &quot;container&quot;: { # Represents a container that may contain DLP findings. # Information about the container where this finding occurred, if available.
                # Examples of a container include a file, table, or database record.
              &quot;fullPath&quot;: &quot;A String&quot;, # A string representation of the full container name.
                  # Examples:
                  # - BigQuery: &#x27;Project:DataSetId.TableId&#x27;
                  # - Google Cloud Storage: &#x27;gs://Bucket/folders/filename.txt&#x27;
              &quot;type&quot;: &quot;A String&quot;, # Container type, for example BigQuery or Google Cloud Storage.
              &quot;updateTime&quot;: &quot;A String&quot;, # Findings container modification timestamp, if applicable.
                  # For Google Cloud Storage contains last file modification timestamp.
                  # For BigQuery table contains last_modified_time property.
                  # For Datastore - not populated.
              &quot;rootPath&quot;: &quot;A String&quot;, # The root of the container.
                  # Examples:
                  # - For BigQuery table `project_id:dataset_id.table_id`, the root is
                  #  `dataset_id`
                  # - For Google Cloud Storage file `gs://bucket/folder/filename.txt`, the root
                  #  is `gs://bucket`
              &quot;projectId&quot;: &quot;A String&quot;, # Project where the finding was found.
                  # Can be different from the project that owns the finding.
              &quot;relativePath&quot;: &quot;A String&quot;, # The rest of the path after the root.
                  # Examples:
                  # - For BigQuery table `project_id:dataset_id.table_id`, the relative path is
                  #  `table_id`
                  # - Google Cloud Storage file `gs://bucket/folder/filename.txt`, the relative
                  #  path is `folder/filename.txt`
              &quot;version&quot;: &quot;A String&quot;, # Findings container version, if available
                  # (&quot;generation&quot; for Google Cloud Storage).
            },
            &quot;contentLocations&quot;: [ # List of nested objects pointing to the precise location of the finding
                # within the file or record.
              { # Precise location of the finding within a document, record, image, or metadata
                  # container.
                &quot;containerName&quot;: &quot;A String&quot;, # Name of the container where the finding is located.
                    # The top level name is the source file name or table name. Names of some
                    # common storage containers are formatted as follows:
                    #
                    # * BigQuery tables:  `{project_id}:{dataset_id}.{table_id}`
                    # * Cloud Storage files: `gs://{bucket}/{path}`
                    # * Datastore namespace: {namespace}
                    #
                    # Nested names could be absent if the embedded object has no string
                    # identifier (for an example an image contained within a document).
                &quot;documentLocation&quot;: { # Location of a finding within a document. # Location data for document files.
                  &quot;fileOffset&quot;: &quot;A String&quot;, # Offset of the line, from the beginning of the file, where the finding
                      # is located.
                },
                &quot;recordLocation&quot;: { # Location of a finding within a row or record. # Location within a row or record of a database table.
                  &quot;fieldId&quot;: { # General identifier of a data field in a storage service. # Field id of the field containing the finding.
                    &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
                  },
                  &quot;tableLocation&quot;: { # Location of a finding within a table. # Location within a `ContentItem.Table`.
                    &quot;rowIndex&quot;: &quot;A String&quot;, # The zero-based index of the row where the finding is located. Only
                        # populated for resources that have a natural ordering, not BigQuery. In
                        # BigQuery, to identify the row a finding came from, populate
                        # BigQueryOptions.identifying_fields with your primary key column names and
                        # when you store the findings the value of those columns will be stored
                        # inside of Finding.
                  },
                  &quot;recordKey&quot;: { # Message for a unique key indicating a record that contains a finding. # Key of the finding.
                    &quot;idValues&quot;: [ # Values of identifying columns in the given row. Order of values matches
                        # the order of `identifying_fields` specified in the scanning request.
                      &quot;A String&quot;,
                    ],
                    &quot;datastoreKey&quot;: { # Record key for a finding in Cloud Datastore.
                      &quot;entityKey&quot;: { # A unique identifier for a Datastore entity. # Datastore entity key.
                          # If a key&#x27;s partition ID or any of its path kinds or names are
                          # reserved/read-only, the key is reserved/read-only.
                          # A reserved/read-only key is forbidden in certain documented contexts.
                        &quot;path&quot;: [ # The entity path.
                            # An entity path consists of one or more elements composed of a kind and a
                            # string or numerical identifier, which identify entities. The first
                            # element identifies a _root entity_, the second element identifies
                            # a _child_ of the root entity, the third element identifies a child of the
                            # second entity, and so forth. The entities identified by all prefixes of
                            # the path are called the element&#x27;s _ancestors_.
                            #
                            # A path can never be empty, and a path can have at most 100 elements.
                          { # A (kind, ID/name) pair used to construct a key path.
                              #
                              # If either name or ID is set, the element is complete.
                              # If neither is set, the element is incomplete.
                            &quot;kind&quot;: &quot;A String&quot;, # The kind of the entity.
                                # A kind matching regex `__.*__` is reserved/read-only.
                                # A kind must not contain more than 1500 bytes when UTF-8 encoded.
                                # Cannot be `&quot;&quot;`.
                            &quot;id&quot;: &quot;A String&quot;, # The auto-allocated ID of the entity.
                                # Never equal to zero. Values less than zero are discouraged and may not
                                # be supported in the future.
                            &quot;name&quot;: &quot;A String&quot;, # The name of the entity.
                                # A name matching regex `__.*__` is reserved/read-only.
                                # A name must not be more than 1500 bytes when UTF-8 encoded.
                                # Cannot be `&quot;&quot;`.
                          },
                        ],
                        &quot;partitionId&quot;: { # Datastore partition ID. # Entities are partitioned into subsets, currently identified by a project
                            # ID and namespace ID.
                            # Queries are scoped to a single partition.
                            # A partition ID identifies a grouping of entities. The grouping is always
                            # by project and namespace, however the namespace ID may be empty.
                            #
                            # A partition ID contains several dimensions:
                            # project ID and namespace ID.
                          &quot;namespaceId&quot;: &quot;A String&quot;, # If not empty, the ID of the namespace to which the entities belong.
                          &quot;projectId&quot;: &quot;A String&quot;, # The ID of the project to which the entities belong.
                        },
                      },
                    },
                    &quot;bigQueryKey&quot;: { # Row key for identifying a record in BigQuery table.
                      &quot;tableReference&quot;: { # Message defining the location of a BigQuery table. A table is uniquely # Complete BigQuery table reference.
                          # identified  by its project_id, dataset_id, and table_name. Within a query
                          # a table is often referenced with a string in the format of:
                          # `&lt;project_id&gt;:&lt;dataset_id&gt;.&lt;table_id&gt;` or
                          # `&lt;project_id&gt;.&lt;dataset_id&gt;.&lt;table_id&gt;`.
                        &quot;projectId&quot;: &quot;A String&quot;, # The Google Cloud Platform project ID of the project containing the table.
                            # If omitted, project ID is inferred from the API call.
                        &quot;datasetId&quot;: &quot;A String&quot;, # Dataset ID of the table.
                        &quot;tableId&quot;: &quot;A String&quot;, # Name of the table.
                      },
                      &quot;rowNumber&quot;: &quot;A String&quot;, # Row number inferred at the time the table was scanned. This value is
                          # nondeterministic, cannot be queried, and may be null for inspection
                          # jobs. To locate findings within a table, specify
                          # `inspect_job.storage_config.big_query_options.identifying_fields` in
                          # `CreateDlpJobRequest`.
                    },
                  },
                },
                &quot;containerTimestamp&quot;: &quot;A String&quot;, # Findings container modification timestamp, if applicable.
                    # For Google Cloud Storage contains last file modification timestamp.
                    # For BigQuery table contains last_modified_time property.
                    # For Datastore - not populated.
                &quot;metadataLocation&quot;: { # Metadata Location # Location within the metadata for inspected content.
                  &quot;storageLabel&quot;: { # Storage metadata label to indicate which metadata entry contains findings. # Storage metadata.
                    &quot;key&quot;: &quot;A String&quot;,
                  },
                  &quot;type&quot;: &quot;A String&quot;, # Type of metadata containing the finding.
                },
                &quot;imageLocation&quot;: { # Location of the finding within an image. # Location within an image&#x27;s pixels.
                  &quot;boundingBoxes&quot;: [ # Bounding boxes locating the pixels within the image containing the finding.
                    { # Bounding box encompassing detected text within an image.
                      &quot;top&quot;: 42, # Top coordinate of the bounding box. (0,0) is upper left.
                      &quot;width&quot;: 42, # Width of the bounding box in pixels.
                      &quot;height&quot;: 42, # Height of the bounding box in pixels.
                      &quot;left&quot;: 42, # Left coordinate of the bounding box. (0,0) is upper left.
                    },
                  ],
                },
                &quot;containerVersion&quot;: &quot;A String&quot;, # Findings container version, if available
                    # (&quot;generation&quot; for Google Cloud Storage).
              },
            ],
          },
          &quot;quote&quot;: &quot;A String&quot;, # The content that was found. Even if the content is not textual, it
              # may be converted to a textual representation here.
              # Provided if `include_quote` is true and the finding is
              # less than or equal to 4096 bytes long. If the finding exceeds 4096 bytes
              # in length, the quote may be omitted.
          &quot;createTime&quot;: &quot;A String&quot;, # Timestamp when finding was detected.
          &quot;jobName&quot;: &quot;A String&quot;, # The job that stored the finding.
        },
      ],
      &quot;findingsTruncated&quot;: True or False, # If true, then this item might have more findings than were returned,
          # and the findings returned are an arbitrary subset of all findings.
          # The findings list might be truncated because the input items were too
          # large, or because the server reached the maximum amount of resources
          # allowed for a single API call. For best results, divide the input into
          # smaller batches.
    },
  }</pre>
</div>

<div class="method">
    <code class="details" id="reidentify">reidentify(parent, body=None, x__xgafv=None)</code>
  <pre>Re-identifies content that has been de-identified.
See
https://cloud.google.com/dlp/docs/pseudonymization#re-identification_in_free_text_code_example
to learn more.

Args:
  parent: string, Required. The parent resource name. (required)
  body: object, The request body.
    The object takes the form of:

{ # Request to re-identify an item.
    &quot;item&quot;: { # Container structure for the content to inspect. # The item to re-identify. Will be treated as text.
      &quot;byteItem&quot;: { # Container for bytes to inspect or redact. # Content data to inspect or redact. Replaces `type` and `data`.
        &quot;type&quot;: &quot;A String&quot;, # The type of data stored in the bytes string. Default will be TEXT_UTF8.
        &quot;data&quot;: &quot;A String&quot;, # Content data to inspect or redact.
      },
      &quot;value&quot;: &quot;A String&quot;, # String data to inspect or redact.
      &quot;table&quot;: { # Structured content to inspect. Up to 50,000 `Value`s per request allowed. # Structured content for inspection. See
          # https://cloud.google.com/dlp/docs/inspecting-text#inspecting_a_table to
          # learn more.
          # See https://cloud.google.com/dlp/docs/inspecting-text#inspecting_a_table to
          # learn more.
        &quot;rows&quot;: [ # Rows of the table.
          { # Values of the row.
            &quot;values&quot;: [ # Individual cells.
              { # Set of primitive values supported by the system.
                  # Note that for the purposes of inspection or transformation, the number
                  # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                  # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                  # 123456789, the number of bytes would be counted as 9, even though an
                  # int64 only holds up to 8 bytes of data.
                &quot;booleanValue&quot;: True or False, # boolean
                &quot;floatValue&quot;: 3.14, # float
                &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                    # and time zone are either specified elsewhere or are not significant. The date
                    # is relative to the Proleptic Gregorian Calendar. This can represent:
                    #
                    # * A full date, with non-zero year, month and day values
                    # * A month and day value, with a zero year, e.g. an anniversary
                    # * A year on its own, with zero month and day values
                    # * A year and month value, with a zero day, e.g. a credit card expiration date
                    #
                    # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                  &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                      # a year.
                  &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                      # month and day.
                  &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                      # if specifying a year by itself or a year and month where the day is not
                      # significant.
                },
                &quot;stringValue&quot;: &quot;A String&quot;, # string
                &quot;integerValue&quot;: &quot;A String&quot;, # integer
                &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                    # or are specified elsewhere. An API may choose to allow leap seconds. Related
                    # types are google.type.Date and `google.protobuf.Timestamp`.
                  &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                      # allow the value 60 if it allows leap-seconds.
                  &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                  &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                      # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                  &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                },
              },
            ],
          },
        ],
        &quot;headers&quot;: [ # Headers of the table.
          { # General identifier of a data field in a storage service.
            &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
          },
        ],
      },
    },
    &quot;inspectTemplateName&quot;: &quot;A String&quot;, # Template to use. Any configuration directly specified in
        # `inspect_config` will override those set in the template. Singular fields
        # that are set in this request will replace their corresponding fields in the
        # template. Repeated fields are appended. Singular sub-messages and groups
        # are recursively merged.
    &quot;inspectConfig&quot;: { # Configuration description of the scanning process. # Configuration for the inspector.
        # When used with redactContent only info_types and min_likelihood are currently
        # used.
      &quot;includeQuote&quot;: True or False, # When true, a contextual quote from the data that triggered a finding is
          # included in the response; see Finding.quote.
      &quot;ruleSet&quot;: [ # Set of rules to apply to the findings for this InspectConfig.
          # Exclusion rules, contained in the set are executed in the end, other
          # rules are executed in the order they are specified for each info type.
        { # Rule set for modifying a set of infoTypes to alter behavior under certain
            # circumstances, depending on the specific details of the rules within the set.
          &quot;infoTypes&quot;: [ # List of infoTypes this rule set is applied to.
            { # Type of information detected by the API.
              &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
                  # creating a CustomInfoType, or one of the names listed
                  # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
                  # a built-in type. InfoType names should conform to the pattern
                  # `[a-zA-Z0-9_]{1,64}`.
            },
          ],
          &quot;rules&quot;: [ # Set of rules to be applied to infoTypes. The rules are applied in order.
            { # A single inspection rule to be applied to infoTypes, specified in
                # `InspectionRuleSet`.
              &quot;hotwordRule&quot;: { # The rule that adjusts the likelihood of findings within a certain # Hotword-based detection rule.
                  # proximity of hotwords.
                &quot;likelihoodAdjustment&quot;: { # Message for specifying an adjustment to the likelihood of a finding as # Likelihood adjustment to apply to all matching findings.
                    # part of a detection rule.
                  &quot;relativeLikelihood&quot;: 42, # Increase or decrease the likelihood by the specified number of
                      # levels. For example, if a finding would be `POSSIBLE` without the
                      # detection rule and `relative_likelihood` is 1, then it is upgraded to
                      # `LIKELY`, while a value of -1 would downgrade it to `UNLIKELY`.
                      # Likelihood may never drop below `VERY_UNLIKELY` or exceed
                      # `VERY_LIKELY`, so applying an adjustment of 1 followed by an
                      # adjustment of -1 when base likelihood is `VERY_LIKELY` will result in
                      # a final likelihood of `LIKELY`.
                  &quot;fixedLikelihood&quot;: &quot;A String&quot;, # Set the likelihood of a finding to a fixed value.
                },
                &quot;hotwordRegex&quot;: { # Message defining a custom regular expression. # Regular expression pattern defining what qualifies as a hotword.
                  &quot;groupIndexes&quot;: [ # The index of the submatch to extract as findings. When not
                      # specified, the entire match is returned. No more than 3 may be included.
                    42,
                  ],
                  &quot;pattern&quot;: &quot;A String&quot;, # Pattern defining the regular expression. Its syntax
                      # (https://github.com/google/re2/wiki/Syntax) can be found under the
                      # google/re2 repository on GitHub.
                },
                &quot;proximity&quot;: { # Message for specifying a window around a finding to apply a detection # Proximity of the finding within which the entire hotword must reside.
                    # The total length of the window cannot exceed 1000 characters. Note that
                    # the finding itself will be included in the window, so that hotwords may
                    # be used to match substrings of the finding itself. For example, the
                    # certainty of a phone number regex &quot;\(\d{3}\) \d{3}-\d{4}&quot; could be
                    # adjusted upwards if the area code is known to be the local area code of
                    # a company office using the hotword regex &quot;\(xxx\)&quot;, where &quot;xxx&quot;
                    # is the area code in question.
                    # rule.
                  &quot;windowBefore&quot;: 42, # Number of characters before the finding to consider.
                  &quot;windowAfter&quot;: 42, # Number of characters after the finding to consider.
                },
              },
              &quot;exclusionRule&quot;: { # The rule that specifies conditions when findings of infoTypes specified in # Exclusion rule.
                  # `InspectionRuleSet` are removed from results.
                &quot;dictionary&quot;: { # Custom information type based on a dictionary of words or phrases. This can # Dictionary which defines the rule.
                    # be used to match sensitive information specific to the data, such as a list
                    # of employee IDs or job titles.
                    #
                    # Dictionary words are case-insensitive and all characters other than letters
                    # and digits in the unicode [Basic Multilingual
                    # Plane](https://en.wikipedia.org/wiki/Plane_%28Unicode%29#Basic_Multilingual_Plane)
                    # will be replaced with whitespace when scanning for matches, so the
                    # dictionary phrase &quot;Sam Johnson&quot; will match all three phrases &quot;sam johnson&quot;,
                    # &quot;Sam, Johnson&quot;, and &quot;Sam (Johnson)&quot;. Additionally, the characters
                    # surrounding any match must be of a different type than the adjacent
                    # characters within the word, so letters must be next to non-letters and
                    # digits next to non-digits. For example, the dictionary word &quot;jen&quot; will
                    # match the first three letters of the text &quot;jen123&quot; but will return no
                    # matches for &quot;jennifer&quot;.
                    #
                    # Dictionary words containing a large number of characters that are not
                    # letters or digits may result in unexpected findings because such characters
                    # are treated as whitespace. The
                    # [limits](https://cloud.google.com/dlp/limits) page contains details about
                    # the size limits of dictionaries. For dictionaries that do not fit within
                    # these constraints, consider using `LargeCustomDictionaryConfig` in the
                    # `StoredInfoType` API.
                  &quot;wordList&quot;: { # Message defining a list of words or phrases to search for in the data. # List of words or phrases to search for.
                    &quot;words&quot;: [ # Words or phrases defining the dictionary. The dictionary must contain
                        # at least one phrase and every phrase must contain at least 2 characters
                        # that are letters or digits. [required]
                      &quot;A String&quot;,
                    ],
                  },
                  &quot;cloudStoragePath&quot;: { # Message representing a single file or path in Cloud Storage. # Newline-delimited file of words in Cloud Storage. Only a single file
                      # is accepted.
                    &quot;path&quot;: &quot;A String&quot;, # A url representing a file or path (no wildcards) in Cloud Storage.
                        # Example: gs://[BUCKET_NAME]/dictionary.txt
                  },
                },
                &quot;regex&quot;: { # Message defining a custom regular expression. # Regular expression which defines the rule.
                  &quot;groupIndexes&quot;: [ # The index of the submatch to extract as findings. When not
                      # specified, the entire match is returned. No more than 3 may be included.
                    42,
                  ],
                  &quot;pattern&quot;: &quot;A String&quot;, # Pattern defining the regular expression. Its syntax
                      # (https://github.com/google/re2/wiki/Syntax) can be found under the
                      # google/re2 repository on GitHub.
                },
                &quot;excludeInfoTypes&quot;: { # List of exclude infoTypes. # Set of infoTypes for which findings would affect this rule.
                  &quot;infoTypes&quot;: [ # InfoType list in ExclusionRule rule drops a finding when it overlaps or
                      # contained within with a finding of an infoType from this list. For
                      # example, for `InspectionRuleSet.info_types` containing &quot;PHONE_NUMBER&quot;` and
                      # `exclusion_rule` containing `exclude_info_types.info_types` with
                      # &quot;EMAIL_ADDRESS&quot; the phone number findings are dropped if they overlap
                      # with EMAIL_ADDRESS finding.
                      # That leads to &quot;555-222-2222@example.org&quot; to generate only a single
                      # finding, namely email address.
                    { # Type of information detected by the API.
                      &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
                          # creating a CustomInfoType, or one of the names listed
                          # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
                          # a built-in type. InfoType names should conform to the pattern
                          # `[a-zA-Z0-9_]{1,64}`.
                    },
                  ],
                },
                &quot;matchingType&quot;: &quot;A String&quot;, # How the rule is applied, see MatchingType documentation for details.
              },
            },
          ],
        },
      ],
      &quot;limits&quot;: { # Configuration to control the number of findings returned. # Configuration to control the number of findings returned.
        &quot;maxFindingsPerItem&quot;: 42, # Max number of findings that will be returned for each item scanned.
            # When set within `InspectJobConfig`,
            # the maximum returned is 2000 regardless if this is set higher.
            # When set within `InspectContentRequest`, this field is ignored.
        &quot;maxFindingsPerInfoType&quot;: [ # Configuration of findings limit given for specified infoTypes.
          { # Max findings configuration per infoType, per content item or long
              # running DlpJob.
            &quot;maxFindings&quot;: 42, # Max findings limit for the given infoType.
            &quot;infoType&quot;: { # Type of information detected by the API. # Type of information the findings limit applies to. Only one limit per
                # info_type should be provided. If InfoTypeLimit does not have an
                # info_type, the DLP API applies the limit against all info_types that
                # are found but not specified in another InfoTypeLimit.
              &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
                  # creating a CustomInfoType, or one of the names listed
                  # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
                  # a built-in type. InfoType names should conform to the pattern
                  # `[a-zA-Z0-9_]{1,64}`.
            },
          },
        ],
        &quot;maxFindingsPerRequest&quot;: 42, # Max number of findings that will be returned per request/job.
            # When set within `InspectContentRequest`, the maximum returned is 2000
            # regardless if this is set higher.
      },
      &quot;contentOptions&quot;: [ # List of options defining data content to scan.
          # If empty, text, images, and other content will be included.
        &quot;A String&quot;,
      ],
      &quot;infoTypes&quot;: [ # Restricts what info_types to look for. The values must correspond to
          # InfoType values returned by ListInfoTypes or listed at
          # https://cloud.google.com/dlp/docs/infotypes-reference.
          #
          # When no InfoTypes or CustomInfoTypes are specified in a request, the
          # system may automatically choose what detectors to run. By default this may
          # be all types, but may change over time as detectors are updated.
          #
          # If you need precise control and predictability as to what detectors are
          # run you should specify specific InfoTypes listed in the reference,
          # otherwise a default list will be used, which may change over time.
        { # Type of information detected by the API.
          &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
              # creating a CustomInfoType, or one of the names listed
              # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
              # a built-in type. InfoType names should conform to the pattern
              # `[a-zA-Z0-9_]{1,64}`.
        },
      ],
      &quot;minLikelihood&quot;: &quot;A String&quot;, # Only returns findings equal or above this threshold. The default is
          # POSSIBLE.
          # See https://cloud.google.com/dlp/docs/likelihood to learn more.
      &quot;excludeInfoTypes&quot;: True or False, # When true, excludes type information of the findings.
      &quot;customInfoTypes&quot;: [ # CustomInfoTypes provided by the user. See
          # https://cloud.google.com/dlp/docs/creating-custom-infotypes to learn more.
        { # Custom information type provided by the user. Used to find domain-specific
            # sensitive information configurable to the data in question.
          &quot;likelihood&quot;: &quot;A String&quot;, # Likelihood to return for this CustomInfoType. This base value can be
              # altered by a detection rule if the finding meets the criteria specified by
              # the rule. Defaults to `VERY_LIKELY` if not specified.
          &quot;infoType&quot;: { # Type of information detected by the API. # CustomInfoType can either be a new infoType, or an extension of built-in
              # infoType, when the name matches one of existing infoTypes and that infoType
              # is specified in `InspectContent.info_types` field. Specifying the latter
              # adds findings to the one detected by the system. If built-in info type is
              # not specified in `InspectContent.info_types` list then the name is treated
              # as a custom info type.
            &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
                # creating a CustomInfoType, or one of the names listed
                # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
                # a built-in type. InfoType names should conform to the pattern
                # `[a-zA-Z0-9_]{1,64}`.
          },
          &quot;regex&quot;: { # Message defining a custom regular expression. # Regular expression based CustomInfoType.
            &quot;groupIndexes&quot;: [ # The index of the submatch to extract as findings. When not
                # specified, the entire match is returned. No more than 3 may be included.
              42,
            ],
            &quot;pattern&quot;: &quot;A String&quot;, # Pattern defining the regular expression. Its syntax
                # (https://github.com/google/re2/wiki/Syntax) can be found under the
                # google/re2 repository on GitHub.
          },
          &quot;detectionRules&quot;: [ # Set of detection rules to apply to all findings of this CustomInfoType.
              # Rules are applied in order that they are specified. Not supported for the
              # `surrogate_type` CustomInfoType.
            { # Deprecated; use `InspectionRuleSet` instead. Rule for modifying a
                # `CustomInfoType` to alter behavior under certain circumstances, depending
                # on the specific details of the rule. Not supported for the `surrogate_type`
                # custom infoType.
              &quot;hotwordRule&quot;: { # The rule that adjusts the likelihood of findings within a certain # Hotword-based detection rule.
                  # proximity of hotwords.
                &quot;likelihoodAdjustment&quot;: { # Message for specifying an adjustment to the likelihood of a finding as # Likelihood adjustment to apply to all matching findings.
                    # part of a detection rule.
                  &quot;relativeLikelihood&quot;: 42, # Increase or decrease the likelihood by the specified number of
                      # levels. For example, if a finding would be `POSSIBLE` without the
                      # detection rule and `relative_likelihood` is 1, then it is upgraded to
                      # `LIKELY`, while a value of -1 would downgrade it to `UNLIKELY`.
                      # Likelihood may never drop below `VERY_UNLIKELY` or exceed
                      # `VERY_LIKELY`, so applying an adjustment of 1 followed by an
                      # adjustment of -1 when base likelihood is `VERY_LIKELY` will result in
                      # a final likelihood of `LIKELY`.
                  &quot;fixedLikelihood&quot;: &quot;A String&quot;, # Set the likelihood of a finding to a fixed value.
                },
                &quot;hotwordRegex&quot;: { # Message defining a custom regular expression. # Regular expression pattern defining what qualifies as a hotword.
                  &quot;groupIndexes&quot;: [ # The index of the submatch to extract as findings. When not
                      # specified, the entire match is returned. No more than 3 may be included.
                    42,
                  ],
                  &quot;pattern&quot;: &quot;A String&quot;, # Pattern defining the regular expression. Its syntax
                      # (https://github.com/google/re2/wiki/Syntax) can be found under the
                      # google/re2 repository on GitHub.
                },
                &quot;proximity&quot;: { # Message for specifying a window around a finding to apply a detection # Proximity of the finding within which the entire hotword must reside.
                    # The total length of the window cannot exceed 1000 characters. Note that
                    # the finding itself will be included in the window, so that hotwords may
                    # be used to match substrings of the finding itself. For example, the
                    # certainty of a phone number regex &quot;\(\d{3}\) \d{3}-\d{4}&quot; could be
                    # adjusted upwards if the area code is known to be the local area code of
                    # a company office using the hotword regex &quot;\(xxx\)&quot;, where &quot;xxx&quot;
                    # is the area code in question.
                    # rule.
                  &quot;windowBefore&quot;: 42, # Number of characters before the finding to consider.
                  &quot;windowAfter&quot;: 42, # Number of characters after the finding to consider.
                },
              },
            },
          ],
          &quot;exclusionType&quot;: &quot;A String&quot;, # If set to EXCLUSION_TYPE_EXCLUDE this infoType will not cause a finding
              # to be returned. It still can be used for rules matching.
          &quot;dictionary&quot;: { # Custom information type based on a dictionary of words or phrases. This can # A list of phrases to detect as a CustomInfoType.
              # be used to match sensitive information specific to the data, such as a list
              # of employee IDs or job titles.
              #
              # Dictionary words are case-insensitive and all characters other than letters
              # and digits in the unicode [Basic Multilingual
              # Plane](https://en.wikipedia.org/wiki/Plane_%28Unicode%29#Basic_Multilingual_Plane)
              # will be replaced with whitespace when scanning for matches, so the
              # dictionary phrase &quot;Sam Johnson&quot; will match all three phrases &quot;sam johnson&quot;,
              # &quot;Sam, Johnson&quot;, and &quot;Sam (Johnson)&quot;. Additionally, the characters
              # surrounding any match must be of a different type than the adjacent
              # characters within the word, so letters must be next to non-letters and
              # digits next to non-digits. For example, the dictionary word &quot;jen&quot; will
              # match the first three letters of the text &quot;jen123&quot; but will return no
              # matches for &quot;jennifer&quot;.
              #
              # Dictionary words containing a large number of characters that are not
              # letters or digits may result in unexpected findings because such characters
              # are treated as whitespace. The
              # [limits](https://cloud.google.com/dlp/limits) page contains details about
              # the size limits of dictionaries. For dictionaries that do not fit within
              # these constraints, consider using `LargeCustomDictionaryConfig` in the
              # `StoredInfoType` API.
            &quot;wordList&quot;: { # Message defining a list of words or phrases to search for in the data. # List of words or phrases to search for.
              &quot;words&quot;: [ # Words or phrases defining the dictionary. The dictionary must contain
                  # at least one phrase and every phrase must contain at least 2 characters
                  # that are letters or digits. [required]
                &quot;A String&quot;,
              ],
            },
            &quot;cloudStoragePath&quot;: { # Message representing a single file or path in Cloud Storage. # Newline-delimited file of words in Cloud Storage. Only a single file
                # is accepted.
              &quot;path&quot;: &quot;A String&quot;, # A url representing a file or path (no wildcards) in Cloud Storage.
                  # Example: gs://[BUCKET_NAME]/dictionary.txt
            },
          },
          &quot;storedType&quot;: { # A reference to a StoredInfoType to use with scanning. # Load an existing `StoredInfoType` resource for use in
              # `InspectDataSource`. Not currently supported in `InspectContent`.
            &quot;name&quot;: &quot;A String&quot;, # Resource name of the requested `StoredInfoType`, for example
                # `organizations/433245324/storedInfoTypes/432452342` or
                # `projects/project-id/storedInfoTypes/432452342`.
            &quot;createTime&quot;: &quot;A String&quot;, # Timestamp indicating when the version of the `StoredInfoType` used for
                # inspection was created. Output-only field, populated by the system.
          },
          &quot;surrogateType&quot;: { # Message for detecting output from deidentification transformations # Message for detecting output from deidentification transformations that
              # support reversing.
              # such as
              # [`CryptoReplaceFfxFpeConfig`](/dlp/docs/reference/rest/v2/organizations.deidentifyTemplates#cryptoreplaceffxfpeconfig).
              # These types of transformations are
              # those that perform pseudonymization, thereby producing a &quot;surrogate&quot; as
              # output. This should be used in conjunction with a field on the
              # transformation such as `surrogate_info_type`. This CustomInfoType does
              # not support the use of `detection_rules`.
          },
        },
      ],
    },
    &quot;locationId&quot;: &quot;A String&quot;, # The geographic location to process content reidentification.  Reserved for
        # future extensions.
    &quot;reidentifyTemplateName&quot;: &quot;A String&quot;, # Template to use. References an instance of `DeidentifyTemplate`.
        # Any configuration directly specified in `reidentify_config` or
        # `inspect_config` will override those set in the template. Singular fields
        # that are set in this request will replace their corresponding fields in the
        # template. Repeated fields are appended. Singular sub-messages and groups
        # are recursively merged.
    &quot;reidentifyConfig&quot;: { # The configuration that controls how the data will change. # Configuration for the re-identification of the content item.
        # This field shares the same proto message type that is used for
        # de-identification, however its usage here is for the reversal of the
        # previous de-identification. Re-identification is performed by examining
        # the transformations used to de-identify the items and executing the
        # reverse. This requires that only reversible transformations
        # be provided here. The reversible transformations are:
        # 
        #  - `CryptoDeterministicConfig`
        #  - `CryptoReplaceFfxFpeConfig`
      &quot;transformationErrorHandling&quot;: { # How to handle transformation errors during de-identification. A # Mode for handling transformation errors. If left unspecified, the default
          # mode is `TransformationErrorHandling.ThrowError`.
          # transformation error occurs when the requested transformation is incompatible
          # with the data. For example, trying to de-identify an IP address using a
          # `DateShift` transformation would result in a transformation error, since date
          # info cannot be extracted from an IP address.
          # Information about any incompatible transformations, and how they were
          # handled, is returned in the response as part of the
          # `TransformationOverviews`.
        &quot;throwError&quot;: { # Throw an error and fail the request when a transformation error occurs. # Throw an error
        },
        &quot;leaveUntransformed&quot;: { # Skips the data without modifying it if the requested transformation would # Ignore errors
            # cause an error. For example, if a `DateShift` transformation were applied
            # an an IP address, this mode would leave the IP address unchanged in the
            # response.
        },
      },
      &quot;recordTransformations&quot;: { # A type of transformation that is applied over structured data such as a # Treat the dataset as structured. Transformations can be applied to
          # specific locations within structured datasets, such as transforming
          # a column within a table.
          # table.
        &quot;recordSuppressions&quot;: [ # Configuration defining which records get suppressed entirely. Records that
            # match any suppression rule are omitted from the output.
          { # Configuration to suppress records whose suppression conditions evaluate to
              # true.
            &quot;condition&quot;: { # A condition for determining whether a transformation should be applied to # A condition that when it evaluates to true will result in the record being
                # evaluated to be suppressed from the transformed content.
                # a field.
              &quot;expressions&quot;: { # An expression, consisting or an operator and conditions. # An expression.
                &quot;logicalOperator&quot;: &quot;A String&quot;, # The operator to apply to the result of conditions. Default and currently
                    # only supported value is `AND`.
                &quot;conditions&quot;: { # A collection of conditions. # Conditions to apply to the expression.
                  &quot;conditions&quot;: [ # A collection of conditions.
                    { # The field type of `value` and `field` do not need to match to be
                        # considered equal, but not all comparisons are possible.
                        # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types,
                        # but all other comparisons are invalid with incompatible types.
                        # A `value` of type:
                        #
                        # - `string` can be compared against all other types
                        # - `boolean` can only be compared against other booleans
                        # - `integer` can be compared against doubles or a string if the string value
                        # can be parsed as an integer.
                        # - `double` can be compared against integers or a string if the string can
                        # be parsed as a double.
                        # - `Timestamp` can be compared against strings in RFC 3339 date string
                        # format.
                        # - `TimeOfDay` can be compared against timestamps and strings in the format
                        # of &#x27;HH:mm:ss&#x27;.
                        #
                        # If we fail to compare do to type mismatch, a warning will be given and
                        # the condition will evaluate to false.
                      &quot;field&quot;: { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.
                        &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
                      },
                      &quot;operator&quot;: &quot;A String&quot;, # Required. Operator used to compare the field or infoType to the value.
                      &quot;value&quot;: { # Set of primitive values supported by the system. # Value to compare against. [Mandatory, except for `EXISTS` tests.]
                          # Note that for the purposes of inspection or transformation, the number
                          # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                          # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                          # 123456789, the number of bytes would be counted as 9, even though an
                          # int64 only holds up to 8 bytes of data.
                        &quot;booleanValue&quot;: True or False, # boolean
                        &quot;floatValue&quot;: 3.14, # float
                        &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                        &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                        &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                            # and time zone are either specified elsewhere or are not significant. The date
                            # is relative to the Proleptic Gregorian Calendar. This can represent:
                            #
                            # * A full date, with non-zero year, month and day values
                            # * A month and day value, with a zero year, e.g. an anniversary
                            # * A year on its own, with zero month and day values
                            # * A year and month value, with a zero day, e.g. a credit card expiration date
                            #
                            # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                          &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                              # a year.
                          &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                              # month and day.
                          &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                              # if specifying a year by itself or a year and month where the day is not
                              # significant.
                        },
                        &quot;stringValue&quot;: &quot;A String&quot;, # string
                        &quot;integerValue&quot;: &quot;A String&quot;, # integer
                        &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                            # or are specified elsewhere. An API may choose to allow leap seconds. Related
                            # types are google.type.Date and `google.protobuf.Timestamp`.
                          &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                              # allow the value 60 if it allows leap-seconds.
                          &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                          &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                              # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                          &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                        },
                      },
                    },
                  ],
                },
              },
            },
          },
        ],
        &quot;fieldTransformations&quot;: [ # Transform the record by applying various field transformations.
          { # The transformation to apply to the field.
            &quot;fields&quot;: [ # Required. Input field(s) to apply the transformation to.
              { # General identifier of a data field in a storage service.
                &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
              },
            ],
            &quot;infoTypeTransformations&quot;: { # A type of transformation that will scan unstructured text and # Treat the contents of the field as free text, and selectively
                # transform content that matches an `InfoType`.
                # apply various `PrimitiveTransformation`s to each finding, where the
                # transformation is applied to only values that were identified as a specific
                # info_type.
              &quot;transformations&quot;: [ # Required. Transformation for each infoType. Cannot specify more than one
                  # for a given infoType.
                { # A transformation to apply to text that is identified as a specific
                    # info_type.
                  &quot;infoTypes&quot;: [ # InfoTypes to apply the transformation to. An empty list will cause
                      # this transformation to apply to all findings that correspond to
                      # infoTypes that were requested in `InspectConfig`.
                    { # Type of information detected by the API.
                      &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
                          # creating a CustomInfoType, or one of the names listed
                          # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
                          # a built-in type. InfoType names should conform to the pattern
                          # `[a-zA-Z0-9_]{1,64}`.
                    },
                  ],
                  &quot;primitiveTransformation&quot;: { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.
                    &quot;timePartConfig&quot;: { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
                        # portion of the value.
                      &quot;partToExtract&quot;: &quot;A String&quot;, # The part of the time to keep.
                    },
                    &quot;dateShiftConfig&quot;: { # Shifts dates by random number of days, with option to be consistent for the # Date Shift
                        # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
                        # to learn more.
                      &quot;context&quot;: { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id.
                          # If set, must also set cryptoKey. If set, shift will be consistent for the
                          # given context.
                        &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
                      },
                      &quot;upperBoundDays&quot;: 42, # Required. Range of shift in days. Actual shift will be selected at random within this
                          # range (inclusive ends). Negative means shift to earlier in time. Must not
                          # be more than 365250 days (1000 years) each direction.
                          #
                          # For example, 3 means shift date to at most 3 days into the future.
                      &quot;lowerBoundDays&quot;: 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
                      &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
                          # results in the same shift for the same context and crypto_key. If
                          # set, must also set context. Can only be applied to table items.
                          # a key encryption key (KEK) stored by KMS).
                          # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
                          # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
                          # unwrap the data crypto key.
                        &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
                            # The wrapped key must be a 128/192/256 bit key.
                            # Authorization requires the following IAM permissions when sending a request
                            # to perform a crypto transformation using a kms-wrapped crypto key:
                            # dlp.kms.encrypt
                          &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
                          &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
                        },
                        &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
                            # leaking the key. Choose another type of key if possible.
                          &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
                        },
                        &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
                            # It will be discarded after the request finishes.
                          &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
                              # This is an arbitrary string used to differentiate different keys.
                              # A unique key is generated per name: two separate `TransientCryptoKey`
                              # protos share the same generated key if their names are the same.
                              # When the data crypto key is generated, this name is not used in any way
                              # (repeating the api call will result in a different key being generated).
                        },
                      },
                    },
                    &quot;replaceWithInfoTypeConfig&quot;: { # Replace each matching finding with the name of the info_type. # Replace with infotype
                    },
                    &quot;cryptoHashConfig&quot;: { # Pseudonymization method that generates surrogates via cryptographic hashing. # Crypto
                        # Uses SHA-256.
                        # The key size must be either 32 or 64 bytes.
                        # Outputs a base64 encoded representation of the hashed output
                        # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).
                        # Currently, only string and integer values can be hashed.
                        # See https://cloud.google.com/dlp/docs/pseudonymization to learn more.
                      &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function.
                          # a key encryption key (KEK) stored by KMS).
                          # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
                          # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
                          # unwrap the data crypto key.
                        &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
                            # The wrapped key must be a 128/192/256 bit key.
                            # Authorization requires the following IAM permissions when sending a request
                            # to perform a crypto transformation using a kms-wrapped crypto key:
                            # dlp.kms.encrypt
                          &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
                          &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
                        },
                        &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
                            # leaking the key. Choose another type of key if possible.
                          &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
                        },
                        &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
                            # It will be discarded after the request finishes.
                          &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
                              # This is an arbitrary string used to differentiate different keys.
                              # A unique key is generated per name: two separate `TransientCryptoKey`
                              # protos share the same generated key if their names are the same.
                              # When the data crypto key is generated, this name is not used in any way
                              # (repeating the api call will result in a different key being generated).
                        },
                      },
                    },
                    &quot;cryptoReplaceFfxFpeConfig&quot;: { # Replaces an identifier with a surrogate using Format Preserving Encryption # Ffx-Fpe
                        # (FPE) with the FFX mode of operation; however when used in the
                        # `ReidentifyContent` API method, it serves the opposite function by reversing
                        # the surrogate back into the original identifier. The identifier must be
                        # encoded as ASCII. For a given crypto key and context, the same identifier
                        # will be replaced with the same surrogate. Identifiers must be at least two
                        # characters long. In the case that the identifier is the empty string, it will
                        # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn
                        # more.
                        #
                        # Note: We recommend using  CryptoDeterministicConfig for all use cases which
                        # do not require preserving the input alphabet space and size, plus warrant
                        # referential integrity.
                      &quot;customAlphabet&quot;: &quot;A String&quot;, # This is supported by mapping these to the alphanumeric characters
                          # that the FFX mode natively supports. This happens before/after
                          # encryption/decryption.
                          # Each character listed must appear only once.
                          # Number of characters must be in the range [2, 95].
                          # This must be encoded as ASCII.
                          # The order of characters does not matter.
                      &quot;commonAlphabet&quot;: &quot;A String&quot;, # Common alphabets.
                      &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom infoType to annotate the surrogate with.
                          # This annotation will be applied to the surrogate by prefixing it with
                          # the name of the custom infoType followed by the number of
                          # characters comprising the surrogate. The following scheme defines the
                          # format: info_type_name(surrogate_character_count):surrogate
                          #
                          # For example, if the name of custom infoType is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
                          # the surrogate is &#x27;abc&#x27;, the full replacement value
                          # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
                          #
                          # This annotation identifies the surrogate when inspecting content using the
                          # custom infoType
                          # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
                          # This facilitates reversal of the surrogate when it occurs in free text.
                          #
                          # In order for inspection to work properly, the name of this infoType must
                          # not occur naturally anywhere in your data; otherwise, inspection may
                          # find a surrogate that does not correspond to an actual identifier.
                          # Therefore, choose your custom infoType name carefully after considering
                          # what your data looks like. One way to select a name that has a high chance
                          # of yielding reliable detection is to include one or more unicode characters
                          # that are highly improbable to exist in your data.
                          # For example, assuming your data is entered from a regular ASCII keyboard,
                          # the symbol with the hex code point 29DD might be used like so:
                          # ⧝MY_TOKEN_TYPE
                        &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
                            # creating a CustomInfoType, or one of the names listed
                            # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
                            # a built-in type. InfoType names should conform to the pattern
                            # `[a-zA-Z0-9_]{1,64}`.
                      },
                      &quot;context&quot;: { # General identifier of a data field in a storage service. # The &#x27;tweak&#x27;, a context may be used for higher security since the same
                          # identifier in two different contexts won&#x27;t be given the same surrogate. If
                          # the context is not set, a default tweak will be used.
                          #
                          # If the context is set but:
                          #
                          # 1. there is no record present when transforming a given value or
                          # 1. the field is not present when transforming a given value,
                          #
                          # a default tweak will be used.
                          #
                          # Note that case (1) is expected when an `InfoTypeTransformation` is
                          # applied to both structured and non-structured `ContentItem`s.
                          # Currently, the referenced field may be of value type integer or string.
                          #
                          # The tweak is constructed as a sequence of bytes in big endian byte order
                          # such that:
                          #
                          # - a 64 bit integer is encoded followed by a single byte of value 1
                          # - a string is encoded in UTF-8 format followed by a single byte of value 2
                        &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
                      },
                      &quot;radix&quot;: 42, # The native way to select the alphabet. Must be in the range [2, 95].
                      &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Required. The key used by the encryption algorithm.
                          # a key encryption key (KEK) stored by KMS).
                          # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
                          # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
                          # unwrap the data crypto key.
                        &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
                            # The wrapped key must be a 128/192/256 bit key.
                            # Authorization requires the following IAM permissions when sending a request
                            # to perform a crypto transformation using a kms-wrapped crypto key:
                            # dlp.kms.encrypt
                          &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
                          &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
                        },
                        &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
                            # leaking the key. Choose another type of key if possible.
                          &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
                        },
                        &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
                            # It will be discarded after the request finishes.
                          &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
                              # This is an arbitrary string used to differentiate different keys.
                              # A unique key is generated per name: two separate `TransientCryptoKey`
                              # protos share the same generated key if their names are the same.
                              # When the data crypto key is generated, this name is not used in any way
                              # (repeating the api call will result in a different key being generated).
                        },
                      },
                    },
                    &quot;cryptoDeterministicConfig&quot;: { # Pseudonymization method that generates deterministic encryption for the given # Deterministic Crypto
                        # input. Outputs a base64 encoded representation of the encrypted output.
                        # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
                      &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
                          # This annotation will be applied to the surrogate by prefixing it with
                          # the name of the custom info type followed by the number of
                          # characters comprising the surrogate. The following scheme defines the
                          # format: {info type name}({surrogate character count}):{surrogate}
                          #
                          # For example, if the name of custom info type is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
                          # the surrogate is &#x27;abc&#x27;, the full replacement value
                          # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
                          #
                          # This annotation identifies the surrogate when inspecting content using the
                          # custom info type &#x27;Surrogate&#x27;. This facilitates reversal of the
                          # surrogate when it occurs in free text.
                          #
                          # Note: For record transformations where the entire cell in a table is being
                          # transformed, surrogates are not mandatory. Surrogates are used to denote
                          # the location of the token and are necessary for re-identification in free
                          # form text.
                          #
                          # In order for inspection to work properly, the name of this info type must
                          # not occur naturally anywhere in your data; otherwise, inspection may either
                          #
                          # - reverse a surrogate that does not correspond to an actual identifier
                          # - be unable to parse the surrogate and result in an error
                          #
                          # Therefore, choose your custom info type name carefully after considering
                          # what your data looks like. One way to select a name that has a high chance
                          # of yielding reliable detection is to include one or more unicode characters
                          # that are highly improbable to exist in your data.
                          # For example, assuming your data is entered from a regular ASCII keyboard,
                          # the symbol with the hex code point 29DD might be used like so:
                          # ⧝MY_TOKEN_TYPE.
                        &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
                            # creating a CustomInfoType, or one of the names listed
                            # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
                            # a built-in type. InfoType names should conform to the pattern
                            # `[a-zA-Z0-9_]{1,64}`.
                      },
                      &quot;context&quot;: { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
                          # referential integrity such that the same identifier in two different
                          # contexts will be given a distinct surrogate. The context is appended to
                          # plaintext value being encrypted. On decryption the provided context is
                          # validated against the value used during encryption. If a context was
                          # provided during encryption, same context must be provided during decryption
                          # as well.
                          #
                          # If the context is not set, plaintext would be used as is for encryption.
                          # If the context is set but:
                          #
                          # 1. there is no record present when transforming a given value or
                          # 2. the field is not present when transforming a given value,
                          #
                          # plaintext would be used as is for encryption.
                          #
                          # Note that case (1) is expected when an `InfoTypeTransformation` is
                          # applied to both structured and non-structured `ContentItem`s.
                        &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
                      },
                      &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
                          # a key encryption key (KEK) stored by KMS).
                          # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
                          # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
                          # unwrap the data crypto key.
                        &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
                            # The wrapped key must be a 128/192/256 bit key.
                            # Authorization requires the following IAM permissions when sending a request
                            # to perform a crypto transformation using a kms-wrapped crypto key:
                            # dlp.kms.encrypt
                          &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
                          &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
                        },
                        &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
                            # leaking the key. Choose another type of key if possible.
                          &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
                        },
                        &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
                            # It will be discarded after the request finishes.
                          &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
                              # This is an arbitrary string used to differentiate different keys.
                              # A unique key is generated per name: two separate `TransientCryptoKey`
                              # protos share the same generated key if their names are the same.
                              # When the data crypto key is generated, this name is not used in any way
                              # (repeating the api call will result in a different key being generated).
                        },
                      },
                    },
                    &quot;redactConfig&quot;: { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
                        # transforming PHONE_NUMBER, and input &#x27;My phone number is 206-555-0123&#x27;, the
                        # output would be &#x27;My phone number is &#x27;.
                    },
                    &quot;bucketingConfig&quot;: { # Generalization function that buckets values based on ranges. The ranges and # Bucketing
                        # replacement values are dynamically provided by the user for custom behavior,
                        # such as 1-30 -&gt; LOW 31-65 -&gt; MEDIUM 66-100 -&gt; HIGH
                        # This can be used on
                        # data of type: number, long, string, timestamp.
                        # If the bound `Value` type differs from the type of data being transformed, we
                        # will first attempt converting the type of the data to be transformed to match
                        # the type of the bound before comparing.
                        # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
                      &quot;buckets&quot;: [ # Set of buckets. Ranges must be non-overlapping.
                        { # Bucket is represented as a range, along with replacement values.
                          &quot;min&quot;: { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
                              # used.
                              # Note that for the purposes of inspection or transformation, the number
                              # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                              # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                              # 123456789, the number of bytes would be counted as 9, even though an
                              # int64 only holds up to 8 bytes of data.
                            &quot;booleanValue&quot;: True or False, # boolean
                            &quot;floatValue&quot;: 3.14, # float
                            &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                            &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                            &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                                # and time zone are either specified elsewhere or are not significant. The date
                                # is relative to the Proleptic Gregorian Calendar. This can represent:
                                #
                                # * A full date, with non-zero year, month and day values
                                # * A month and day value, with a zero year, e.g. an anniversary
                                # * A year on its own, with zero month and day values
                                # * A year and month value, with a zero day, e.g. a credit card expiration date
                                #
                                # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                              &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                                  # a year.
                              &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                                  # month and day.
                              &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                                  # if specifying a year by itself or a year and month where the day is not
                                  # significant.
                            },
                            &quot;stringValue&quot;: &quot;A String&quot;, # string
                            &quot;integerValue&quot;: &quot;A String&quot;, # integer
                            &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                                # or are specified elsewhere. An API may choose to allow leap seconds. Related
                                # types are google.type.Date and `google.protobuf.Timestamp`.
                              &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                                  # allow the value 60 if it allows leap-seconds.
                              &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                              &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                                  # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                              &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                            },
                          },
                          &quot;max&quot;: { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
                              # Note that for the purposes of inspection or transformation, the number
                              # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                              # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                              # 123456789, the number of bytes would be counted as 9, even though an
                              # int64 only holds up to 8 bytes of data.
                            &quot;booleanValue&quot;: True or False, # boolean
                            &quot;floatValue&quot;: 3.14, # float
                            &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                            &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                            &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                                # and time zone are either specified elsewhere or are not significant. The date
                                # is relative to the Proleptic Gregorian Calendar. This can represent:
                                #
                                # * A full date, with non-zero year, month and day values
                                # * A month and day value, with a zero year, e.g. an anniversary
                                # * A year on its own, with zero month and day values
                                # * A year and month value, with a zero day, e.g. a credit card expiration date
                                #
                                # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                              &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                                  # a year.
                              &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                                  # month and day.
                              &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                                  # if specifying a year by itself or a year and month where the day is not
                                  # significant.
                            },
                            &quot;stringValue&quot;: &quot;A String&quot;, # string
                            &quot;integerValue&quot;: &quot;A String&quot;, # integer
                            &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                                # or are specified elsewhere. An API may choose to allow leap seconds. Related
                                # types are google.type.Date and `google.protobuf.Timestamp`.
                              &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                                  # allow the value 60 if it allows leap-seconds.
                              &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                              &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                                  # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                              &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                            },
                          },
                          &quot;replacementValue&quot;: { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
                              # the default behavior will be to hyphenate the min-max range.
                              # Note that for the purposes of inspection or transformation, the number
                              # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                              # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                              # 123456789, the number of bytes would be counted as 9, even though an
                              # int64 only holds up to 8 bytes of data.
                            &quot;booleanValue&quot;: True or False, # boolean
                            &quot;floatValue&quot;: 3.14, # float
                            &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                            &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                            &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                                # and time zone are either specified elsewhere or are not significant. The date
                                # is relative to the Proleptic Gregorian Calendar. This can represent:
                                #
                                # * A full date, with non-zero year, month and day values
                                # * A month and day value, with a zero year, e.g. an anniversary
                                # * A year on its own, with zero month and day values
                                # * A year and month value, with a zero day, e.g. a credit card expiration date
                                #
                                # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                              &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                                  # a year.
                              &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                                  # month and day.
                              &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                                  # if specifying a year by itself or a year and month where the day is not
                                  # significant.
                            },
                            &quot;stringValue&quot;: &quot;A String&quot;, # string
                            &quot;integerValue&quot;: &quot;A String&quot;, # integer
                            &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                                # or are specified elsewhere. An API may choose to allow leap seconds. Related
                                # types are google.type.Date and `google.protobuf.Timestamp`.
                              &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                                  # allow the value 60 if it allows leap-seconds.
                              &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                              &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                                  # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                              &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                            },
                          },
                        },
                      ],
                    },
                    &quot;replaceConfig&quot;: { # Replace each input value with a given `Value`. # Replace
                      &quot;newValue&quot;: { # Set of primitive values supported by the system. # Value to replace it with.
                          # Note that for the purposes of inspection or transformation, the number
                          # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                          # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                          # 123456789, the number of bytes would be counted as 9, even though an
                          # int64 only holds up to 8 bytes of data.
                        &quot;booleanValue&quot;: True or False, # boolean
                        &quot;floatValue&quot;: 3.14, # float
                        &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                        &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                        &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                            # and time zone are either specified elsewhere or are not significant. The date
                            # is relative to the Proleptic Gregorian Calendar. This can represent:
                            #
                            # * A full date, with non-zero year, month and day values
                            # * A month and day value, with a zero year, e.g. an anniversary
                            # * A year on its own, with zero month and day values
                            # * A year and month value, with a zero day, e.g. a credit card expiration date
                            #
                            # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                          &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                              # a year.
                          &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                              # month and day.
                          &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                              # if specifying a year by itself or a year and month where the day is not
                              # significant.
                        },
                        &quot;stringValue&quot;: &quot;A String&quot;, # string
                        &quot;integerValue&quot;: &quot;A String&quot;, # integer
                        &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                            # or are specified elsewhere. An API may choose to allow leap seconds. Related
                            # types are google.type.Date and `google.protobuf.Timestamp`.
                          &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                              # allow the value 60 if it allows leap-seconds.
                          &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                          &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                              # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                          &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                        },
                      },
                    },
                    &quot;characterMaskConfig&quot;: { # Partially mask a string by replacing a given number of characters with a # Mask
                        # fixed character. Masking can start from the beginning or end of the string.
                        # This can be used on data of any type (numbers, longs, and so on) and when
                        # de-identifying structured data we&#x27;ll attempt to preserve the original data&#x27;s
                        # type. (This allows you to take a long like 123 and modify it to a string like
                        # **3.
                      &quot;reverseOrder&quot;: True or False, # Mask characters in reverse order. For example, if `masking_character` is
                          # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
                          # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
                          # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
                          # is `true`, then the string `12345` is masked as `12***`.
                      &quot;charactersToIgnore&quot;: [ # When masking a string, items in this list will be skipped when replacing
                          # characters. For example, if the input string is `555-555-5555` and you
                          # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
                          # returns `***-**5-5555`.
                        { # Characters to skip when doing deidentification of a value. These will be left
                            # alone and skipped.
                          &quot;charactersToSkip&quot;: &quot;A String&quot;, # Characters to not transform when masking.
                          &quot;commonCharactersToIgnore&quot;: &quot;A String&quot;, # Common characters to not transform when masking. Useful to avoid removing
                              # punctuation.
                        },
                      ],
                      &quot;numberToMask&quot;: 42, # Number of characters to mask. If not set, all matching chars will be
                          # masked. Skipped characters do not count towards this tally.
                      &quot;maskingCharacter&quot;: &quot;A String&quot;, # Character to use to mask the sensitive values&amp;mdash;for example, `*` for an
                          # alphabetic string such as a name, or `0` for a numeric string such as ZIP
                          # code or credit card number. This string must have a length of 1. If not
                          # supplied, this value defaults to `*` for strings, and `0` for digits.
                    },
                    &quot;fixedSizeBucketingConfig&quot;: { # Buckets values based on fixed size ranges. The # Fixed size bucketing
                        # Bucketing transformation can provide all of this functionality,
                        # but requires more configuration. This message is provided as a convenience to
                        # the user for simple bucketing strategies.
                        #
                        # The transformed value will be a hyphenated string of
                        # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
                        # all values that are within this bucket will be replaced with &quot;10-20&quot;.
                        #
                        # This can be used on data of type: double, long.
                        #
                        # If the bound Value type differs from the type of data
                        # being transformed, we will first attempt converting the type of the data to
                        # be transformed to match the type of the bound before comparing.
                        #
                        # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
                      &quot;lowerBound&quot;: { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
                          # grouped together into a single bucket; for example if `lower_bound` = 10,
                          # then all values less than 10 are replaced with the value &quot;-10&quot;.
                          # Note that for the purposes of inspection or transformation, the number
                          # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                          # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                          # 123456789, the number of bytes would be counted as 9, even though an
                          # int64 only holds up to 8 bytes of data.
                        &quot;booleanValue&quot;: True or False, # boolean
                        &quot;floatValue&quot;: 3.14, # float
                        &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                        &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                        &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                            # and time zone are either specified elsewhere or are not significant. The date
                            # is relative to the Proleptic Gregorian Calendar. This can represent:
                            #
                            # * A full date, with non-zero year, month and day values
                            # * A month and day value, with a zero year, e.g. an anniversary
                            # * A year on its own, with zero month and day values
                            # * A year and month value, with a zero day, e.g. a credit card expiration date
                            #
                            # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                          &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                              # a year.
                          &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                              # month and day.
                          &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                              # if specifying a year by itself or a year and month where the day is not
                              # significant.
                        },
                        &quot;stringValue&quot;: &quot;A String&quot;, # string
                        &quot;integerValue&quot;: &quot;A String&quot;, # integer
                        &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                            # or are specified elsewhere. An API may choose to allow leap seconds. Related
                            # types are google.type.Date and `google.protobuf.Timestamp`.
                          &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                              # allow the value 60 if it allows leap-seconds.
                          &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                          &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                              # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                          &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                        },
                      },
                      &quot;upperBound&quot;: { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
                          # grouped together into a single bucket; for example if `upper_bound` = 89,
                          # then all values greater than 89 are replaced with the value &quot;89+&quot;.
                          # Note that for the purposes of inspection or transformation, the number
                          # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                          # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                          # 123456789, the number of bytes would be counted as 9, even though an
                          # int64 only holds up to 8 bytes of data.
                        &quot;booleanValue&quot;: True or False, # boolean
                        &quot;floatValue&quot;: 3.14, # float
                        &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                        &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                        &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                            # and time zone are either specified elsewhere or are not significant. The date
                            # is relative to the Proleptic Gregorian Calendar. This can represent:
                            #
                            # * A full date, with non-zero year, month and day values
                            # * A month and day value, with a zero year, e.g. an anniversary
                            # * A year on its own, with zero month and day values
                            # * A year and month value, with a zero day, e.g. a credit card expiration date
                            #
                            # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                          &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                              # a year.
                          &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                              # month and day.
                          &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                              # if specifying a year by itself or a year and month where the day is not
                              # significant.
                        },
                        &quot;stringValue&quot;: &quot;A String&quot;, # string
                        &quot;integerValue&quot;: &quot;A String&quot;, # integer
                        &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                            # or are specified elsewhere. An API may choose to allow leap seconds. Related
                            # types are google.type.Date and `google.protobuf.Timestamp`.
                          &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                              # allow the value 60 if it allows leap-seconds.
                          &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                          &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                              # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                          &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                        },
                      },
                      &quot;bucketSize&quot;: 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
                          # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
                          # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
                          # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
                    },
                  },
                },
              ],
            },
            &quot;primitiveTransformation&quot;: { # A rule for transforming a value. # Apply the transformation to the entire field.
              &quot;timePartConfig&quot;: { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
                  # portion of the value.
                &quot;partToExtract&quot;: &quot;A String&quot;, # The part of the time to keep.
              },
              &quot;dateShiftConfig&quot;: { # Shifts dates by random number of days, with option to be consistent for the # Date Shift
                  # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
                  # to learn more.
                &quot;context&quot;: { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id.
                    # If set, must also set cryptoKey. If set, shift will be consistent for the
                    # given context.
                  &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
                },
                &quot;upperBoundDays&quot;: 42, # Required. Range of shift in days. Actual shift will be selected at random within this
                    # range (inclusive ends). Negative means shift to earlier in time. Must not
                    # be more than 365250 days (1000 years) each direction.
                    #
                    # For example, 3 means shift date to at most 3 days into the future.
                &quot;lowerBoundDays&quot;: 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
                &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
                    # results in the same shift for the same context and crypto_key. If
                    # set, must also set context. Can only be applied to table items.
                    # a key encryption key (KEK) stored by KMS).
                    # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
                    # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
                    # unwrap the data crypto key.
                  &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
                      # The wrapped key must be a 128/192/256 bit key.
                      # Authorization requires the following IAM permissions when sending a request
                      # to perform a crypto transformation using a kms-wrapped crypto key:
                      # dlp.kms.encrypt
                    &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
                    &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
                  },
                  &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
                      # leaking the key. Choose another type of key if possible.
                    &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
                  },
                  &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
                      # It will be discarded after the request finishes.
                    &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
                        # This is an arbitrary string used to differentiate different keys.
                        # A unique key is generated per name: two separate `TransientCryptoKey`
                        # protos share the same generated key if their names are the same.
                        # When the data crypto key is generated, this name is not used in any way
                        # (repeating the api call will result in a different key being generated).
                  },
                },
              },
              &quot;replaceWithInfoTypeConfig&quot;: { # Replace each matching finding with the name of the info_type. # Replace with infotype
              },
              &quot;cryptoHashConfig&quot;: { # Pseudonymization method that generates surrogates via cryptographic hashing. # Crypto
                  # Uses SHA-256.
                  # The key size must be either 32 or 64 bytes.
                  # Outputs a base64 encoded representation of the hashed output
                  # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).
                  # Currently, only string and integer values can be hashed.
                  # See https://cloud.google.com/dlp/docs/pseudonymization to learn more.
                &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function.
                    # a key encryption key (KEK) stored by KMS).
                    # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
                    # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
                    # unwrap the data crypto key.
                  &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
                      # The wrapped key must be a 128/192/256 bit key.
                      # Authorization requires the following IAM permissions when sending a request
                      # to perform a crypto transformation using a kms-wrapped crypto key:
                      # dlp.kms.encrypt
                    &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
                    &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
                  },
                  &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
                      # leaking the key. Choose another type of key if possible.
                    &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
                  },
                  &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
                      # It will be discarded after the request finishes.
                    &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
                        # This is an arbitrary string used to differentiate different keys.
                        # A unique key is generated per name: two separate `TransientCryptoKey`
                        # protos share the same generated key if their names are the same.
                        # When the data crypto key is generated, this name is not used in any way
                        # (repeating the api call will result in a different key being generated).
                  },
                },
              },
              &quot;cryptoReplaceFfxFpeConfig&quot;: { # Replaces an identifier with a surrogate using Format Preserving Encryption # Ffx-Fpe
                  # (FPE) with the FFX mode of operation; however when used in the
                  # `ReidentifyContent` API method, it serves the opposite function by reversing
                  # the surrogate back into the original identifier. The identifier must be
                  # encoded as ASCII. For a given crypto key and context, the same identifier
                  # will be replaced with the same surrogate. Identifiers must be at least two
                  # characters long. In the case that the identifier is the empty string, it will
                  # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn
                  # more.
                  #
                  # Note: We recommend using  CryptoDeterministicConfig for all use cases which
                  # do not require preserving the input alphabet space and size, plus warrant
                  # referential integrity.
                &quot;customAlphabet&quot;: &quot;A String&quot;, # This is supported by mapping these to the alphanumeric characters
                    # that the FFX mode natively supports. This happens before/after
                    # encryption/decryption.
                    # Each character listed must appear only once.
                    # Number of characters must be in the range [2, 95].
                    # This must be encoded as ASCII.
                    # The order of characters does not matter.
                &quot;commonAlphabet&quot;: &quot;A String&quot;, # Common alphabets.
                &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom infoType to annotate the surrogate with.
                    # This annotation will be applied to the surrogate by prefixing it with
                    # the name of the custom infoType followed by the number of
                    # characters comprising the surrogate. The following scheme defines the
                    # format: info_type_name(surrogate_character_count):surrogate
                    #
                    # For example, if the name of custom infoType is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
                    # the surrogate is &#x27;abc&#x27;, the full replacement value
                    # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
                    #
                    # This annotation identifies the surrogate when inspecting content using the
                    # custom infoType
                    # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
                    # This facilitates reversal of the surrogate when it occurs in free text.
                    #
                    # In order for inspection to work properly, the name of this infoType must
                    # not occur naturally anywhere in your data; otherwise, inspection may
                    # find a surrogate that does not correspond to an actual identifier.
                    # Therefore, choose your custom infoType name carefully after considering
                    # what your data looks like. One way to select a name that has a high chance
                    # of yielding reliable detection is to include one or more unicode characters
                    # that are highly improbable to exist in your data.
                    # For example, assuming your data is entered from a regular ASCII keyboard,
                    # the symbol with the hex code point 29DD might be used like so:
                    # ⧝MY_TOKEN_TYPE
                  &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
                      # creating a CustomInfoType, or one of the names listed
                      # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
                      # a built-in type. InfoType names should conform to the pattern
                      # `[a-zA-Z0-9_]{1,64}`.
                },
                &quot;context&quot;: { # General identifier of a data field in a storage service. # The &#x27;tweak&#x27;, a context may be used for higher security since the same
                    # identifier in two different contexts won&#x27;t be given the same surrogate. If
                    # the context is not set, a default tweak will be used.
                    #
                    # If the context is set but:
                    #
                    # 1. there is no record present when transforming a given value or
                    # 1. the field is not present when transforming a given value,
                    #
                    # a default tweak will be used.
                    #
                    # Note that case (1) is expected when an `InfoTypeTransformation` is
                    # applied to both structured and non-structured `ContentItem`s.
                    # Currently, the referenced field may be of value type integer or string.
                    #
                    # The tweak is constructed as a sequence of bytes in big endian byte order
                    # such that:
                    #
                    # - a 64 bit integer is encoded followed by a single byte of value 1
                    # - a string is encoded in UTF-8 format followed by a single byte of value 2
                  &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
                },
                &quot;radix&quot;: 42, # The native way to select the alphabet. Must be in the range [2, 95].
                &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Required. The key used by the encryption algorithm.
                    # a key encryption key (KEK) stored by KMS).
                    # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
                    # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
                    # unwrap the data crypto key.
                  &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
                      # The wrapped key must be a 128/192/256 bit key.
                      # Authorization requires the following IAM permissions when sending a request
                      # to perform a crypto transformation using a kms-wrapped crypto key:
                      # dlp.kms.encrypt
                    &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
                    &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
                  },
                  &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
                      # leaking the key. Choose another type of key if possible.
                    &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
                  },
                  &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
                      # It will be discarded after the request finishes.
                    &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
                        # This is an arbitrary string used to differentiate different keys.
                        # A unique key is generated per name: two separate `TransientCryptoKey`
                        # protos share the same generated key if their names are the same.
                        # When the data crypto key is generated, this name is not used in any way
                        # (repeating the api call will result in a different key being generated).
                  },
                },
              },
              &quot;cryptoDeterministicConfig&quot;: { # Pseudonymization method that generates deterministic encryption for the given # Deterministic Crypto
                  # input. Outputs a base64 encoded representation of the encrypted output.
                  # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
                &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
                    # This annotation will be applied to the surrogate by prefixing it with
                    # the name of the custom info type followed by the number of
                    # characters comprising the surrogate. The following scheme defines the
                    # format: {info type name}({surrogate character count}):{surrogate}
                    #
                    # For example, if the name of custom info type is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
                    # the surrogate is &#x27;abc&#x27;, the full replacement value
                    # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
                    #
                    # This annotation identifies the surrogate when inspecting content using the
                    # custom info type &#x27;Surrogate&#x27;. This facilitates reversal of the
                    # surrogate when it occurs in free text.
                    #
                    # Note: For record transformations where the entire cell in a table is being
                    # transformed, surrogates are not mandatory. Surrogates are used to denote
                    # the location of the token and are necessary for re-identification in free
                    # form text.
                    #
                    # In order for inspection to work properly, the name of this info type must
                    # not occur naturally anywhere in your data; otherwise, inspection may either
                    #
                    # - reverse a surrogate that does not correspond to an actual identifier
                    # - be unable to parse the surrogate and result in an error
                    #
                    # Therefore, choose your custom info type name carefully after considering
                    # what your data looks like. One way to select a name that has a high chance
                    # of yielding reliable detection is to include one or more unicode characters
                    # that are highly improbable to exist in your data.
                    # For example, assuming your data is entered from a regular ASCII keyboard,
                    # the symbol with the hex code point 29DD might be used like so:
                    # ⧝MY_TOKEN_TYPE.
                  &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
                      # creating a CustomInfoType, or one of the names listed
                      # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
                      # a built-in type. InfoType names should conform to the pattern
                      # `[a-zA-Z0-9_]{1,64}`.
                },
                &quot;context&quot;: { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
                    # referential integrity such that the same identifier in two different
                    # contexts will be given a distinct surrogate. The context is appended to
                    # plaintext value being encrypted. On decryption the provided context is
                    # validated against the value used during encryption. If a context was
                    # provided during encryption, same context must be provided during decryption
                    # as well.
                    #
                    # If the context is not set, plaintext would be used as is for encryption.
                    # If the context is set but:
                    #
                    # 1. there is no record present when transforming a given value or
                    # 2. the field is not present when transforming a given value,
                    #
                    # plaintext would be used as is for encryption.
                    #
                    # Note that case (1) is expected when an `InfoTypeTransformation` is
                    # applied to both structured and non-structured `ContentItem`s.
                  &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
                },
                &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
                    # a key encryption key (KEK) stored by KMS).
                    # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
                    # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
                    # unwrap the data crypto key.
                  &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
                      # The wrapped key must be a 128/192/256 bit key.
                      # Authorization requires the following IAM permissions when sending a request
                      # to perform a crypto transformation using a kms-wrapped crypto key:
                      # dlp.kms.encrypt
                    &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
                    &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
                  },
                  &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
                      # leaking the key. Choose another type of key if possible.
                    &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
                  },
                  &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
                      # It will be discarded after the request finishes.
                    &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
                        # This is an arbitrary string used to differentiate different keys.
                        # A unique key is generated per name: two separate `TransientCryptoKey`
                        # protos share the same generated key if their names are the same.
                        # When the data crypto key is generated, this name is not used in any way
                        # (repeating the api call will result in a different key being generated).
                  },
                },
              },
              &quot;redactConfig&quot;: { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
                  # transforming PHONE_NUMBER, and input &#x27;My phone number is 206-555-0123&#x27;, the
                  # output would be &#x27;My phone number is &#x27;.
              },
              &quot;bucketingConfig&quot;: { # Generalization function that buckets values based on ranges. The ranges and # Bucketing
                  # replacement values are dynamically provided by the user for custom behavior,
                  # such as 1-30 -&gt; LOW 31-65 -&gt; MEDIUM 66-100 -&gt; HIGH
                  # This can be used on
                  # data of type: number, long, string, timestamp.
                  # If the bound `Value` type differs from the type of data being transformed, we
                  # will first attempt converting the type of the data to be transformed to match
                  # the type of the bound before comparing.
                  # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
                &quot;buckets&quot;: [ # Set of buckets. Ranges must be non-overlapping.
                  { # Bucket is represented as a range, along with replacement values.
                    &quot;min&quot;: { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
                        # used.
                        # Note that for the purposes of inspection or transformation, the number
                        # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                        # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                        # 123456789, the number of bytes would be counted as 9, even though an
                        # int64 only holds up to 8 bytes of data.
                      &quot;booleanValue&quot;: True or False, # boolean
                      &quot;floatValue&quot;: 3.14, # float
                      &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                      &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                      &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                          # and time zone are either specified elsewhere or are not significant. The date
                          # is relative to the Proleptic Gregorian Calendar. This can represent:
                          #
                          # * A full date, with non-zero year, month and day values
                          # * A month and day value, with a zero year, e.g. an anniversary
                          # * A year on its own, with zero month and day values
                          # * A year and month value, with a zero day, e.g. a credit card expiration date
                          #
                          # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                        &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                            # a year.
                        &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                            # month and day.
                        &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                            # if specifying a year by itself or a year and month where the day is not
                            # significant.
                      },
                      &quot;stringValue&quot;: &quot;A String&quot;, # string
                      &quot;integerValue&quot;: &quot;A String&quot;, # integer
                      &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                          # or are specified elsewhere. An API may choose to allow leap seconds. Related
                          # types are google.type.Date and `google.protobuf.Timestamp`.
                        &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                            # allow the value 60 if it allows leap-seconds.
                        &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                        &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                            # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                        &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                      },
                    },
                    &quot;max&quot;: { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
                        # Note that for the purposes of inspection or transformation, the number
                        # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                        # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                        # 123456789, the number of bytes would be counted as 9, even though an
                        # int64 only holds up to 8 bytes of data.
                      &quot;booleanValue&quot;: True or False, # boolean
                      &quot;floatValue&quot;: 3.14, # float
                      &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                      &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                      &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                          # and time zone are either specified elsewhere or are not significant. The date
                          # is relative to the Proleptic Gregorian Calendar. This can represent:
                          #
                          # * A full date, with non-zero year, month and day values
                          # * A month and day value, with a zero year, e.g. an anniversary
                          # * A year on its own, with zero month and day values
                          # * A year and month value, with a zero day, e.g. a credit card expiration date
                          #
                          # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                        &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                            # a year.
                        &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                            # month and day.
                        &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                            # if specifying a year by itself or a year and month where the day is not
                            # significant.
                      },
                      &quot;stringValue&quot;: &quot;A String&quot;, # string
                      &quot;integerValue&quot;: &quot;A String&quot;, # integer
                      &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                          # or are specified elsewhere. An API may choose to allow leap seconds. Related
                          # types are google.type.Date and `google.protobuf.Timestamp`.
                        &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                            # allow the value 60 if it allows leap-seconds.
                        &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                        &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                            # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                        &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                      },
                    },
                    &quot;replacementValue&quot;: { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
                        # the default behavior will be to hyphenate the min-max range.
                        # Note that for the purposes of inspection or transformation, the number
                        # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                        # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                        # 123456789, the number of bytes would be counted as 9, even though an
                        # int64 only holds up to 8 bytes of data.
                      &quot;booleanValue&quot;: True or False, # boolean
                      &quot;floatValue&quot;: 3.14, # float
                      &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                      &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                      &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                          # and time zone are either specified elsewhere or are not significant. The date
                          # is relative to the Proleptic Gregorian Calendar. This can represent:
                          #
                          # * A full date, with non-zero year, month and day values
                          # * A month and day value, with a zero year, e.g. an anniversary
                          # * A year on its own, with zero month and day values
                          # * A year and month value, with a zero day, e.g. a credit card expiration date
                          #
                          # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                        &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                            # a year.
                        &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                            # month and day.
                        &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                            # if specifying a year by itself or a year and month where the day is not
                            # significant.
                      },
                      &quot;stringValue&quot;: &quot;A String&quot;, # string
                      &quot;integerValue&quot;: &quot;A String&quot;, # integer
                      &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                          # or are specified elsewhere. An API may choose to allow leap seconds. Related
                          # types are google.type.Date and `google.protobuf.Timestamp`.
                        &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                            # allow the value 60 if it allows leap-seconds.
                        &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                        &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                            # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                        &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                      },
                    },
                  },
                ],
              },
              &quot;replaceConfig&quot;: { # Replace each input value with a given `Value`. # Replace
                &quot;newValue&quot;: { # Set of primitive values supported by the system. # Value to replace it with.
                    # Note that for the purposes of inspection or transformation, the number
                    # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                    # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                    # 123456789, the number of bytes would be counted as 9, even though an
                    # int64 only holds up to 8 bytes of data.
                  &quot;booleanValue&quot;: True or False, # boolean
                  &quot;floatValue&quot;: 3.14, # float
                  &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                  &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                  &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                      # and time zone are either specified elsewhere or are not significant. The date
                      # is relative to the Proleptic Gregorian Calendar. This can represent:
                      #
                      # * A full date, with non-zero year, month and day values
                      # * A month and day value, with a zero year, e.g. an anniversary
                      # * A year on its own, with zero month and day values
                      # * A year and month value, with a zero day, e.g. a credit card expiration date
                      #
                      # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                    &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                        # a year.
                    &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                        # month and day.
                    &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                        # if specifying a year by itself or a year and month where the day is not
                        # significant.
                  },
                  &quot;stringValue&quot;: &quot;A String&quot;, # string
                  &quot;integerValue&quot;: &quot;A String&quot;, # integer
                  &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                      # or are specified elsewhere. An API may choose to allow leap seconds. Related
                      # types are google.type.Date and `google.protobuf.Timestamp`.
                    &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                        # allow the value 60 if it allows leap-seconds.
                    &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                    &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                        # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                    &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                  },
                },
              },
              &quot;characterMaskConfig&quot;: { # Partially mask a string by replacing a given number of characters with a # Mask
                  # fixed character. Masking can start from the beginning or end of the string.
                  # This can be used on data of any type (numbers, longs, and so on) and when
                  # de-identifying structured data we&#x27;ll attempt to preserve the original data&#x27;s
                  # type. (This allows you to take a long like 123 and modify it to a string like
                  # **3.
                &quot;reverseOrder&quot;: True or False, # Mask characters in reverse order. For example, if `masking_character` is
                    # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
                    # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
                    # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
                    # is `true`, then the string `12345` is masked as `12***`.
                &quot;charactersToIgnore&quot;: [ # When masking a string, items in this list will be skipped when replacing
                    # characters. For example, if the input string is `555-555-5555` and you
                    # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
                    # returns `***-**5-5555`.
                  { # Characters to skip when doing deidentification of a value. These will be left
                      # alone and skipped.
                    &quot;charactersToSkip&quot;: &quot;A String&quot;, # Characters to not transform when masking.
                    &quot;commonCharactersToIgnore&quot;: &quot;A String&quot;, # Common characters to not transform when masking. Useful to avoid removing
                        # punctuation.
                  },
                ],
                &quot;numberToMask&quot;: 42, # Number of characters to mask. If not set, all matching chars will be
                    # masked. Skipped characters do not count towards this tally.
                &quot;maskingCharacter&quot;: &quot;A String&quot;, # Character to use to mask the sensitive values&amp;mdash;for example, `*` for an
                    # alphabetic string such as a name, or `0` for a numeric string such as ZIP
                    # code or credit card number. This string must have a length of 1. If not
                    # supplied, this value defaults to `*` for strings, and `0` for digits.
              },
              &quot;fixedSizeBucketingConfig&quot;: { # Buckets values based on fixed size ranges. The # Fixed size bucketing
                  # Bucketing transformation can provide all of this functionality,
                  # but requires more configuration. This message is provided as a convenience to
                  # the user for simple bucketing strategies.
                  #
                  # The transformed value will be a hyphenated string of
                  # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
                  # all values that are within this bucket will be replaced with &quot;10-20&quot;.
                  #
                  # This can be used on data of type: double, long.
                  #
                  # If the bound Value type differs from the type of data
                  # being transformed, we will first attempt converting the type of the data to
                  # be transformed to match the type of the bound before comparing.
                  #
                  # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
                &quot;lowerBound&quot;: { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
                    # grouped together into a single bucket; for example if `lower_bound` = 10,
                    # then all values less than 10 are replaced with the value &quot;-10&quot;.
                    # Note that for the purposes of inspection or transformation, the number
                    # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                    # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                    # 123456789, the number of bytes would be counted as 9, even though an
                    # int64 only holds up to 8 bytes of data.
                  &quot;booleanValue&quot;: True or False, # boolean
                  &quot;floatValue&quot;: 3.14, # float
                  &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                  &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                  &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                      # and time zone are either specified elsewhere or are not significant. The date
                      # is relative to the Proleptic Gregorian Calendar. This can represent:
                      #
                      # * A full date, with non-zero year, month and day values
                      # * A month and day value, with a zero year, e.g. an anniversary
                      # * A year on its own, with zero month and day values
                      # * A year and month value, with a zero day, e.g. a credit card expiration date
                      #
                      # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                    &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                        # a year.
                    &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                        # month and day.
                    &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                        # if specifying a year by itself or a year and month where the day is not
                        # significant.
                  },
                  &quot;stringValue&quot;: &quot;A String&quot;, # string
                  &quot;integerValue&quot;: &quot;A String&quot;, # integer
                  &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                      # or are specified elsewhere. An API may choose to allow leap seconds. Related
                      # types are google.type.Date and `google.protobuf.Timestamp`.
                    &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                        # allow the value 60 if it allows leap-seconds.
                    &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                    &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                        # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                    &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                  },
                },
                &quot;upperBound&quot;: { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
                    # grouped together into a single bucket; for example if `upper_bound` = 89,
                    # then all values greater than 89 are replaced with the value &quot;89+&quot;.
                    # Note that for the purposes of inspection or transformation, the number
                    # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                    # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                    # 123456789, the number of bytes would be counted as 9, even though an
                    # int64 only holds up to 8 bytes of data.
                  &quot;booleanValue&quot;: True or False, # boolean
                  &quot;floatValue&quot;: 3.14, # float
                  &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                  &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                  &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                      # and time zone are either specified elsewhere or are not significant. The date
                      # is relative to the Proleptic Gregorian Calendar. This can represent:
                      #
                      # * A full date, with non-zero year, month and day values
                      # * A month and day value, with a zero year, e.g. an anniversary
                      # * A year on its own, with zero month and day values
                      # * A year and month value, with a zero day, e.g. a credit card expiration date
                      #
                      # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                    &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                        # a year.
                    &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                        # month and day.
                    &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                        # if specifying a year by itself or a year and month where the day is not
                        # significant.
                  },
                  &quot;stringValue&quot;: &quot;A String&quot;, # string
                  &quot;integerValue&quot;: &quot;A String&quot;, # integer
                  &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                      # or are specified elsewhere. An API may choose to allow leap seconds. Related
                      # types are google.type.Date and `google.protobuf.Timestamp`.
                    &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                        # allow the value 60 if it allows leap-seconds.
                    &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                    &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                        # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                    &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                  },
                },
                &quot;bucketSize&quot;: 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
                    # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
                    # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
                    # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
              },
            },
            &quot;condition&quot;: { # A condition for determining whether a transformation should be applied to # Only apply the transformation if the condition evaluates to true for the
                # given `RecordCondition`. The conditions are allowed to reference fields
                # that are not used in the actual transformation.
                #
                # Example Use Cases:
                #
                # - Apply a different bucket transformation to an age column if the zip code
                # column for the same record is within a specific range.
                # - Redact a field if the date of birth field is greater than 85.
                # a field.
              &quot;expressions&quot;: { # An expression, consisting or an operator and conditions. # An expression.
                &quot;logicalOperator&quot;: &quot;A String&quot;, # The operator to apply to the result of conditions. Default and currently
                    # only supported value is `AND`.
                &quot;conditions&quot;: { # A collection of conditions. # Conditions to apply to the expression.
                  &quot;conditions&quot;: [ # A collection of conditions.
                    { # The field type of `value` and `field` do not need to match to be
                        # considered equal, but not all comparisons are possible.
                        # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types,
                        # but all other comparisons are invalid with incompatible types.
                        # A `value` of type:
                        #
                        # - `string` can be compared against all other types
                        # - `boolean` can only be compared against other booleans
                        # - `integer` can be compared against doubles or a string if the string value
                        # can be parsed as an integer.
                        # - `double` can be compared against integers or a string if the string can
                        # be parsed as a double.
                        # - `Timestamp` can be compared against strings in RFC 3339 date string
                        # format.
                        # - `TimeOfDay` can be compared against timestamps and strings in the format
                        # of &#x27;HH:mm:ss&#x27;.
                        #
                        # If we fail to compare do to type mismatch, a warning will be given and
                        # the condition will evaluate to false.
                      &quot;field&quot;: { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.
                        &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
                      },
                      &quot;operator&quot;: &quot;A String&quot;, # Required. Operator used to compare the field or infoType to the value.
                      &quot;value&quot;: { # Set of primitive values supported by the system. # Value to compare against. [Mandatory, except for `EXISTS` tests.]
                          # Note that for the purposes of inspection or transformation, the number
                          # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                          # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                          # 123456789, the number of bytes would be counted as 9, even though an
                          # int64 only holds up to 8 bytes of data.
                        &quot;booleanValue&quot;: True or False, # boolean
                        &quot;floatValue&quot;: 3.14, # float
                        &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                        &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                        &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                            # and time zone are either specified elsewhere or are not significant. The date
                            # is relative to the Proleptic Gregorian Calendar. This can represent:
                            #
                            # * A full date, with non-zero year, month and day values
                            # * A month and day value, with a zero year, e.g. an anniversary
                            # * A year on its own, with zero month and day values
                            # * A year and month value, with a zero day, e.g. a credit card expiration date
                            #
                            # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                          &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                              # a year.
                          &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                              # month and day.
                          &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                              # if specifying a year by itself or a year and month where the day is not
                              # significant.
                        },
                        &quot;stringValue&quot;: &quot;A String&quot;, # string
                        &quot;integerValue&quot;: &quot;A String&quot;, # integer
                        &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                            # or are specified elsewhere. An API may choose to allow leap seconds. Related
                            # types are google.type.Date and `google.protobuf.Timestamp`.
                          &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                              # allow the value 60 if it allows leap-seconds.
                          &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                          &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                              # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                          &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                        },
                      },
                    },
                  ],
                },
              },
            },
          },
        ],
      },
      &quot;infoTypeTransformations&quot;: { # A type of transformation that will scan unstructured text and # Treat the dataset as free-form text and apply the same free text
          # transformation everywhere.
          # apply various `PrimitiveTransformation`s to each finding, where the
          # transformation is applied to only values that were identified as a specific
          # info_type.
        &quot;transformations&quot;: [ # Required. Transformation for each infoType. Cannot specify more than one
            # for a given infoType.
          { # A transformation to apply to text that is identified as a specific
              # info_type.
            &quot;infoTypes&quot;: [ # InfoTypes to apply the transformation to. An empty list will cause
                # this transformation to apply to all findings that correspond to
                # infoTypes that were requested in `InspectConfig`.
              { # Type of information detected by the API.
                &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
                    # creating a CustomInfoType, or one of the names listed
                    # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
                    # a built-in type. InfoType names should conform to the pattern
                    # `[a-zA-Z0-9_]{1,64}`.
              },
            ],
            &quot;primitiveTransformation&quot;: { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.
              &quot;timePartConfig&quot;: { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
                  # portion of the value.
                &quot;partToExtract&quot;: &quot;A String&quot;, # The part of the time to keep.
              },
              &quot;dateShiftConfig&quot;: { # Shifts dates by random number of days, with option to be consistent for the # Date Shift
                  # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
                  # to learn more.
                &quot;context&quot;: { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id.
                    # If set, must also set cryptoKey. If set, shift will be consistent for the
                    # given context.
                  &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
                },
                &quot;upperBoundDays&quot;: 42, # Required. Range of shift in days. Actual shift will be selected at random within this
                    # range (inclusive ends). Negative means shift to earlier in time. Must not
                    # be more than 365250 days (1000 years) each direction.
                    #
                    # For example, 3 means shift date to at most 3 days into the future.
                &quot;lowerBoundDays&quot;: 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
                &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
                    # results in the same shift for the same context and crypto_key. If
                    # set, must also set context. Can only be applied to table items.
                    # a key encryption key (KEK) stored by KMS).
                    # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
                    # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
                    # unwrap the data crypto key.
                  &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
                      # The wrapped key must be a 128/192/256 bit key.
                      # Authorization requires the following IAM permissions when sending a request
                      # to perform a crypto transformation using a kms-wrapped crypto key:
                      # dlp.kms.encrypt
                    &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
                    &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
                  },
                  &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
                      # leaking the key. Choose another type of key if possible.
                    &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
                  },
                  &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
                      # It will be discarded after the request finishes.
                    &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
                        # This is an arbitrary string used to differentiate different keys.
                        # A unique key is generated per name: two separate `TransientCryptoKey`
                        # protos share the same generated key if their names are the same.
                        # When the data crypto key is generated, this name is not used in any way
                        # (repeating the api call will result in a different key being generated).
                  },
                },
              },
              &quot;replaceWithInfoTypeConfig&quot;: { # Replace each matching finding with the name of the info_type. # Replace with infotype
              },
              &quot;cryptoHashConfig&quot;: { # Pseudonymization method that generates surrogates via cryptographic hashing. # Crypto
                  # Uses SHA-256.
                  # The key size must be either 32 or 64 bytes.
                  # Outputs a base64 encoded representation of the hashed output
                  # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).
                  # Currently, only string and integer values can be hashed.
                  # See https://cloud.google.com/dlp/docs/pseudonymization to learn more.
                &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function.
                    # a key encryption key (KEK) stored by KMS).
                    # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
                    # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
                    # unwrap the data crypto key.
                  &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
                      # The wrapped key must be a 128/192/256 bit key.
                      # Authorization requires the following IAM permissions when sending a request
                      # to perform a crypto transformation using a kms-wrapped crypto key:
                      # dlp.kms.encrypt
                    &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
                    &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
                  },
                  &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
                      # leaking the key. Choose another type of key if possible.
                    &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
                  },
                  &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
                      # It will be discarded after the request finishes.
                    &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
                        # This is an arbitrary string used to differentiate different keys.
                        # A unique key is generated per name: two separate `TransientCryptoKey`
                        # protos share the same generated key if their names are the same.
                        # When the data crypto key is generated, this name is not used in any way
                        # (repeating the api call will result in a different key being generated).
                  },
                },
              },
              &quot;cryptoReplaceFfxFpeConfig&quot;: { # Replaces an identifier with a surrogate using Format Preserving Encryption # Ffx-Fpe
                  # (FPE) with the FFX mode of operation; however when used in the
                  # `ReidentifyContent` API method, it serves the opposite function by reversing
                  # the surrogate back into the original identifier. The identifier must be
                  # encoded as ASCII. For a given crypto key and context, the same identifier
                  # will be replaced with the same surrogate. Identifiers must be at least two
                  # characters long. In the case that the identifier is the empty string, it will
                  # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn
                  # more.
                  #
                  # Note: We recommend using  CryptoDeterministicConfig for all use cases which
                  # do not require preserving the input alphabet space and size, plus warrant
                  # referential integrity.
                &quot;customAlphabet&quot;: &quot;A String&quot;, # This is supported by mapping these to the alphanumeric characters
                    # that the FFX mode natively supports. This happens before/after
                    # encryption/decryption.
                    # Each character listed must appear only once.
                    # Number of characters must be in the range [2, 95].
                    # This must be encoded as ASCII.
                    # The order of characters does not matter.
                &quot;commonAlphabet&quot;: &quot;A String&quot;, # Common alphabets.
                &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom infoType to annotate the surrogate with.
                    # This annotation will be applied to the surrogate by prefixing it with
                    # the name of the custom infoType followed by the number of
                    # characters comprising the surrogate. The following scheme defines the
                    # format: info_type_name(surrogate_character_count):surrogate
                    #
                    # For example, if the name of custom infoType is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
                    # the surrogate is &#x27;abc&#x27;, the full replacement value
                    # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
                    #
                    # This annotation identifies the surrogate when inspecting content using the
                    # custom infoType
                    # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
                    # This facilitates reversal of the surrogate when it occurs in free text.
                    #
                    # In order for inspection to work properly, the name of this infoType must
                    # not occur naturally anywhere in your data; otherwise, inspection may
                    # find a surrogate that does not correspond to an actual identifier.
                    # Therefore, choose your custom infoType name carefully after considering
                    # what your data looks like. One way to select a name that has a high chance
                    # of yielding reliable detection is to include one or more unicode characters
                    # that are highly improbable to exist in your data.
                    # For example, assuming your data is entered from a regular ASCII keyboard,
                    # the symbol with the hex code point 29DD might be used like so:
                    # ⧝MY_TOKEN_TYPE
                  &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
                      # creating a CustomInfoType, or one of the names listed
                      # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
                      # a built-in type. InfoType names should conform to the pattern
                      # `[a-zA-Z0-9_]{1,64}`.
                },
                &quot;context&quot;: { # General identifier of a data field in a storage service. # The &#x27;tweak&#x27;, a context may be used for higher security since the same
                    # identifier in two different contexts won&#x27;t be given the same surrogate. If
                    # the context is not set, a default tweak will be used.
                    #
                    # If the context is set but:
                    #
                    # 1. there is no record present when transforming a given value or
                    # 1. the field is not present when transforming a given value,
                    #
                    # a default tweak will be used.
                    #
                    # Note that case (1) is expected when an `InfoTypeTransformation` is
                    # applied to both structured and non-structured `ContentItem`s.
                    # Currently, the referenced field may be of value type integer or string.
                    #
                    # The tweak is constructed as a sequence of bytes in big endian byte order
                    # such that:
                    #
                    # - a 64 bit integer is encoded followed by a single byte of value 1
                    # - a string is encoded in UTF-8 format followed by a single byte of value 2
                  &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
                },
                &quot;radix&quot;: 42, # The native way to select the alphabet. Must be in the range [2, 95].
                &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Required. The key used by the encryption algorithm.
                    # a key encryption key (KEK) stored by KMS).
                    # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
                    # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
                    # unwrap the data crypto key.
                  &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
                      # The wrapped key must be a 128/192/256 bit key.
                      # Authorization requires the following IAM permissions when sending a request
                      # to perform a crypto transformation using a kms-wrapped crypto key:
                      # dlp.kms.encrypt
                    &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
                    &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
                  },
                  &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
                      # leaking the key. Choose another type of key if possible.
                    &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
                  },
                  &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
                      # It will be discarded after the request finishes.
                    &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
                        # This is an arbitrary string used to differentiate different keys.
                        # A unique key is generated per name: two separate `TransientCryptoKey`
                        # protos share the same generated key if their names are the same.
                        # When the data crypto key is generated, this name is not used in any way
                        # (repeating the api call will result in a different key being generated).
                  },
                },
              },
              &quot;cryptoDeterministicConfig&quot;: { # Pseudonymization method that generates deterministic encryption for the given # Deterministic Crypto
                  # input. Outputs a base64 encoded representation of the encrypted output.
                  # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
                &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
                    # This annotation will be applied to the surrogate by prefixing it with
                    # the name of the custom info type followed by the number of
                    # characters comprising the surrogate. The following scheme defines the
                    # format: {info type name}({surrogate character count}):{surrogate}
                    #
                    # For example, if the name of custom info type is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
                    # the surrogate is &#x27;abc&#x27;, the full replacement value
                    # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
                    #
                    # This annotation identifies the surrogate when inspecting content using the
                    # custom info type &#x27;Surrogate&#x27;. This facilitates reversal of the
                    # surrogate when it occurs in free text.
                    #
                    # Note: For record transformations where the entire cell in a table is being
                    # transformed, surrogates are not mandatory. Surrogates are used to denote
                    # the location of the token and are necessary for re-identification in free
                    # form text.
                    #
                    # In order for inspection to work properly, the name of this info type must
                    # not occur naturally anywhere in your data; otherwise, inspection may either
                    #
                    # - reverse a surrogate that does not correspond to an actual identifier
                    # - be unable to parse the surrogate and result in an error
                    #
                    # Therefore, choose your custom info type name carefully after considering
                    # what your data looks like. One way to select a name that has a high chance
                    # of yielding reliable detection is to include one or more unicode characters
                    # that are highly improbable to exist in your data.
                    # For example, assuming your data is entered from a regular ASCII keyboard,
                    # the symbol with the hex code point 29DD might be used like so:
                    # ⧝MY_TOKEN_TYPE.
                  &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
                      # creating a CustomInfoType, or one of the names listed
                      # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
                      # a built-in type. InfoType names should conform to the pattern
                      # `[a-zA-Z0-9_]{1,64}`.
                },
                &quot;context&quot;: { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
                    # referential integrity such that the same identifier in two different
                    # contexts will be given a distinct surrogate. The context is appended to
                    # plaintext value being encrypted. On decryption the provided context is
                    # validated against the value used during encryption. If a context was
                    # provided during encryption, same context must be provided during decryption
                    # as well.
                    #
                    # If the context is not set, plaintext would be used as is for encryption.
                    # If the context is set but:
                    #
                    # 1. there is no record present when transforming a given value or
                    # 2. the field is not present when transforming a given value,
                    #
                    # plaintext would be used as is for encryption.
                    #
                    # Note that case (1) is expected when an `InfoTypeTransformation` is
                    # applied to both structured and non-structured `ContentItem`s.
                  &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
                },
                &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
                    # a key encryption key (KEK) stored by KMS).
                    # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
                    # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
                    # unwrap the data crypto key.
                  &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
                      # The wrapped key must be a 128/192/256 bit key.
                      # Authorization requires the following IAM permissions when sending a request
                      # to perform a crypto transformation using a kms-wrapped crypto key:
                      # dlp.kms.encrypt
                    &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
                    &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
                  },
                  &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
                      # leaking the key. Choose another type of key if possible.
                    &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
                  },
                  &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
                      # It will be discarded after the request finishes.
                    &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
                        # This is an arbitrary string used to differentiate different keys.
                        # A unique key is generated per name: two separate `TransientCryptoKey`
                        # protos share the same generated key if their names are the same.
                        # When the data crypto key is generated, this name is not used in any way
                        # (repeating the api call will result in a different key being generated).
                  },
                },
              },
              &quot;redactConfig&quot;: { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
                  # transforming PHONE_NUMBER, and input &#x27;My phone number is 206-555-0123&#x27;, the
                  # output would be &#x27;My phone number is &#x27;.
              },
              &quot;bucketingConfig&quot;: { # Generalization function that buckets values based on ranges. The ranges and # Bucketing
                  # replacement values are dynamically provided by the user for custom behavior,
                  # such as 1-30 -&gt; LOW 31-65 -&gt; MEDIUM 66-100 -&gt; HIGH
                  # This can be used on
                  # data of type: number, long, string, timestamp.
                  # If the bound `Value` type differs from the type of data being transformed, we
                  # will first attempt converting the type of the data to be transformed to match
                  # the type of the bound before comparing.
                  # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
                &quot;buckets&quot;: [ # Set of buckets. Ranges must be non-overlapping.
                  { # Bucket is represented as a range, along with replacement values.
                    &quot;min&quot;: { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
                        # used.
                        # Note that for the purposes of inspection or transformation, the number
                        # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                        # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                        # 123456789, the number of bytes would be counted as 9, even though an
                        # int64 only holds up to 8 bytes of data.
                      &quot;booleanValue&quot;: True or False, # boolean
                      &quot;floatValue&quot;: 3.14, # float
                      &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                      &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                      &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                          # and time zone are either specified elsewhere or are not significant. The date
                          # is relative to the Proleptic Gregorian Calendar. This can represent:
                          #
                          # * A full date, with non-zero year, month and day values
                          # * A month and day value, with a zero year, e.g. an anniversary
                          # * A year on its own, with zero month and day values
                          # * A year and month value, with a zero day, e.g. a credit card expiration date
                          #
                          # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                        &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                            # a year.
                        &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                            # month and day.
                        &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                            # if specifying a year by itself or a year and month where the day is not
                            # significant.
                      },
                      &quot;stringValue&quot;: &quot;A String&quot;, # string
                      &quot;integerValue&quot;: &quot;A String&quot;, # integer
                      &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                          # or are specified elsewhere. An API may choose to allow leap seconds. Related
                          # types are google.type.Date and `google.protobuf.Timestamp`.
                        &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                            # allow the value 60 if it allows leap-seconds.
                        &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                        &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                            # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                        &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                      },
                    },
                    &quot;max&quot;: { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
                        # Note that for the purposes of inspection or transformation, the number
                        # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                        # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                        # 123456789, the number of bytes would be counted as 9, even though an
                        # int64 only holds up to 8 bytes of data.
                      &quot;booleanValue&quot;: True or False, # boolean
                      &quot;floatValue&quot;: 3.14, # float
                      &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                      &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                      &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                          # and time zone are either specified elsewhere or are not significant. The date
                          # is relative to the Proleptic Gregorian Calendar. This can represent:
                          #
                          # * A full date, with non-zero year, month and day values
                          # * A month and day value, with a zero year, e.g. an anniversary
                          # * A year on its own, with zero month and day values
                          # * A year and month value, with a zero day, e.g. a credit card expiration date
                          #
                          # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                        &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                            # a year.
                        &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                            # month and day.
                        &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                            # if specifying a year by itself or a year and month where the day is not
                            # significant.
                      },
                      &quot;stringValue&quot;: &quot;A String&quot;, # string
                      &quot;integerValue&quot;: &quot;A String&quot;, # integer
                      &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                          # or are specified elsewhere. An API may choose to allow leap seconds. Related
                          # types are google.type.Date and `google.protobuf.Timestamp`.
                        &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                            # allow the value 60 if it allows leap-seconds.
                        &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                        &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                            # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                        &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                      },
                    },
                    &quot;replacementValue&quot;: { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
                        # the default behavior will be to hyphenate the min-max range.
                        # Note that for the purposes of inspection or transformation, the number
                        # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                        # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                        # 123456789, the number of bytes would be counted as 9, even though an
                        # int64 only holds up to 8 bytes of data.
                      &quot;booleanValue&quot;: True or False, # boolean
                      &quot;floatValue&quot;: 3.14, # float
                      &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                      &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                      &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                          # and time zone are either specified elsewhere or are not significant. The date
                          # is relative to the Proleptic Gregorian Calendar. This can represent:
                          #
                          # * A full date, with non-zero year, month and day values
                          # * A month and day value, with a zero year, e.g. an anniversary
                          # * A year on its own, with zero month and day values
                          # * A year and month value, with a zero day, e.g. a credit card expiration date
                          #
                          # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                        &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                            # a year.
                        &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                            # month and day.
                        &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                            # if specifying a year by itself or a year and month where the day is not
                            # significant.
                      },
                      &quot;stringValue&quot;: &quot;A String&quot;, # string
                      &quot;integerValue&quot;: &quot;A String&quot;, # integer
                      &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                          # or are specified elsewhere. An API may choose to allow leap seconds. Related
                          # types are google.type.Date and `google.protobuf.Timestamp`.
                        &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                            # allow the value 60 if it allows leap-seconds.
                        &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                        &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                            # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                        &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                      },
                    },
                  },
                ],
              },
              &quot;replaceConfig&quot;: { # Replace each input value with a given `Value`. # Replace
                &quot;newValue&quot;: { # Set of primitive values supported by the system. # Value to replace it with.
                    # Note that for the purposes of inspection or transformation, the number
                    # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                    # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                    # 123456789, the number of bytes would be counted as 9, even though an
                    # int64 only holds up to 8 bytes of data.
                  &quot;booleanValue&quot;: True or False, # boolean
                  &quot;floatValue&quot;: 3.14, # float
                  &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                  &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                  &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                      # and time zone are either specified elsewhere or are not significant. The date
                      # is relative to the Proleptic Gregorian Calendar. This can represent:
                      #
                      # * A full date, with non-zero year, month and day values
                      # * A month and day value, with a zero year, e.g. an anniversary
                      # * A year on its own, with zero month and day values
                      # * A year and month value, with a zero day, e.g. a credit card expiration date
                      #
                      # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                    &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                        # a year.
                    &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                        # month and day.
                    &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                        # if specifying a year by itself or a year and month where the day is not
                        # significant.
                  },
                  &quot;stringValue&quot;: &quot;A String&quot;, # string
                  &quot;integerValue&quot;: &quot;A String&quot;, # integer
                  &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                      # or are specified elsewhere. An API may choose to allow leap seconds. Related
                      # types are google.type.Date and `google.protobuf.Timestamp`.
                    &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                        # allow the value 60 if it allows leap-seconds.
                    &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                    &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                        # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                    &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                  },
                },
              },
              &quot;characterMaskConfig&quot;: { # Partially mask a string by replacing a given number of characters with a # Mask
                  # fixed character. Masking can start from the beginning or end of the string.
                  # This can be used on data of any type (numbers, longs, and so on) and when
                  # de-identifying structured data we&#x27;ll attempt to preserve the original data&#x27;s
                  # type. (This allows you to take a long like 123 and modify it to a string like
                  # **3.
                &quot;reverseOrder&quot;: True or False, # Mask characters in reverse order. For example, if `masking_character` is
                    # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
                    # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
                    # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
                    # is `true`, then the string `12345` is masked as `12***`.
                &quot;charactersToIgnore&quot;: [ # When masking a string, items in this list will be skipped when replacing
                    # characters. For example, if the input string is `555-555-5555` and you
                    # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
                    # returns `***-**5-5555`.
                  { # Characters to skip when doing deidentification of a value. These will be left
                      # alone and skipped.
                    &quot;charactersToSkip&quot;: &quot;A String&quot;, # Characters to not transform when masking.
                    &quot;commonCharactersToIgnore&quot;: &quot;A String&quot;, # Common characters to not transform when masking. Useful to avoid removing
                        # punctuation.
                  },
                ],
                &quot;numberToMask&quot;: 42, # Number of characters to mask. If not set, all matching chars will be
                    # masked. Skipped characters do not count towards this tally.
                &quot;maskingCharacter&quot;: &quot;A String&quot;, # Character to use to mask the sensitive values&amp;mdash;for example, `*` for an
                    # alphabetic string such as a name, or `0` for a numeric string such as ZIP
                    # code or credit card number. This string must have a length of 1. If not
                    # supplied, this value defaults to `*` for strings, and `0` for digits.
              },
              &quot;fixedSizeBucketingConfig&quot;: { # Buckets values based on fixed size ranges. The # Fixed size bucketing
                  # Bucketing transformation can provide all of this functionality,
                  # but requires more configuration. This message is provided as a convenience to
                  # the user for simple bucketing strategies.
                  #
                  # The transformed value will be a hyphenated string of
                  # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
                  # all values that are within this bucket will be replaced with &quot;10-20&quot;.
                  #
                  # This can be used on data of type: double, long.
                  #
                  # If the bound Value type differs from the type of data
                  # being transformed, we will first attempt converting the type of the data to
                  # be transformed to match the type of the bound before comparing.
                  #
                  # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
                &quot;lowerBound&quot;: { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
                    # grouped together into a single bucket; for example if `lower_bound` = 10,
                    # then all values less than 10 are replaced with the value &quot;-10&quot;.
                    # Note that for the purposes of inspection or transformation, the number
                    # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                    # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                    # 123456789, the number of bytes would be counted as 9, even though an
                    # int64 only holds up to 8 bytes of data.
                  &quot;booleanValue&quot;: True or False, # boolean
                  &quot;floatValue&quot;: 3.14, # float
                  &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                  &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                  &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                      # and time zone are either specified elsewhere or are not significant. The date
                      # is relative to the Proleptic Gregorian Calendar. This can represent:
                      #
                      # * A full date, with non-zero year, month and day values
                      # * A month and day value, with a zero year, e.g. an anniversary
                      # * A year on its own, with zero month and day values
                      # * A year and month value, with a zero day, e.g. a credit card expiration date
                      #
                      # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                    &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                        # a year.
                    &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                        # month and day.
                    &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                        # if specifying a year by itself or a year and month where the day is not
                        # significant.
                  },
                  &quot;stringValue&quot;: &quot;A String&quot;, # string
                  &quot;integerValue&quot;: &quot;A String&quot;, # integer
                  &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                      # or are specified elsewhere. An API may choose to allow leap seconds. Related
                      # types are google.type.Date and `google.protobuf.Timestamp`.
                    &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                        # allow the value 60 if it allows leap-seconds.
                    &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                    &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                        # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                    &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                  },
                },
                &quot;upperBound&quot;: { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
                    # grouped together into a single bucket; for example if `upper_bound` = 89,
                    # then all values greater than 89 are replaced with the value &quot;89+&quot;.
                    # Note that for the purposes of inspection or transformation, the number
                    # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                    # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                    # 123456789, the number of bytes would be counted as 9, even though an
                    # int64 only holds up to 8 bytes of data.
                  &quot;booleanValue&quot;: True or False, # boolean
                  &quot;floatValue&quot;: 3.14, # float
                  &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                  &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                  &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                      # and time zone are either specified elsewhere or are not significant. The date
                      # is relative to the Proleptic Gregorian Calendar. This can represent:
                      #
                      # * A full date, with non-zero year, month and day values
                      # * A month and day value, with a zero year, e.g. an anniversary
                      # * A year on its own, with zero month and day values
                      # * A year and month value, with a zero day, e.g. a credit card expiration date
                      #
                      # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                    &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                        # a year.
                    &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                        # month and day.
                    &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                        # if specifying a year by itself or a year and month where the day is not
                        # significant.
                  },
                  &quot;stringValue&quot;: &quot;A String&quot;, # string
                  &quot;integerValue&quot;: &quot;A String&quot;, # integer
                  &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                      # or are specified elsewhere. An API may choose to allow leap seconds. Related
                      # types are google.type.Date and `google.protobuf.Timestamp`.
                    &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                        # allow the value 60 if it allows leap-seconds.
                    &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                    &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                        # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                    &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                  },
                },
                &quot;bucketSize&quot;: 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
                    # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
                    # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
                    # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
              },
            },
          },
        ],
      },
    },
  }

  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # Results of re-identifying a item.
    &quot;overview&quot;: { # Overview of the modifications that occurred. # An overview of the changes that were made to the `item`.
      &quot;transformationSummaries&quot;: [ # Transformations applied to the dataset.
        { # Summary of a single transformation.
            # Only one of &#x27;transformation&#x27;, &#x27;field_transformation&#x27;, or &#x27;record_suppress&#x27;
            # will be set.
          &quot;fieldTransformations&quot;: [ # The field transformation that was applied.
              # If multiple field transformations are requested for a single field,
              # this list will contain all of them; otherwise, only one is supplied.
            { # The transformation to apply to the field.
              &quot;fields&quot;: [ # Required. Input field(s) to apply the transformation to.
                { # General identifier of a data field in a storage service.
                  &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
                },
              ],
              &quot;infoTypeTransformations&quot;: { # A type of transformation that will scan unstructured text and # Treat the contents of the field as free text, and selectively
                  # transform content that matches an `InfoType`.
                  # apply various `PrimitiveTransformation`s to each finding, where the
                  # transformation is applied to only values that were identified as a specific
                  # info_type.
                &quot;transformations&quot;: [ # Required. Transformation for each infoType. Cannot specify more than one
                    # for a given infoType.
                  { # A transformation to apply to text that is identified as a specific
                      # info_type.
                    &quot;infoTypes&quot;: [ # InfoTypes to apply the transformation to. An empty list will cause
                        # this transformation to apply to all findings that correspond to
                        # infoTypes that were requested in `InspectConfig`.
                      { # Type of information detected by the API.
                        &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
                            # creating a CustomInfoType, or one of the names listed
                            # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
                            # a built-in type. InfoType names should conform to the pattern
                            # `[a-zA-Z0-9_]{1,64}`.
                      },
                    ],
                    &quot;primitiveTransformation&quot;: { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.
                      &quot;timePartConfig&quot;: { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
                          # portion of the value.
                        &quot;partToExtract&quot;: &quot;A String&quot;, # The part of the time to keep.
                      },
                      &quot;dateShiftConfig&quot;: { # Shifts dates by random number of days, with option to be consistent for the # Date Shift
                          # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
                          # to learn more.
                        &quot;context&quot;: { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id.
                            # If set, must also set cryptoKey. If set, shift will be consistent for the
                            # given context.
                          &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
                        },
                        &quot;upperBoundDays&quot;: 42, # Required. Range of shift in days. Actual shift will be selected at random within this
                            # range (inclusive ends). Negative means shift to earlier in time. Must not
                            # be more than 365250 days (1000 years) each direction.
                            #
                            # For example, 3 means shift date to at most 3 days into the future.
                        &quot;lowerBoundDays&quot;: 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
                        &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
                            # results in the same shift for the same context and crypto_key. If
                            # set, must also set context. Can only be applied to table items.
                            # a key encryption key (KEK) stored by KMS).
                            # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
                            # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
                            # unwrap the data crypto key.
                          &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
                              # The wrapped key must be a 128/192/256 bit key.
                              # Authorization requires the following IAM permissions when sending a request
                              # to perform a crypto transformation using a kms-wrapped crypto key:
                              # dlp.kms.encrypt
                            &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
                            &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
                          },
                          &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
                              # leaking the key. Choose another type of key if possible.
                            &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
                          },
                          &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
                              # It will be discarded after the request finishes.
                            &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
                                # This is an arbitrary string used to differentiate different keys.
                                # A unique key is generated per name: two separate `TransientCryptoKey`
                                # protos share the same generated key if their names are the same.
                                # When the data crypto key is generated, this name is not used in any way
                                # (repeating the api call will result in a different key being generated).
                          },
                        },
                      },
                      &quot;replaceWithInfoTypeConfig&quot;: { # Replace each matching finding with the name of the info_type. # Replace with infotype
                      },
                      &quot;cryptoHashConfig&quot;: { # Pseudonymization method that generates surrogates via cryptographic hashing. # Crypto
                          # Uses SHA-256.
                          # The key size must be either 32 or 64 bytes.
                          # Outputs a base64 encoded representation of the hashed output
                          # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).
                          # Currently, only string and integer values can be hashed.
                          # See https://cloud.google.com/dlp/docs/pseudonymization to learn more.
                        &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function.
                            # a key encryption key (KEK) stored by KMS).
                            # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
                            # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
                            # unwrap the data crypto key.
                          &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
                              # The wrapped key must be a 128/192/256 bit key.
                              # Authorization requires the following IAM permissions when sending a request
                              # to perform a crypto transformation using a kms-wrapped crypto key:
                              # dlp.kms.encrypt
                            &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
                            &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
                          },
                          &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
                              # leaking the key. Choose another type of key if possible.
                            &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
                          },
                          &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
                              # It will be discarded after the request finishes.
                            &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
                                # This is an arbitrary string used to differentiate different keys.
                                # A unique key is generated per name: two separate `TransientCryptoKey`
                                # protos share the same generated key if their names are the same.
                                # When the data crypto key is generated, this name is not used in any way
                                # (repeating the api call will result in a different key being generated).
                          },
                        },
                      },
                      &quot;cryptoReplaceFfxFpeConfig&quot;: { # Replaces an identifier with a surrogate using Format Preserving Encryption # Ffx-Fpe
                          # (FPE) with the FFX mode of operation; however when used in the
                          # `ReidentifyContent` API method, it serves the opposite function by reversing
                          # the surrogate back into the original identifier. The identifier must be
                          # encoded as ASCII. For a given crypto key and context, the same identifier
                          # will be replaced with the same surrogate. Identifiers must be at least two
                          # characters long. In the case that the identifier is the empty string, it will
                          # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn
                          # more.
                          #
                          # Note: We recommend using  CryptoDeterministicConfig for all use cases which
                          # do not require preserving the input alphabet space and size, plus warrant
                          # referential integrity.
                        &quot;customAlphabet&quot;: &quot;A String&quot;, # This is supported by mapping these to the alphanumeric characters
                            # that the FFX mode natively supports. This happens before/after
                            # encryption/decryption.
                            # Each character listed must appear only once.
                            # Number of characters must be in the range [2, 95].
                            # This must be encoded as ASCII.
                            # The order of characters does not matter.
                        &quot;commonAlphabet&quot;: &quot;A String&quot;, # Common alphabets.
                        &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom infoType to annotate the surrogate with.
                            # This annotation will be applied to the surrogate by prefixing it with
                            # the name of the custom infoType followed by the number of
                            # characters comprising the surrogate. The following scheme defines the
                            # format: info_type_name(surrogate_character_count):surrogate
                            #
                            # For example, if the name of custom infoType is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
                            # the surrogate is &#x27;abc&#x27;, the full replacement value
                            # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
                            #
                            # This annotation identifies the surrogate when inspecting content using the
                            # custom infoType
                            # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
                            # This facilitates reversal of the surrogate when it occurs in free text.
                            #
                            # In order for inspection to work properly, the name of this infoType must
                            # not occur naturally anywhere in your data; otherwise, inspection may
                            # find a surrogate that does not correspond to an actual identifier.
                            # Therefore, choose your custom infoType name carefully after considering
                            # what your data looks like. One way to select a name that has a high chance
                            # of yielding reliable detection is to include one or more unicode characters
                            # that are highly improbable to exist in your data.
                            # For example, assuming your data is entered from a regular ASCII keyboard,
                            # the symbol with the hex code point 29DD might be used like so:
                            # ⧝MY_TOKEN_TYPE
                          &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
                              # creating a CustomInfoType, or one of the names listed
                              # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
                              # a built-in type. InfoType names should conform to the pattern
                              # `[a-zA-Z0-9_]{1,64}`.
                        },
                        &quot;context&quot;: { # General identifier of a data field in a storage service. # The &#x27;tweak&#x27;, a context may be used for higher security since the same
                            # identifier in two different contexts won&#x27;t be given the same surrogate. If
                            # the context is not set, a default tweak will be used.
                            #
                            # If the context is set but:
                            #
                            # 1. there is no record present when transforming a given value or
                            # 1. the field is not present when transforming a given value,
                            #
                            # a default tweak will be used.
                            #
                            # Note that case (1) is expected when an `InfoTypeTransformation` is
                            # applied to both structured and non-structured `ContentItem`s.
                            # Currently, the referenced field may be of value type integer or string.
                            #
                            # The tweak is constructed as a sequence of bytes in big endian byte order
                            # such that:
                            #
                            # - a 64 bit integer is encoded followed by a single byte of value 1
                            # - a string is encoded in UTF-8 format followed by a single byte of value 2
                          &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
                        },
                        &quot;radix&quot;: 42, # The native way to select the alphabet. Must be in the range [2, 95].
                        &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Required. The key used by the encryption algorithm.
                            # a key encryption key (KEK) stored by KMS).
                            # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
                            # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
                            # unwrap the data crypto key.
                          &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
                              # The wrapped key must be a 128/192/256 bit key.
                              # Authorization requires the following IAM permissions when sending a request
                              # to perform a crypto transformation using a kms-wrapped crypto key:
                              # dlp.kms.encrypt
                            &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
                            &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
                          },
                          &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
                              # leaking the key. Choose another type of key if possible.
                            &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
                          },
                          &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
                              # It will be discarded after the request finishes.
                            &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
                                # This is an arbitrary string used to differentiate different keys.
                                # A unique key is generated per name: two separate `TransientCryptoKey`
                                # protos share the same generated key if their names are the same.
                                # When the data crypto key is generated, this name is not used in any way
                                # (repeating the api call will result in a different key being generated).
                          },
                        },
                      },
                      &quot;cryptoDeterministicConfig&quot;: { # Pseudonymization method that generates deterministic encryption for the given # Deterministic Crypto
                          # input. Outputs a base64 encoded representation of the encrypted output.
                          # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
                        &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
                            # This annotation will be applied to the surrogate by prefixing it with
                            # the name of the custom info type followed by the number of
                            # characters comprising the surrogate. The following scheme defines the
                            # format: {info type name}({surrogate character count}):{surrogate}
                            #
                            # For example, if the name of custom info type is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
                            # the surrogate is &#x27;abc&#x27;, the full replacement value
                            # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
                            #
                            # This annotation identifies the surrogate when inspecting content using the
                            # custom info type &#x27;Surrogate&#x27;. This facilitates reversal of the
                            # surrogate when it occurs in free text.
                            #
                            # Note: For record transformations where the entire cell in a table is being
                            # transformed, surrogates are not mandatory. Surrogates are used to denote
                            # the location of the token and are necessary for re-identification in free
                            # form text.
                            #
                            # In order for inspection to work properly, the name of this info type must
                            # not occur naturally anywhere in your data; otherwise, inspection may either
                            #
                            # - reverse a surrogate that does not correspond to an actual identifier
                            # - be unable to parse the surrogate and result in an error
                            #
                            # Therefore, choose your custom info type name carefully after considering
                            # what your data looks like. One way to select a name that has a high chance
                            # of yielding reliable detection is to include one or more unicode characters
                            # that are highly improbable to exist in your data.
                            # For example, assuming your data is entered from a regular ASCII keyboard,
                            # the symbol with the hex code point 29DD might be used like so:
                            # ⧝MY_TOKEN_TYPE.
                          &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
                              # creating a CustomInfoType, or one of the names listed
                              # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
                              # a built-in type. InfoType names should conform to the pattern
                              # `[a-zA-Z0-9_]{1,64}`.
                        },
                        &quot;context&quot;: { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
                            # referential integrity such that the same identifier in two different
                            # contexts will be given a distinct surrogate. The context is appended to
                            # plaintext value being encrypted. On decryption the provided context is
                            # validated against the value used during encryption. If a context was
                            # provided during encryption, same context must be provided during decryption
                            # as well.
                            #
                            # If the context is not set, plaintext would be used as is for encryption.
                            # If the context is set but:
                            #
                            # 1. there is no record present when transforming a given value or
                            # 2. the field is not present when transforming a given value,
                            #
                            # plaintext would be used as is for encryption.
                            #
                            # Note that case (1) is expected when an `InfoTypeTransformation` is
                            # applied to both structured and non-structured `ContentItem`s.
                          &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
                        },
                        &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
                            # a key encryption key (KEK) stored by KMS).
                            # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
                            # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
                            # unwrap the data crypto key.
                          &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
                              # The wrapped key must be a 128/192/256 bit key.
                              # Authorization requires the following IAM permissions when sending a request
                              # to perform a crypto transformation using a kms-wrapped crypto key:
                              # dlp.kms.encrypt
                            &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
                            &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
                          },
                          &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
                              # leaking the key. Choose another type of key if possible.
                            &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
                          },
                          &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
                              # It will be discarded after the request finishes.
                            &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
                                # This is an arbitrary string used to differentiate different keys.
                                # A unique key is generated per name: two separate `TransientCryptoKey`
                                # protos share the same generated key if their names are the same.
                                # When the data crypto key is generated, this name is not used in any way
                                # (repeating the api call will result in a different key being generated).
                          },
                        },
                      },
                      &quot;redactConfig&quot;: { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
                          # transforming PHONE_NUMBER, and input &#x27;My phone number is 206-555-0123&#x27;, the
                          # output would be &#x27;My phone number is &#x27;.
                      },
                      &quot;bucketingConfig&quot;: { # Generalization function that buckets values based on ranges. The ranges and # Bucketing
                          # replacement values are dynamically provided by the user for custom behavior,
                          # such as 1-30 -&gt; LOW 31-65 -&gt; MEDIUM 66-100 -&gt; HIGH
                          # This can be used on
                          # data of type: number, long, string, timestamp.
                          # If the bound `Value` type differs from the type of data being transformed, we
                          # will first attempt converting the type of the data to be transformed to match
                          # the type of the bound before comparing.
                          # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
                        &quot;buckets&quot;: [ # Set of buckets. Ranges must be non-overlapping.
                          { # Bucket is represented as a range, along with replacement values.
                            &quot;min&quot;: { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
                                # used.
                                # Note that for the purposes of inspection or transformation, the number
                                # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                                # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                                # 123456789, the number of bytes would be counted as 9, even though an
                                # int64 only holds up to 8 bytes of data.
                              &quot;booleanValue&quot;: True or False, # boolean
                              &quot;floatValue&quot;: 3.14, # float
                              &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                              &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                              &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                                  # and time zone are either specified elsewhere or are not significant. The date
                                  # is relative to the Proleptic Gregorian Calendar. This can represent:
                                  #
                                  # * A full date, with non-zero year, month and day values
                                  # * A month and day value, with a zero year, e.g. an anniversary
                                  # * A year on its own, with zero month and day values
                                  # * A year and month value, with a zero day, e.g. a credit card expiration date
                                  #
                                  # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                                &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                                    # a year.
                                &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                                    # month and day.
                                &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                                    # if specifying a year by itself or a year and month where the day is not
                                    # significant.
                              },
                              &quot;stringValue&quot;: &quot;A String&quot;, # string
                              &quot;integerValue&quot;: &quot;A String&quot;, # integer
                              &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                                  # or are specified elsewhere. An API may choose to allow leap seconds. Related
                                  # types are google.type.Date and `google.protobuf.Timestamp`.
                                &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                                    # allow the value 60 if it allows leap-seconds.
                                &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                                &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                                    # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                                &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                              },
                            },
                            &quot;max&quot;: { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
                                # Note that for the purposes of inspection or transformation, the number
                                # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                                # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                                # 123456789, the number of bytes would be counted as 9, even though an
                                # int64 only holds up to 8 bytes of data.
                              &quot;booleanValue&quot;: True or False, # boolean
                              &quot;floatValue&quot;: 3.14, # float
                              &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                              &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                              &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                                  # and time zone are either specified elsewhere or are not significant. The date
                                  # is relative to the Proleptic Gregorian Calendar. This can represent:
                                  #
                                  # * A full date, with non-zero year, month and day values
                                  # * A month and day value, with a zero year, e.g. an anniversary
                                  # * A year on its own, with zero month and day values
                                  # * A year and month value, with a zero day, e.g. a credit card expiration date
                                  #
                                  # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                                &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                                    # a year.
                                &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                                    # month and day.
                                &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                                    # if specifying a year by itself or a year and month where the day is not
                                    # significant.
                              },
                              &quot;stringValue&quot;: &quot;A String&quot;, # string
                              &quot;integerValue&quot;: &quot;A String&quot;, # integer
                              &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                                  # or are specified elsewhere. An API may choose to allow leap seconds. Related
                                  # types are google.type.Date and `google.protobuf.Timestamp`.
                                &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                                    # allow the value 60 if it allows leap-seconds.
                                &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                                &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                                    # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                                &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                              },
                            },
                            &quot;replacementValue&quot;: { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
                                # the default behavior will be to hyphenate the min-max range.
                                # Note that for the purposes of inspection or transformation, the number
                                # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                                # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                                # 123456789, the number of bytes would be counted as 9, even though an
                                # int64 only holds up to 8 bytes of data.
                              &quot;booleanValue&quot;: True or False, # boolean
                              &quot;floatValue&quot;: 3.14, # float
                              &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                              &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                              &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                                  # and time zone are either specified elsewhere or are not significant. The date
                                  # is relative to the Proleptic Gregorian Calendar. This can represent:
                                  #
                                  # * A full date, with non-zero year, month and day values
                                  # * A month and day value, with a zero year, e.g. an anniversary
                                  # * A year on its own, with zero month and day values
                                  # * A year and month value, with a zero day, e.g. a credit card expiration date
                                  #
                                  # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                                &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                                    # a year.
                                &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                                    # month and day.
                                &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                                    # if specifying a year by itself or a year and month where the day is not
                                    # significant.
                              },
                              &quot;stringValue&quot;: &quot;A String&quot;, # string
                              &quot;integerValue&quot;: &quot;A String&quot;, # integer
                              &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                                  # or are specified elsewhere. An API may choose to allow leap seconds. Related
                                  # types are google.type.Date and `google.protobuf.Timestamp`.
                                &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                                    # allow the value 60 if it allows leap-seconds.
                                &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                                &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                                    # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                                &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                              },
                            },
                          },
                        ],
                      },
                      &quot;replaceConfig&quot;: { # Replace each input value with a given `Value`. # Replace
                        &quot;newValue&quot;: { # Set of primitive values supported by the system. # Value to replace it with.
                            # Note that for the purposes of inspection or transformation, the number
                            # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                            # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                            # 123456789, the number of bytes would be counted as 9, even though an
                            # int64 only holds up to 8 bytes of data.
                          &quot;booleanValue&quot;: True or False, # boolean
                          &quot;floatValue&quot;: 3.14, # float
                          &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                          &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                          &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                              # and time zone are either specified elsewhere or are not significant. The date
                              # is relative to the Proleptic Gregorian Calendar. This can represent:
                              #
                              # * A full date, with non-zero year, month and day values
                              # * A month and day value, with a zero year, e.g. an anniversary
                              # * A year on its own, with zero month and day values
                              # * A year and month value, with a zero day, e.g. a credit card expiration date
                              #
                              # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                            &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                                # a year.
                            &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                                # month and day.
                            &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                                # if specifying a year by itself or a year and month where the day is not
                                # significant.
                          },
                          &quot;stringValue&quot;: &quot;A String&quot;, # string
                          &quot;integerValue&quot;: &quot;A String&quot;, # integer
                          &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                              # or are specified elsewhere. An API may choose to allow leap seconds. Related
                              # types are google.type.Date and `google.protobuf.Timestamp`.
                            &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                                # allow the value 60 if it allows leap-seconds.
                            &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                            &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                                # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                            &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                          },
                        },
                      },
                      &quot;characterMaskConfig&quot;: { # Partially mask a string by replacing a given number of characters with a # Mask
                          # fixed character. Masking can start from the beginning or end of the string.
                          # This can be used on data of any type (numbers, longs, and so on) and when
                          # de-identifying structured data we&#x27;ll attempt to preserve the original data&#x27;s
                          # type. (This allows you to take a long like 123 and modify it to a string like
                          # **3.
                        &quot;reverseOrder&quot;: True or False, # Mask characters in reverse order. For example, if `masking_character` is
                            # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
                            # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
                            # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
                            # is `true`, then the string `12345` is masked as `12***`.
                        &quot;charactersToIgnore&quot;: [ # When masking a string, items in this list will be skipped when replacing
                            # characters. For example, if the input string is `555-555-5555` and you
                            # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
                            # returns `***-**5-5555`.
                          { # Characters to skip when doing deidentification of a value. These will be left
                              # alone and skipped.
                            &quot;charactersToSkip&quot;: &quot;A String&quot;, # Characters to not transform when masking.
                            &quot;commonCharactersToIgnore&quot;: &quot;A String&quot;, # Common characters to not transform when masking. Useful to avoid removing
                                # punctuation.
                          },
                        ],
                        &quot;numberToMask&quot;: 42, # Number of characters to mask. If not set, all matching chars will be
                            # masked. Skipped characters do not count towards this tally.
                        &quot;maskingCharacter&quot;: &quot;A String&quot;, # Character to use to mask the sensitive values&amp;mdash;for example, `*` for an
                            # alphabetic string such as a name, or `0` for a numeric string such as ZIP
                            # code or credit card number. This string must have a length of 1. If not
                            # supplied, this value defaults to `*` for strings, and `0` for digits.
                      },
                      &quot;fixedSizeBucketingConfig&quot;: { # Buckets values based on fixed size ranges. The # Fixed size bucketing
                          # Bucketing transformation can provide all of this functionality,
                          # but requires more configuration. This message is provided as a convenience to
                          # the user for simple bucketing strategies.
                          #
                          # The transformed value will be a hyphenated string of
                          # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
                          # all values that are within this bucket will be replaced with &quot;10-20&quot;.
                          #
                          # This can be used on data of type: double, long.
                          #
                          # If the bound Value type differs from the type of data
                          # being transformed, we will first attempt converting the type of the data to
                          # be transformed to match the type of the bound before comparing.
                          #
                          # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
                        &quot;lowerBound&quot;: { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
                            # grouped together into a single bucket; for example if `lower_bound` = 10,
                            # then all values less than 10 are replaced with the value &quot;-10&quot;.
                            # Note that for the purposes of inspection or transformation, the number
                            # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                            # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                            # 123456789, the number of bytes would be counted as 9, even though an
                            # int64 only holds up to 8 bytes of data.
                          &quot;booleanValue&quot;: True or False, # boolean
                          &quot;floatValue&quot;: 3.14, # float
                          &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                          &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                          &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                              # and time zone are either specified elsewhere or are not significant. The date
                              # is relative to the Proleptic Gregorian Calendar. This can represent:
                              #
                              # * A full date, with non-zero year, month and day values
                              # * A month and day value, with a zero year, e.g. an anniversary
                              # * A year on its own, with zero month and day values
                              # * A year and month value, with a zero day, e.g. a credit card expiration date
                              #
                              # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                            &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                                # a year.
                            &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                                # month and day.
                            &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                                # if specifying a year by itself or a year and month where the day is not
                                # significant.
                          },
                          &quot;stringValue&quot;: &quot;A String&quot;, # string
                          &quot;integerValue&quot;: &quot;A String&quot;, # integer
                          &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                              # or are specified elsewhere. An API may choose to allow leap seconds. Related
                              # types are google.type.Date and `google.protobuf.Timestamp`.
                            &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                                # allow the value 60 if it allows leap-seconds.
                            &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                            &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                                # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                            &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                          },
                        },
                        &quot;upperBound&quot;: { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
                            # grouped together into a single bucket; for example if `upper_bound` = 89,
                            # then all values greater than 89 are replaced with the value &quot;89+&quot;.
                            # Note that for the purposes of inspection or transformation, the number
                            # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                            # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                            # 123456789, the number of bytes would be counted as 9, even though an
                            # int64 only holds up to 8 bytes of data.
                          &quot;booleanValue&quot;: True or False, # boolean
                          &quot;floatValue&quot;: 3.14, # float
                          &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                          &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                          &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                              # and time zone are either specified elsewhere or are not significant. The date
                              # is relative to the Proleptic Gregorian Calendar. This can represent:
                              #
                              # * A full date, with non-zero year, month and day values
                              # * A month and day value, with a zero year, e.g. an anniversary
                              # * A year on its own, with zero month and day values
                              # * A year and month value, with a zero day, e.g. a credit card expiration date
                              #
                              # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                            &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                                # a year.
                            &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                                # month and day.
                            &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                                # if specifying a year by itself or a year and month where the day is not
                                # significant.
                          },
                          &quot;stringValue&quot;: &quot;A String&quot;, # string
                          &quot;integerValue&quot;: &quot;A String&quot;, # integer
                          &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                              # or are specified elsewhere. An API may choose to allow leap seconds. Related
                              # types are google.type.Date and `google.protobuf.Timestamp`.
                            &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                                # allow the value 60 if it allows leap-seconds.
                            &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                            &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                                # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                            &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                          },
                        },
                        &quot;bucketSize&quot;: 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
                            # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
                            # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
                            # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
                      },
                    },
                  },
                ],
              },
              &quot;primitiveTransformation&quot;: { # A rule for transforming a value. # Apply the transformation to the entire field.
                &quot;timePartConfig&quot;: { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
                    # portion of the value.
                  &quot;partToExtract&quot;: &quot;A String&quot;, # The part of the time to keep.
                },
                &quot;dateShiftConfig&quot;: { # Shifts dates by random number of days, with option to be consistent for the # Date Shift
                    # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
                    # to learn more.
                  &quot;context&quot;: { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id.
                      # If set, must also set cryptoKey. If set, shift will be consistent for the
                      # given context.
                    &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
                  },
                  &quot;upperBoundDays&quot;: 42, # Required. Range of shift in days. Actual shift will be selected at random within this
                      # range (inclusive ends). Negative means shift to earlier in time. Must not
                      # be more than 365250 days (1000 years) each direction.
                      #
                      # For example, 3 means shift date to at most 3 days into the future.
                  &quot;lowerBoundDays&quot;: 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
                  &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
                      # results in the same shift for the same context and crypto_key. If
                      # set, must also set context. Can only be applied to table items.
                      # a key encryption key (KEK) stored by KMS).
                      # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
                      # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
                      # unwrap the data crypto key.
                    &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
                        # The wrapped key must be a 128/192/256 bit key.
                        # Authorization requires the following IAM permissions when sending a request
                        # to perform a crypto transformation using a kms-wrapped crypto key:
                        # dlp.kms.encrypt
                      &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
                      &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
                    },
                    &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
                        # leaking the key. Choose another type of key if possible.
                      &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
                    },
                    &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
                        # It will be discarded after the request finishes.
                      &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
                          # This is an arbitrary string used to differentiate different keys.
                          # A unique key is generated per name: two separate `TransientCryptoKey`
                          # protos share the same generated key if their names are the same.
                          # When the data crypto key is generated, this name is not used in any way
                          # (repeating the api call will result in a different key being generated).
                    },
                  },
                },
                &quot;replaceWithInfoTypeConfig&quot;: { # Replace each matching finding with the name of the info_type. # Replace with infotype
                },
                &quot;cryptoHashConfig&quot;: { # Pseudonymization method that generates surrogates via cryptographic hashing. # Crypto
                    # Uses SHA-256.
                    # The key size must be either 32 or 64 bytes.
                    # Outputs a base64 encoded representation of the hashed output
                    # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).
                    # Currently, only string and integer values can be hashed.
                    # See https://cloud.google.com/dlp/docs/pseudonymization to learn more.
                  &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function.
                      # a key encryption key (KEK) stored by KMS).
                      # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
                      # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
                      # unwrap the data crypto key.
                    &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
                        # The wrapped key must be a 128/192/256 bit key.
                        # Authorization requires the following IAM permissions when sending a request
                        # to perform a crypto transformation using a kms-wrapped crypto key:
                        # dlp.kms.encrypt
                      &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
                      &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
                    },
                    &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
                        # leaking the key. Choose another type of key if possible.
                      &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
                    },
                    &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
                        # It will be discarded after the request finishes.
                      &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
                          # This is an arbitrary string used to differentiate different keys.
                          # A unique key is generated per name: two separate `TransientCryptoKey`
                          # protos share the same generated key if their names are the same.
                          # When the data crypto key is generated, this name is not used in any way
                          # (repeating the api call will result in a different key being generated).
                    },
                  },
                },
                &quot;cryptoReplaceFfxFpeConfig&quot;: { # Replaces an identifier with a surrogate using Format Preserving Encryption # Ffx-Fpe
                    # (FPE) with the FFX mode of operation; however when used in the
                    # `ReidentifyContent` API method, it serves the opposite function by reversing
                    # the surrogate back into the original identifier. The identifier must be
                    # encoded as ASCII. For a given crypto key and context, the same identifier
                    # will be replaced with the same surrogate. Identifiers must be at least two
                    # characters long. In the case that the identifier is the empty string, it will
                    # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn
                    # more.
                    #
                    # Note: We recommend using  CryptoDeterministicConfig for all use cases which
                    # do not require preserving the input alphabet space and size, plus warrant
                    # referential integrity.
                  &quot;customAlphabet&quot;: &quot;A String&quot;, # This is supported by mapping these to the alphanumeric characters
                      # that the FFX mode natively supports. This happens before/after
                      # encryption/decryption.
                      # Each character listed must appear only once.
                      # Number of characters must be in the range [2, 95].
                      # This must be encoded as ASCII.
                      # The order of characters does not matter.
                  &quot;commonAlphabet&quot;: &quot;A String&quot;, # Common alphabets.
                  &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom infoType to annotate the surrogate with.
                      # This annotation will be applied to the surrogate by prefixing it with
                      # the name of the custom infoType followed by the number of
                      # characters comprising the surrogate. The following scheme defines the
                      # format: info_type_name(surrogate_character_count):surrogate
                      #
                      # For example, if the name of custom infoType is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
                      # the surrogate is &#x27;abc&#x27;, the full replacement value
                      # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
                      #
                      # This annotation identifies the surrogate when inspecting content using the
                      # custom infoType
                      # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
                      # This facilitates reversal of the surrogate when it occurs in free text.
                      #
                      # In order for inspection to work properly, the name of this infoType must
                      # not occur naturally anywhere in your data; otherwise, inspection may
                      # find a surrogate that does not correspond to an actual identifier.
                      # Therefore, choose your custom infoType name carefully after considering
                      # what your data looks like. One way to select a name that has a high chance
                      # of yielding reliable detection is to include one or more unicode characters
                      # that are highly improbable to exist in your data.
                      # For example, assuming your data is entered from a regular ASCII keyboard,
                      # the symbol with the hex code point 29DD might be used like so:
                      # ⧝MY_TOKEN_TYPE
                    &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
                        # creating a CustomInfoType, or one of the names listed
                        # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
                        # a built-in type. InfoType names should conform to the pattern
                        # `[a-zA-Z0-9_]{1,64}`.
                  },
                  &quot;context&quot;: { # General identifier of a data field in a storage service. # The &#x27;tweak&#x27;, a context may be used for higher security since the same
                      # identifier in two different contexts won&#x27;t be given the same surrogate. If
                      # the context is not set, a default tweak will be used.
                      #
                      # If the context is set but:
                      #
                      # 1. there is no record present when transforming a given value or
                      # 1. the field is not present when transforming a given value,
                      #
                      # a default tweak will be used.
                      #
                      # Note that case (1) is expected when an `InfoTypeTransformation` is
                      # applied to both structured and non-structured `ContentItem`s.
                      # Currently, the referenced field may be of value type integer or string.
                      #
                      # The tweak is constructed as a sequence of bytes in big endian byte order
                      # such that:
                      #
                      # - a 64 bit integer is encoded followed by a single byte of value 1
                      # - a string is encoded in UTF-8 format followed by a single byte of value 2
                    &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
                  },
                  &quot;radix&quot;: 42, # The native way to select the alphabet. Must be in the range [2, 95].
                  &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Required. The key used by the encryption algorithm.
                      # a key encryption key (KEK) stored by KMS).
                      # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
                      # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
                      # unwrap the data crypto key.
                    &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
                        # The wrapped key must be a 128/192/256 bit key.
                        # Authorization requires the following IAM permissions when sending a request
                        # to perform a crypto transformation using a kms-wrapped crypto key:
                        # dlp.kms.encrypt
                      &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
                      &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
                    },
                    &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
                        # leaking the key. Choose another type of key if possible.
                      &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
                    },
                    &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
                        # It will be discarded after the request finishes.
                      &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
                          # This is an arbitrary string used to differentiate different keys.
                          # A unique key is generated per name: two separate `TransientCryptoKey`
                          # protos share the same generated key if their names are the same.
                          # When the data crypto key is generated, this name is not used in any way
                          # (repeating the api call will result in a different key being generated).
                    },
                  },
                },
                &quot;cryptoDeterministicConfig&quot;: { # Pseudonymization method that generates deterministic encryption for the given # Deterministic Crypto
                    # input. Outputs a base64 encoded representation of the encrypted output.
                    # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
                  &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
                      # This annotation will be applied to the surrogate by prefixing it with
                      # the name of the custom info type followed by the number of
                      # characters comprising the surrogate. The following scheme defines the
                      # format: {info type name}({surrogate character count}):{surrogate}
                      #
                      # For example, if the name of custom info type is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
                      # the surrogate is &#x27;abc&#x27;, the full replacement value
                      # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
                      #
                      # This annotation identifies the surrogate when inspecting content using the
                      # custom info type &#x27;Surrogate&#x27;. This facilitates reversal of the
                      # surrogate when it occurs in free text.
                      #
                      # Note: For record transformations where the entire cell in a table is being
                      # transformed, surrogates are not mandatory. Surrogates are used to denote
                      # the location of the token and are necessary for re-identification in free
                      # form text.
                      #
                      # In order for inspection to work properly, the name of this info type must
                      # not occur naturally anywhere in your data; otherwise, inspection may either
                      #
                      # - reverse a surrogate that does not correspond to an actual identifier
                      # - be unable to parse the surrogate and result in an error
                      #
                      # Therefore, choose your custom info type name carefully after considering
                      # what your data looks like. One way to select a name that has a high chance
                      # of yielding reliable detection is to include one or more unicode characters
                      # that are highly improbable to exist in your data.
                      # For example, assuming your data is entered from a regular ASCII keyboard,
                      # the symbol with the hex code point 29DD might be used like so:
                      # ⧝MY_TOKEN_TYPE.
                    &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
                        # creating a CustomInfoType, or one of the names listed
                        # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
                        # a built-in type. InfoType names should conform to the pattern
                        # `[a-zA-Z0-9_]{1,64}`.
                  },
                  &quot;context&quot;: { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
                      # referential integrity such that the same identifier in two different
                      # contexts will be given a distinct surrogate. The context is appended to
                      # plaintext value being encrypted. On decryption the provided context is
                      # validated against the value used during encryption. If a context was
                      # provided during encryption, same context must be provided during decryption
                      # as well.
                      #
                      # If the context is not set, plaintext would be used as is for encryption.
                      # If the context is set but:
                      #
                      # 1. there is no record present when transforming a given value or
                      # 2. the field is not present when transforming a given value,
                      #
                      # plaintext would be used as is for encryption.
                      #
                      # Note that case (1) is expected when an `InfoTypeTransformation` is
                      # applied to both structured and non-structured `ContentItem`s.
                    &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
                  },
                  &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
                      # a key encryption key (KEK) stored by KMS).
                      # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
                      # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
                      # unwrap the data crypto key.
                    &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
                        # The wrapped key must be a 128/192/256 bit key.
                        # Authorization requires the following IAM permissions when sending a request
                        # to perform a crypto transformation using a kms-wrapped crypto key:
                        # dlp.kms.encrypt
                      &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
                      &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
                    },
                    &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
                        # leaking the key. Choose another type of key if possible.
                      &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
                    },
                    &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
                        # It will be discarded after the request finishes.
                      &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
                          # This is an arbitrary string used to differentiate different keys.
                          # A unique key is generated per name: two separate `TransientCryptoKey`
                          # protos share the same generated key if their names are the same.
                          # When the data crypto key is generated, this name is not used in any way
                          # (repeating the api call will result in a different key being generated).
                    },
                  },
                },
                &quot;redactConfig&quot;: { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
                    # transforming PHONE_NUMBER, and input &#x27;My phone number is 206-555-0123&#x27;, the
                    # output would be &#x27;My phone number is &#x27;.
                },
                &quot;bucketingConfig&quot;: { # Generalization function that buckets values based on ranges. The ranges and # Bucketing
                    # replacement values are dynamically provided by the user for custom behavior,
                    # such as 1-30 -&gt; LOW 31-65 -&gt; MEDIUM 66-100 -&gt; HIGH
                    # This can be used on
                    # data of type: number, long, string, timestamp.
                    # If the bound `Value` type differs from the type of data being transformed, we
                    # will first attempt converting the type of the data to be transformed to match
                    # the type of the bound before comparing.
                    # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
                  &quot;buckets&quot;: [ # Set of buckets. Ranges must be non-overlapping.
                    { # Bucket is represented as a range, along with replacement values.
                      &quot;min&quot;: { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
                          # used.
                          # Note that for the purposes of inspection or transformation, the number
                          # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                          # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                          # 123456789, the number of bytes would be counted as 9, even though an
                          # int64 only holds up to 8 bytes of data.
                        &quot;booleanValue&quot;: True or False, # boolean
                        &quot;floatValue&quot;: 3.14, # float
                        &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                        &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                        &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                            # and time zone are either specified elsewhere or are not significant. The date
                            # is relative to the Proleptic Gregorian Calendar. This can represent:
                            #
                            # * A full date, with non-zero year, month and day values
                            # * A month and day value, with a zero year, e.g. an anniversary
                            # * A year on its own, with zero month and day values
                            # * A year and month value, with a zero day, e.g. a credit card expiration date
                            #
                            # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                          &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                              # a year.
                          &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                              # month and day.
                          &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                              # if specifying a year by itself or a year and month where the day is not
                              # significant.
                        },
                        &quot;stringValue&quot;: &quot;A String&quot;, # string
                        &quot;integerValue&quot;: &quot;A String&quot;, # integer
                        &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                            # or are specified elsewhere. An API may choose to allow leap seconds. Related
                            # types are google.type.Date and `google.protobuf.Timestamp`.
                          &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                              # allow the value 60 if it allows leap-seconds.
                          &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                          &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                              # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                          &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                        },
                      },
                      &quot;max&quot;: { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
                          # Note that for the purposes of inspection or transformation, the number
                          # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                          # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                          # 123456789, the number of bytes would be counted as 9, even though an
                          # int64 only holds up to 8 bytes of data.
                        &quot;booleanValue&quot;: True or False, # boolean
                        &quot;floatValue&quot;: 3.14, # float
                        &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                        &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                        &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                            # and time zone are either specified elsewhere or are not significant. The date
                            # is relative to the Proleptic Gregorian Calendar. This can represent:
                            #
                            # * A full date, with non-zero year, month and day values
                            # * A month and day value, with a zero year, e.g. an anniversary
                            # * A year on its own, with zero month and day values
                            # * A year and month value, with a zero day, e.g. a credit card expiration date
                            #
                            # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                          &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                              # a year.
                          &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                              # month and day.
                          &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                              # if specifying a year by itself or a year and month where the day is not
                              # significant.
                        },
                        &quot;stringValue&quot;: &quot;A String&quot;, # string
                        &quot;integerValue&quot;: &quot;A String&quot;, # integer
                        &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                            # or are specified elsewhere. An API may choose to allow leap seconds. Related
                            # types are google.type.Date and `google.protobuf.Timestamp`.
                          &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                              # allow the value 60 if it allows leap-seconds.
                          &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                          &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                              # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                          &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                        },
                      },
                      &quot;replacementValue&quot;: { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
                          # the default behavior will be to hyphenate the min-max range.
                          # Note that for the purposes of inspection or transformation, the number
                          # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                          # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                          # 123456789, the number of bytes would be counted as 9, even though an
                          # int64 only holds up to 8 bytes of data.
                        &quot;booleanValue&quot;: True or False, # boolean
                        &quot;floatValue&quot;: 3.14, # float
                        &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                        &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                        &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                            # and time zone are either specified elsewhere or are not significant. The date
                            # is relative to the Proleptic Gregorian Calendar. This can represent:
                            #
                            # * A full date, with non-zero year, month and day values
                            # * A month and day value, with a zero year, e.g. an anniversary
                            # * A year on its own, with zero month and day values
                            # * A year and month value, with a zero day, e.g. a credit card expiration date
                            #
                            # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                          &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                              # a year.
                          &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                              # month and day.
                          &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                              # if specifying a year by itself or a year and month where the day is not
                              # significant.
                        },
                        &quot;stringValue&quot;: &quot;A String&quot;, # string
                        &quot;integerValue&quot;: &quot;A String&quot;, # integer
                        &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                            # or are specified elsewhere. An API may choose to allow leap seconds. Related
                            # types are google.type.Date and `google.protobuf.Timestamp`.
                          &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                              # allow the value 60 if it allows leap-seconds.
                          &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                          &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                              # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                          &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                        },
                      },
                    },
                  ],
                },
                &quot;replaceConfig&quot;: { # Replace each input value with a given `Value`. # Replace
                  &quot;newValue&quot;: { # Set of primitive values supported by the system. # Value to replace it with.
                      # Note that for the purposes of inspection or transformation, the number
                      # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                      # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                      # 123456789, the number of bytes would be counted as 9, even though an
                      # int64 only holds up to 8 bytes of data.
                    &quot;booleanValue&quot;: True or False, # boolean
                    &quot;floatValue&quot;: 3.14, # float
                    &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                    &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                    &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                        # and time zone are either specified elsewhere or are not significant. The date
                        # is relative to the Proleptic Gregorian Calendar. This can represent:
                        #
                        # * A full date, with non-zero year, month and day values
                        # * A month and day value, with a zero year, e.g. an anniversary
                        # * A year on its own, with zero month and day values
                        # * A year and month value, with a zero day, e.g. a credit card expiration date
                        #
                        # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                      &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                          # a year.
                      &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                          # month and day.
                      &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                          # if specifying a year by itself or a year and month where the day is not
                          # significant.
                    },
                    &quot;stringValue&quot;: &quot;A String&quot;, # string
                    &quot;integerValue&quot;: &quot;A String&quot;, # integer
                    &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                        # or are specified elsewhere. An API may choose to allow leap seconds. Related
                        # types are google.type.Date and `google.protobuf.Timestamp`.
                      &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                          # allow the value 60 if it allows leap-seconds.
                      &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                      &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                          # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                      &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                    },
                  },
                },
                &quot;characterMaskConfig&quot;: { # Partially mask a string by replacing a given number of characters with a # Mask
                    # fixed character. Masking can start from the beginning or end of the string.
                    # This can be used on data of any type (numbers, longs, and so on) and when
                    # de-identifying structured data we&#x27;ll attempt to preserve the original data&#x27;s
                    # type. (This allows you to take a long like 123 and modify it to a string like
                    # **3.
                  &quot;reverseOrder&quot;: True or False, # Mask characters in reverse order. For example, if `masking_character` is
                      # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
                      # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
                      # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
                      # is `true`, then the string `12345` is masked as `12***`.
                  &quot;charactersToIgnore&quot;: [ # When masking a string, items in this list will be skipped when replacing
                      # characters. For example, if the input string is `555-555-5555` and you
                      # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
                      # returns `***-**5-5555`.
                    { # Characters to skip when doing deidentification of a value. These will be left
                        # alone and skipped.
                      &quot;charactersToSkip&quot;: &quot;A String&quot;, # Characters to not transform when masking.
                      &quot;commonCharactersToIgnore&quot;: &quot;A String&quot;, # Common characters to not transform when masking. Useful to avoid removing
                          # punctuation.
                    },
                  ],
                  &quot;numberToMask&quot;: 42, # Number of characters to mask. If not set, all matching chars will be
                      # masked. Skipped characters do not count towards this tally.
                  &quot;maskingCharacter&quot;: &quot;A String&quot;, # Character to use to mask the sensitive values&amp;mdash;for example, `*` for an
                      # alphabetic string such as a name, or `0` for a numeric string such as ZIP
                      # code or credit card number. This string must have a length of 1. If not
                      # supplied, this value defaults to `*` for strings, and `0` for digits.
                },
                &quot;fixedSizeBucketingConfig&quot;: { # Buckets values based on fixed size ranges. The # Fixed size bucketing
                    # Bucketing transformation can provide all of this functionality,
                    # but requires more configuration. This message is provided as a convenience to
                    # the user for simple bucketing strategies.
                    #
                    # The transformed value will be a hyphenated string of
                    # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
                    # all values that are within this bucket will be replaced with &quot;10-20&quot;.
                    #
                    # This can be used on data of type: double, long.
                    #
                    # If the bound Value type differs from the type of data
                    # being transformed, we will first attempt converting the type of the data to
                    # be transformed to match the type of the bound before comparing.
                    #
                    # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
                  &quot;lowerBound&quot;: { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
                      # grouped together into a single bucket; for example if `lower_bound` = 10,
                      # then all values less than 10 are replaced with the value &quot;-10&quot;.
                      # Note that for the purposes of inspection or transformation, the number
                      # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                      # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                      # 123456789, the number of bytes would be counted as 9, even though an
                      # int64 only holds up to 8 bytes of data.
                    &quot;booleanValue&quot;: True or False, # boolean
                    &quot;floatValue&quot;: 3.14, # float
                    &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                    &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                    &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                        # and time zone are either specified elsewhere or are not significant. The date
                        # is relative to the Proleptic Gregorian Calendar. This can represent:
                        #
                        # * A full date, with non-zero year, month and day values
                        # * A month and day value, with a zero year, e.g. an anniversary
                        # * A year on its own, with zero month and day values
                        # * A year and month value, with a zero day, e.g. a credit card expiration date
                        #
                        # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                      &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                          # a year.
                      &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                          # month and day.
                      &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                          # if specifying a year by itself or a year and month where the day is not
                          # significant.
                    },
                    &quot;stringValue&quot;: &quot;A String&quot;, # string
                    &quot;integerValue&quot;: &quot;A String&quot;, # integer
                    &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                        # or are specified elsewhere. An API may choose to allow leap seconds. Related
                        # types are google.type.Date and `google.protobuf.Timestamp`.
                      &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                          # allow the value 60 if it allows leap-seconds.
                      &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                      &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                          # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                      &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                    },
                  },
                  &quot;upperBound&quot;: { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
                      # grouped together into a single bucket; for example if `upper_bound` = 89,
                      # then all values greater than 89 are replaced with the value &quot;89+&quot;.
                      # Note that for the purposes of inspection or transformation, the number
                      # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                      # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                      # 123456789, the number of bytes would be counted as 9, even though an
                      # int64 only holds up to 8 bytes of data.
                    &quot;booleanValue&quot;: True or False, # boolean
                    &quot;floatValue&quot;: 3.14, # float
                    &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                    &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                    &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                        # and time zone are either specified elsewhere or are not significant. The date
                        # is relative to the Proleptic Gregorian Calendar. This can represent:
                        #
                        # * A full date, with non-zero year, month and day values
                        # * A month and day value, with a zero year, e.g. an anniversary
                        # * A year on its own, with zero month and day values
                        # * A year and month value, with a zero day, e.g. a credit card expiration date
                        #
                        # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                      &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                          # a year.
                      &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                          # month and day.
                      &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                          # if specifying a year by itself or a year and month where the day is not
                          # significant.
                    },
                    &quot;stringValue&quot;: &quot;A String&quot;, # string
                    &quot;integerValue&quot;: &quot;A String&quot;, # integer
                    &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                        # or are specified elsewhere. An API may choose to allow leap seconds. Related
                        # types are google.type.Date and `google.protobuf.Timestamp`.
                      &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                          # allow the value 60 if it allows leap-seconds.
                      &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                      &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                          # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                      &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                    },
                  },
                  &quot;bucketSize&quot;: 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
                      # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
                      # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
                      # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
                },
              },
              &quot;condition&quot;: { # A condition for determining whether a transformation should be applied to # Only apply the transformation if the condition evaluates to true for the
                  # given `RecordCondition`. The conditions are allowed to reference fields
                  # that are not used in the actual transformation.
                  #
                  # Example Use Cases:
                  #
                  # - Apply a different bucket transformation to an age column if the zip code
                  # column for the same record is within a specific range.
                  # - Redact a field if the date of birth field is greater than 85.
                  # a field.
                &quot;expressions&quot;: { # An expression, consisting or an operator and conditions. # An expression.
                  &quot;logicalOperator&quot;: &quot;A String&quot;, # The operator to apply to the result of conditions. Default and currently
                      # only supported value is `AND`.
                  &quot;conditions&quot;: { # A collection of conditions. # Conditions to apply to the expression.
                    &quot;conditions&quot;: [ # A collection of conditions.
                      { # The field type of `value` and `field` do not need to match to be
                          # considered equal, but not all comparisons are possible.
                          # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types,
                          # but all other comparisons are invalid with incompatible types.
                          # A `value` of type:
                          #
                          # - `string` can be compared against all other types
                          # - `boolean` can only be compared against other booleans
                          # - `integer` can be compared against doubles or a string if the string value
                          # can be parsed as an integer.
                          # - `double` can be compared against integers or a string if the string can
                          # be parsed as a double.
                          # - `Timestamp` can be compared against strings in RFC 3339 date string
                          # format.
                          # - `TimeOfDay` can be compared against timestamps and strings in the format
                          # of &#x27;HH:mm:ss&#x27;.
                          #
                          # If we fail to compare do to type mismatch, a warning will be given and
                          # the condition will evaluate to false.
                        &quot;field&quot;: { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.
                          &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
                        },
                        &quot;operator&quot;: &quot;A String&quot;, # Required. Operator used to compare the field or infoType to the value.
                        &quot;value&quot;: { # Set of primitive values supported by the system. # Value to compare against. [Mandatory, except for `EXISTS` tests.]
                            # Note that for the purposes of inspection or transformation, the number
                            # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                            # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                            # 123456789, the number of bytes would be counted as 9, even though an
                            # int64 only holds up to 8 bytes of data.
                          &quot;booleanValue&quot;: True or False, # boolean
                          &quot;floatValue&quot;: 3.14, # float
                          &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                          &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                          &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                              # and time zone are either specified elsewhere or are not significant. The date
                              # is relative to the Proleptic Gregorian Calendar. This can represent:
                              #
                              # * A full date, with non-zero year, month and day values
                              # * A month and day value, with a zero year, e.g. an anniversary
                              # * A year on its own, with zero month and day values
                              # * A year and month value, with a zero day, e.g. a credit card expiration date
                              #
                              # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                            &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                                # a year.
                            &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                                # month and day.
                            &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                                # if specifying a year by itself or a year and month where the day is not
                                # significant.
                          },
                          &quot;stringValue&quot;: &quot;A String&quot;, # string
                          &quot;integerValue&quot;: &quot;A String&quot;, # integer
                          &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                              # or are specified elsewhere. An API may choose to allow leap seconds. Related
                              # types are google.type.Date and `google.protobuf.Timestamp`.
                            &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                                # allow the value 60 if it allows leap-seconds.
                            &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                            &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                                # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                            &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                          },
                        },
                      },
                    ],
                  },
                },
              },
            },
          ],
          &quot;field&quot;: { # General identifier of a data field in a storage service. # Set if the transformation was limited to a specific FieldId.
            &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
          },
          &quot;transformation&quot;: { # A rule for transforming a value. # The specific transformation these stats apply to.
            &quot;timePartConfig&quot;: { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
                # portion of the value.
              &quot;partToExtract&quot;: &quot;A String&quot;, # The part of the time to keep.
            },
            &quot;dateShiftConfig&quot;: { # Shifts dates by random number of days, with option to be consistent for the # Date Shift
                # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
                # to learn more.
              &quot;context&quot;: { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id.
                  # If set, must also set cryptoKey. If set, shift will be consistent for the
                  # given context.
                &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
              },
              &quot;upperBoundDays&quot;: 42, # Required. Range of shift in days. Actual shift will be selected at random within this
                  # range (inclusive ends). Negative means shift to earlier in time. Must not
                  # be more than 365250 days (1000 years) each direction.
                  #
                  # For example, 3 means shift date to at most 3 days into the future.
              &quot;lowerBoundDays&quot;: 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
              &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
                  # results in the same shift for the same context and crypto_key. If
                  # set, must also set context. Can only be applied to table items.
                  # a key encryption key (KEK) stored by KMS).
                  # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
                  # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
                  # unwrap the data crypto key.
                &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
                    # The wrapped key must be a 128/192/256 bit key.
                    # Authorization requires the following IAM permissions when sending a request
                    # to perform a crypto transformation using a kms-wrapped crypto key:
                    # dlp.kms.encrypt
                  &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
                  &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
                },
                &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
                    # leaking the key. Choose another type of key if possible.
                  &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
                },
                &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
                    # It will be discarded after the request finishes.
                  &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
                      # This is an arbitrary string used to differentiate different keys.
                      # A unique key is generated per name: two separate `TransientCryptoKey`
                      # protos share the same generated key if their names are the same.
                      # When the data crypto key is generated, this name is not used in any way
                      # (repeating the api call will result in a different key being generated).
                },
              },
            },
            &quot;replaceWithInfoTypeConfig&quot;: { # Replace each matching finding with the name of the info_type. # Replace with infotype
            },
            &quot;cryptoHashConfig&quot;: { # Pseudonymization method that generates surrogates via cryptographic hashing. # Crypto
                # Uses SHA-256.
                # The key size must be either 32 or 64 bytes.
                # Outputs a base64 encoded representation of the hashed output
                # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).
                # Currently, only string and integer values can be hashed.
                # See https://cloud.google.com/dlp/docs/pseudonymization to learn more.
              &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function.
                  # a key encryption key (KEK) stored by KMS).
                  # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
                  # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
                  # unwrap the data crypto key.
                &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
                    # The wrapped key must be a 128/192/256 bit key.
                    # Authorization requires the following IAM permissions when sending a request
                    # to perform a crypto transformation using a kms-wrapped crypto key:
                    # dlp.kms.encrypt
                  &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
                  &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
                },
                &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
                    # leaking the key. Choose another type of key if possible.
                  &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
                },
                &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
                    # It will be discarded after the request finishes.
                  &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
                      # This is an arbitrary string used to differentiate different keys.
                      # A unique key is generated per name: two separate `TransientCryptoKey`
                      # protos share the same generated key if their names are the same.
                      # When the data crypto key is generated, this name is not used in any way
                      # (repeating the api call will result in a different key being generated).
                },
              },
            },
            &quot;cryptoReplaceFfxFpeConfig&quot;: { # Replaces an identifier with a surrogate using Format Preserving Encryption # Ffx-Fpe
                # (FPE) with the FFX mode of operation; however when used in the
                # `ReidentifyContent` API method, it serves the opposite function by reversing
                # the surrogate back into the original identifier. The identifier must be
                # encoded as ASCII. For a given crypto key and context, the same identifier
                # will be replaced with the same surrogate. Identifiers must be at least two
                # characters long. In the case that the identifier is the empty string, it will
                # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn
                # more.
                #
                # Note: We recommend using  CryptoDeterministicConfig for all use cases which
                # do not require preserving the input alphabet space and size, plus warrant
                # referential integrity.
              &quot;customAlphabet&quot;: &quot;A String&quot;, # This is supported by mapping these to the alphanumeric characters
                  # that the FFX mode natively supports. This happens before/after
                  # encryption/decryption.
                  # Each character listed must appear only once.
                  # Number of characters must be in the range [2, 95].
                  # This must be encoded as ASCII.
                  # The order of characters does not matter.
              &quot;commonAlphabet&quot;: &quot;A String&quot;, # Common alphabets.
              &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom infoType to annotate the surrogate with.
                  # This annotation will be applied to the surrogate by prefixing it with
                  # the name of the custom infoType followed by the number of
                  # characters comprising the surrogate. The following scheme defines the
                  # format: info_type_name(surrogate_character_count):surrogate
                  #
                  # For example, if the name of custom infoType is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
                  # the surrogate is &#x27;abc&#x27;, the full replacement value
                  # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
                  #
                  # This annotation identifies the surrogate when inspecting content using the
                  # custom infoType
                  # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
                  # This facilitates reversal of the surrogate when it occurs in free text.
                  #
                  # In order for inspection to work properly, the name of this infoType must
                  # not occur naturally anywhere in your data; otherwise, inspection may
                  # find a surrogate that does not correspond to an actual identifier.
                  # Therefore, choose your custom infoType name carefully after considering
                  # what your data looks like. One way to select a name that has a high chance
                  # of yielding reliable detection is to include one or more unicode characters
                  # that are highly improbable to exist in your data.
                  # For example, assuming your data is entered from a regular ASCII keyboard,
                  # the symbol with the hex code point 29DD might be used like so:
                  # ⧝MY_TOKEN_TYPE
                &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
                    # creating a CustomInfoType, or one of the names listed
                    # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
                    # a built-in type. InfoType names should conform to the pattern
                    # `[a-zA-Z0-9_]{1,64}`.
              },
              &quot;context&quot;: { # General identifier of a data field in a storage service. # The &#x27;tweak&#x27;, a context may be used for higher security since the same
                  # identifier in two different contexts won&#x27;t be given the same surrogate. If
                  # the context is not set, a default tweak will be used.
                  #
                  # If the context is set but:
                  #
                  # 1. there is no record present when transforming a given value or
                  # 1. the field is not present when transforming a given value,
                  #
                  # a default tweak will be used.
                  #
                  # Note that case (1) is expected when an `InfoTypeTransformation` is
                  # applied to both structured and non-structured `ContentItem`s.
                  # Currently, the referenced field may be of value type integer or string.
                  #
                  # The tweak is constructed as a sequence of bytes in big endian byte order
                  # such that:
                  #
                  # - a 64 bit integer is encoded followed by a single byte of value 1
                  # - a string is encoded in UTF-8 format followed by a single byte of value 2
                &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
              },
              &quot;radix&quot;: 42, # The native way to select the alphabet. Must be in the range [2, 95].
              &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Required. The key used by the encryption algorithm.
                  # a key encryption key (KEK) stored by KMS).
                  # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
                  # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
                  # unwrap the data crypto key.
                &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
                    # The wrapped key must be a 128/192/256 bit key.
                    # Authorization requires the following IAM permissions when sending a request
                    # to perform a crypto transformation using a kms-wrapped crypto key:
                    # dlp.kms.encrypt
                  &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
                  &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
                },
                &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
                    # leaking the key. Choose another type of key if possible.
                  &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
                },
                &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
                    # It will be discarded after the request finishes.
                  &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
                      # This is an arbitrary string used to differentiate different keys.
                      # A unique key is generated per name: two separate `TransientCryptoKey`
                      # protos share the same generated key if their names are the same.
                      # When the data crypto key is generated, this name is not used in any way
                      # (repeating the api call will result in a different key being generated).
                },
              },
            },
            &quot;cryptoDeterministicConfig&quot;: { # Pseudonymization method that generates deterministic encryption for the given # Deterministic Crypto
                # input. Outputs a base64 encoded representation of the encrypted output.
                # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
              &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
                  # This annotation will be applied to the surrogate by prefixing it with
                  # the name of the custom info type followed by the number of
                  # characters comprising the surrogate. The following scheme defines the
                  # format: {info type name}({surrogate character count}):{surrogate}
                  #
                  # For example, if the name of custom info type is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
                  # the surrogate is &#x27;abc&#x27;, the full replacement value
                  # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
                  #
                  # This annotation identifies the surrogate when inspecting content using the
                  # custom info type &#x27;Surrogate&#x27;. This facilitates reversal of the
                  # surrogate when it occurs in free text.
                  #
                  # Note: For record transformations where the entire cell in a table is being
                  # transformed, surrogates are not mandatory. Surrogates are used to denote
                  # the location of the token and are necessary for re-identification in free
                  # form text.
                  #
                  # In order for inspection to work properly, the name of this info type must
                  # not occur naturally anywhere in your data; otherwise, inspection may either
                  #
                  # - reverse a surrogate that does not correspond to an actual identifier
                  # - be unable to parse the surrogate and result in an error
                  #
                  # Therefore, choose your custom info type name carefully after considering
                  # what your data looks like. One way to select a name that has a high chance
                  # of yielding reliable detection is to include one or more unicode characters
                  # that are highly improbable to exist in your data.
                  # For example, assuming your data is entered from a regular ASCII keyboard,
                  # the symbol with the hex code point 29DD might be used like so:
                  # ⧝MY_TOKEN_TYPE.
                &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
                    # creating a CustomInfoType, or one of the names listed
                    # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
                    # a built-in type. InfoType names should conform to the pattern
                    # `[a-zA-Z0-9_]{1,64}`.
              },
              &quot;context&quot;: { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
                  # referential integrity such that the same identifier in two different
                  # contexts will be given a distinct surrogate. The context is appended to
                  # plaintext value being encrypted. On decryption the provided context is
                  # validated against the value used during encryption. If a context was
                  # provided during encryption, same context must be provided during decryption
                  # as well.
                  #
                  # If the context is not set, plaintext would be used as is for encryption.
                  # If the context is set but:
                  #
                  # 1. there is no record present when transforming a given value or
                  # 2. the field is not present when transforming a given value,
                  #
                  # plaintext would be used as is for encryption.
                  #
                  # Note that case (1) is expected when an `InfoTypeTransformation` is
                  # applied to both structured and non-structured `ContentItem`s.
                &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
              },
              &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
                  # a key encryption key (KEK) stored by KMS).
                  # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
                  # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
                  # unwrap the data crypto key.
                &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
                    # The wrapped key must be a 128/192/256 bit key.
                    # Authorization requires the following IAM permissions when sending a request
                    # to perform a crypto transformation using a kms-wrapped crypto key:
                    # dlp.kms.encrypt
                  &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
                  &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
                },
                &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
                    # leaking the key. Choose another type of key if possible.
                  &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
                },
                &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
                    # It will be discarded after the request finishes.
                  &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
                      # This is an arbitrary string used to differentiate different keys.
                      # A unique key is generated per name: two separate `TransientCryptoKey`
                      # protos share the same generated key if their names are the same.
                      # When the data crypto key is generated, this name is not used in any way
                      # (repeating the api call will result in a different key being generated).
                },
              },
            },
            &quot;redactConfig&quot;: { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
                # transforming PHONE_NUMBER, and input &#x27;My phone number is 206-555-0123&#x27;, the
                # output would be &#x27;My phone number is &#x27;.
            },
            &quot;bucketingConfig&quot;: { # Generalization function that buckets values based on ranges. The ranges and # Bucketing
                # replacement values are dynamically provided by the user for custom behavior,
                # such as 1-30 -&gt; LOW 31-65 -&gt; MEDIUM 66-100 -&gt; HIGH
                # This can be used on
                # data of type: number, long, string, timestamp.
                # If the bound `Value` type differs from the type of data being transformed, we
                # will first attempt converting the type of the data to be transformed to match
                # the type of the bound before comparing.
                # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
              &quot;buckets&quot;: [ # Set of buckets. Ranges must be non-overlapping.
                { # Bucket is represented as a range, along with replacement values.
                  &quot;min&quot;: { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
                      # used.
                      # Note that for the purposes of inspection or transformation, the number
                      # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                      # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                      # 123456789, the number of bytes would be counted as 9, even though an
                      # int64 only holds up to 8 bytes of data.
                    &quot;booleanValue&quot;: True or False, # boolean
                    &quot;floatValue&quot;: 3.14, # float
                    &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                    &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                    &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                        # and time zone are either specified elsewhere or are not significant. The date
                        # is relative to the Proleptic Gregorian Calendar. This can represent:
                        #
                        # * A full date, with non-zero year, month and day values
                        # * A month and day value, with a zero year, e.g. an anniversary
                        # * A year on its own, with zero month and day values
                        # * A year and month value, with a zero day, e.g. a credit card expiration date
                        #
                        # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                      &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                          # a year.
                      &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                          # month and day.
                      &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                          # if specifying a year by itself or a year and month where the day is not
                          # significant.
                    },
                    &quot;stringValue&quot;: &quot;A String&quot;, # string
                    &quot;integerValue&quot;: &quot;A String&quot;, # integer
                    &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                        # or are specified elsewhere. An API may choose to allow leap seconds. Related
                        # types are google.type.Date and `google.protobuf.Timestamp`.
                      &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                          # allow the value 60 if it allows leap-seconds.
                      &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                      &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                          # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                      &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                    },
                  },
                  &quot;max&quot;: { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
                      # Note that for the purposes of inspection or transformation, the number
                      # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                      # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                      # 123456789, the number of bytes would be counted as 9, even though an
                      # int64 only holds up to 8 bytes of data.
                    &quot;booleanValue&quot;: True or False, # boolean
                    &quot;floatValue&quot;: 3.14, # float
                    &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                    &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                    &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                        # and time zone are either specified elsewhere or are not significant. The date
                        # is relative to the Proleptic Gregorian Calendar. This can represent:
                        #
                        # * A full date, with non-zero year, month and day values
                        # * A month and day value, with a zero year, e.g. an anniversary
                        # * A year on its own, with zero month and day values
                        # * A year and month value, with a zero day, e.g. a credit card expiration date
                        #
                        # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                      &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                          # a year.
                      &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                          # month and day.
                      &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                          # if specifying a year by itself or a year and month where the day is not
                          # significant.
                    },
                    &quot;stringValue&quot;: &quot;A String&quot;, # string
                    &quot;integerValue&quot;: &quot;A String&quot;, # integer
                    &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                        # or are specified elsewhere. An API may choose to allow leap seconds. Related
                        # types are google.type.Date and `google.protobuf.Timestamp`.
                      &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                          # allow the value 60 if it allows leap-seconds.
                      &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                      &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                          # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                      &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                    },
                  },
                  &quot;replacementValue&quot;: { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
                      # the default behavior will be to hyphenate the min-max range.
                      # Note that for the purposes of inspection or transformation, the number
                      # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                      # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                      # 123456789, the number of bytes would be counted as 9, even though an
                      # int64 only holds up to 8 bytes of data.
                    &quot;booleanValue&quot;: True or False, # boolean
                    &quot;floatValue&quot;: 3.14, # float
                    &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                    &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                    &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                        # and time zone are either specified elsewhere or are not significant. The date
                        # is relative to the Proleptic Gregorian Calendar. This can represent:
                        #
                        # * A full date, with non-zero year, month and day values
                        # * A month and day value, with a zero year, e.g. an anniversary
                        # * A year on its own, with zero month and day values
                        # * A year and month value, with a zero day, e.g. a credit card expiration date
                        #
                        # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                      &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                          # a year.
                      &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                          # month and day.
                      &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                          # if specifying a year by itself or a year and month where the day is not
                          # significant.
                    },
                    &quot;stringValue&quot;: &quot;A String&quot;, # string
                    &quot;integerValue&quot;: &quot;A String&quot;, # integer
                    &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                        # or are specified elsewhere. An API may choose to allow leap seconds. Related
                        # types are google.type.Date and `google.protobuf.Timestamp`.
                      &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                          # allow the value 60 if it allows leap-seconds.
                      &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                      &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                          # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                      &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                    },
                  },
                },
              ],
            },
            &quot;replaceConfig&quot;: { # Replace each input value with a given `Value`. # Replace
              &quot;newValue&quot;: { # Set of primitive values supported by the system. # Value to replace it with.
                  # Note that for the purposes of inspection or transformation, the number
                  # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                  # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                  # 123456789, the number of bytes would be counted as 9, even though an
                  # int64 only holds up to 8 bytes of data.
                &quot;booleanValue&quot;: True or False, # boolean
                &quot;floatValue&quot;: 3.14, # float
                &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                    # and time zone are either specified elsewhere or are not significant. The date
                    # is relative to the Proleptic Gregorian Calendar. This can represent:
                    #
                    # * A full date, with non-zero year, month and day values
                    # * A month and day value, with a zero year, e.g. an anniversary
                    # * A year on its own, with zero month and day values
                    # * A year and month value, with a zero day, e.g. a credit card expiration date
                    #
                    # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                  &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                      # a year.
                  &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                      # month and day.
                  &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                      # if specifying a year by itself or a year and month where the day is not
                      # significant.
                },
                &quot;stringValue&quot;: &quot;A String&quot;, # string
                &quot;integerValue&quot;: &quot;A String&quot;, # integer
                &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                    # or are specified elsewhere. An API may choose to allow leap seconds. Related
                    # types are google.type.Date and `google.protobuf.Timestamp`.
                  &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                      # allow the value 60 if it allows leap-seconds.
                  &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                  &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                      # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                  &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                },
              },
            },
            &quot;characterMaskConfig&quot;: { # Partially mask a string by replacing a given number of characters with a # Mask
                # fixed character. Masking can start from the beginning or end of the string.
                # This can be used on data of any type (numbers, longs, and so on) and when
                # de-identifying structured data we&#x27;ll attempt to preserve the original data&#x27;s
                # type. (This allows you to take a long like 123 and modify it to a string like
                # **3.
              &quot;reverseOrder&quot;: True or False, # Mask characters in reverse order. For example, if `masking_character` is
                  # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
                  # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
                  # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
                  # is `true`, then the string `12345` is masked as `12***`.
              &quot;charactersToIgnore&quot;: [ # When masking a string, items in this list will be skipped when replacing
                  # characters. For example, if the input string is `555-555-5555` and you
                  # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
                  # returns `***-**5-5555`.
                { # Characters to skip when doing deidentification of a value. These will be left
                    # alone and skipped.
                  &quot;charactersToSkip&quot;: &quot;A String&quot;, # Characters to not transform when masking.
                  &quot;commonCharactersToIgnore&quot;: &quot;A String&quot;, # Common characters to not transform when masking. Useful to avoid removing
                      # punctuation.
                },
              ],
              &quot;numberToMask&quot;: 42, # Number of characters to mask. If not set, all matching chars will be
                  # masked. Skipped characters do not count towards this tally.
              &quot;maskingCharacter&quot;: &quot;A String&quot;, # Character to use to mask the sensitive values&amp;mdash;for example, `*` for an
                  # alphabetic string such as a name, or `0` for a numeric string such as ZIP
                  # code or credit card number. This string must have a length of 1. If not
                  # supplied, this value defaults to `*` for strings, and `0` for digits.
            },
            &quot;fixedSizeBucketingConfig&quot;: { # Buckets values based on fixed size ranges. The # Fixed size bucketing
                # Bucketing transformation can provide all of this functionality,
                # but requires more configuration. This message is provided as a convenience to
                # the user for simple bucketing strategies.
                #
                # The transformed value will be a hyphenated string of
                # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
                # all values that are within this bucket will be replaced with &quot;10-20&quot;.
                #
                # This can be used on data of type: double, long.
                #
                # If the bound Value type differs from the type of data
                # being transformed, we will first attempt converting the type of the data to
                # be transformed to match the type of the bound before comparing.
                #
                # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
              &quot;lowerBound&quot;: { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
                  # grouped together into a single bucket; for example if `lower_bound` = 10,
                  # then all values less than 10 are replaced with the value &quot;-10&quot;.
                  # Note that for the purposes of inspection or transformation, the number
                  # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                  # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                  # 123456789, the number of bytes would be counted as 9, even though an
                  # int64 only holds up to 8 bytes of data.
                &quot;booleanValue&quot;: True or False, # boolean
                &quot;floatValue&quot;: 3.14, # float
                &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                    # and time zone are either specified elsewhere or are not significant. The date
                    # is relative to the Proleptic Gregorian Calendar. This can represent:
                    #
                    # * A full date, with non-zero year, month and day values
                    # * A month and day value, with a zero year, e.g. an anniversary
                    # * A year on its own, with zero month and day values
                    # * A year and month value, with a zero day, e.g. a credit card expiration date
                    #
                    # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                  &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                      # a year.
                  &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                      # month and day.
                  &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                      # if specifying a year by itself or a year and month where the day is not
                      # significant.
                },
                &quot;stringValue&quot;: &quot;A String&quot;, # string
                &quot;integerValue&quot;: &quot;A String&quot;, # integer
                &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                    # or are specified elsewhere. An API may choose to allow leap seconds. Related
                    # types are google.type.Date and `google.protobuf.Timestamp`.
                  &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                      # allow the value 60 if it allows leap-seconds.
                  &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                  &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                      # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                  &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                },
              },
              &quot;upperBound&quot;: { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
                  # grouped together into a single bucket; for example if `upper_bound` = 89,
                  # then all values greater than 89 are replaced with the value &quot;89+&quot;.
                  # Note that for the purposes of inspection or transformation, the number
                  # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                  # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                  # 123456789, the number of bytes would be counted as 9, even though an
                  # int64 only holds up to 8 bytes of data.
                &quot;booleanValue&quot;: True or False, # boolean
                &quot;floatValue&quot;: 3.14, # float
                &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                    # and time zone are either specified elsewhere or are not significant. The date
                    # is relative to the Proleptic Gregorian Calendar. This can represent:
                    #
                    # * A full date, with non-zero year, month and day values
                    # * A month and day value, with a zero year, e.g. an anniversary
                    # * A year on its own, with zero month and day values
                    # * A year and month value, with a zero day, e.g. a credit card expiration date
                    #
                    # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                  &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                      # a year.
                  &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                      # month and day.
                  &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                      # if specifying a year by itself or a year and month where the day is not
                      # significant.
                },
                &quot;stringValue&quot;: &quot;A String&quot;, # string
                &quot;integerValue&quot;: &quot;A String&quot;, # integer
                &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                    # or are specified elsewhere. An API may choose to allow leap seconds. Related
                    # types are google.type.Date and `google.protobuf.Timestamp`.
                  &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                      # allow the value 60 if it allows leap-seconds.
                  &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                  &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                      # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                  &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                },
              },
              &quot;bucketSize&quot;: 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
                  # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
                  # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
                  # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
            },
          },
          &quot;transformedBytes&quot;: &quot;A String&quot;, # Total size in bytes that were transformed in some way.
          &quot;recordSuppress&quot;: { # Configuration to suppress records whose suppression conditions evaluate to # The specific suppression option these stats apply to.
              # true.
            &quot;condition&quot;: { # A condition for determining whether a transformation should be applied to # A condition that when it evaluates to true will result in the record being
                # evaluated to be suppressed from the transformed content.
                # a field.
              &quot;expressions&quot;: { # An expression, consisting or an operator and conditions. # An expression.
                &quot;logicalOperator&quot;: &quot;A String&quot;, # The operator to apply to the result of conditions. Default and currently
                    # only supported value is `AND`.
                &quot;conditions&quot;: { # A collection of conditions. # Conditions to apply to the expression.
                  &quot;conditions&quot;: [ # A collection of conditions.
                    { # The field type of `value` and `field` do not need to match to be
                        # considered equal, but not all comparisons are possible.
                        # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types,
                        # but all other comparisons are invalid with incompatible types.
                        # A `value` of type:
                        #
                        # - `string` can be compared against all other types
                        # - `boolean` can only be compared against other booleans
                        # - `integer` can be compared against doubles or a string if the string value
                        # can be parsed as an integer.
                        # - `double` can be compared against integers or a string if the string can
                        # be parsed as a double.
                        # - `Timestamp` can be compared against strings in RFC 3339 date string
                        # format.
                        # - `TimeOfDay` can be compared against timestamps and strings in the format
                        # of &#x27;HH:mm:ss&#x27;.
                        #
                        # If we fail to compare do to type mismatch, a warning will be given and
                        # the condition will evaluate to false.
                      &quot;field&quot;: { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.
                        &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
                      },
                      &quot;operator&quot;: &quot;A String&quot;, # Required. Operator used to compare the field or infoType to the value.
                      &quot;value&quot;: { # Set of primitive values supported by the system. # Value to compare against. [Mandatory, except for `EXISTS` tests.]
                          # Note that for the purposes of inspection or transformation, the number
                          # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                          # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                          # 123456789, the number of bytes would be counted as 9, even though an
                          # int64 only holds up to 8 bytes of data.
                        &quot;booleanValue&quot;: True or False, # boolean
                        &quot;floatValue&quot;: 3.14, # float
                        &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                        &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                        &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                            # and time zone are either specified elsewhere or are not significant. The date
                            # is relative to the Proleptic Gregorian Calendar. This can represent:
                            #
                            # * A full date, with non-zero year, month and day values
                            # * A month and day value, with a zero year, e.g. an anniversary
                            # * A year on its own, with zero month and day values
                            # * A year and month value, with a zero day, e.g. a credit card expiration date
                            #
                            # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                          &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                              # a year.
                          &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                              # month and day.
                          &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                              # if specifying a year by itself or a year and month where the day is not
                              # significant.
                        },
                        &quot;stringValue&quot;: &quot;A String&quot;, # string
                        &quot;integerValue&quot;: &quot;A String&quot;, # integer
                        &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                            # or are specified elsewhere. An API may choose to allow leap seconds. Related
                            # types are google.type.Date and `google.protobuf.Timestamp`.
                          &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                              # allow the value 60 if it allows leap-seconds.
                          &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                          &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                              # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                          &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                        },
                      },
                    },
                  ],
                },
              },
            },
          },
          &quot;infoType&quot;: { # Type of information detected by the API. # Set if the transformation was limited to a specific InfoType.
            &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
                # creating a CustomInfoType, or one of the names listed
                # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
                # a built-in type. InfoType names should conform to the pattern
                # `[a-zA-Z0-9_]{1,64}`.
          },
          &quot;results&quot;: [ # Collection of all transformations that took place or had an error.
            { # A collection that informs the user the number of times a particular
                # `TransformationResultCode` and error details occurred.
              &quot;code&quot;: &quot;A String&quot;, # Outcome of the transformation.
              &quot;count&quot;: &quot;A String&quot;, # Number of transformations counted by this result.
              &quot;details&quot;: &quot;A String&quot;, # A place for warnings or errors to show up if a transformation didn&#x27;t
                  # work as expected.
            },
          ],
        },
      ],
      &quot;transformedBytes&quot;: &quot;A String&quot;, # Total size in bytes that were transformed in some way.
    },
    &quot;item&quot;: { # Container structure for the content to inspect. # The re-identified item.
      &quot;byteItem&quot;: { # Container for bytes to inspect or redact. # Content data to inspect or redact. Replaces `type` and `data`.
        &quot;type&quot;: &quot;A String&quot;, # The type of data stored in the bytes string. Default will be TEXT_UTF8.
        &quot;data&quot;: &quot;A String&quot;, # Content data to inspect or redact.
      },
      &quot;value&quot;: &quot;A String&quot;, # String data to inspect or redact.
      &quot;table&quot;: { # Structured content to inspect. Up to 50,000 `Value`s per request allowed. # Structured content for inspection. See
          # https://cloud.google.com/dlp/docs/inspecting-text#inspecting_a_table to
          # learn more.
          # See https://cloud.google.com/dlp/docs/inspecting-text#inspecting_a_table to
          # learn more.
        &quot;rows&quot;: [ # Rows of the table.
          { # Values of the row.
            &quot;values&quot;: [ # Individual cells.
              { # Set of primitive values supported by the system.
                  # Note that for the purposes of inspection or transformation, the number
                  # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
                  # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
                  # 123456789, the number of bytes would be counted as 9, even though an
                  # int64 only holds up to 8 bytes of data.
                &quot;booleanValue&quot;: True or False, # boolean
                &quot;floatValue&quot;: 3.14, # float
                &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
                &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
                &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
                    # and time zone are either specified elsewhere or are not significant. The date
                    # is relative to the Proleptic Gregorian Calendar. This can represent:
                    #
                    # * A full date, with non-zero year, month and day values
                    # * A month and day value, with a zero year, e.g. an anniversary
                    # * A year on its own, with zero month and day values
                    # * A year and month value, with a zero day, e.g. a credit card expiration date
                    #
                    # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
                  &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
                      # a year.
                  &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
                      # month and day.
                  &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
                      # if specifying a year by itself or a year and month where the day is not
                      # significant.
                },
                &quot;stringValue&quot;: &quot;A String&quot;, # string
                &quot;integerValue&quot;: &quot;A String&quot;, # integer
                &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
                    # or are specified elsewhere. An API may choose to allow leap seconds. Related
                    # types are google.type.Date and `google.protobuf.Timestamp`.
                  &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
                      # allow the value 60 if it allows leap-seconds.
                  &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
                  &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
                      # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
                  &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
                },
              },
            ],
          },
        ],
        &quot;headers&quot;: [ # Headers of the table.
          { # General identifier of a data field in a storage service.
            &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
          },
        ],
      },
    },
  }</pre>
</div>

</body></html>