Skip to content

Instantly share code, notes, and snippets.

@glaforge

glaforge/RedactPii.java

Created November 25, 2024 08:52
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save glaforge/c7d7188aa3ff01a0f691b1e474ec0260 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save glaforge/c7d7188aa3ff01a0f691b1e474ec0260 to your computer and use it in GitHub Desktop.
Download ZIP
Redact sensitive information with Google Cloud Data Loss Prevention API before sending it to a Large Language Model
Raw
RedactPii.java
package experiments;
import com.google.cloud.dlp.v2.DlpServiceClient;
import com.google.privacy.dlp.v2.*;
import dev.langchain4j.model.vertexai.VertexAiGeminiChatModel;
import java.io.IOException;
import java.util.stream.Stream;
public class RedactPii {
public static String redact(String userMessage) {
try (var dlp = DlpServiceClient.create()) {
var item = ContentItem.newBuilder().setValue(userMessage).build();
var inspectConfigbuilder = InspectConfig.newBuilder();
var redactConfig = DeidentifyConfig.newBuilder();
var infoTypeTransfBuilder = InfoTypeTransformations.newBuilder();
Stream.of("PERSON_NAME", "PHONE_NUMBER", "PASSPORT", "IBAN_CODE")
.forEach(toRedact -> {
var infoType = InfoType.newBuilder().setName(toRedact).build();
inspectConfigbuilder.addInfoTypes(infoType);
var replaceValueConfig =
ReplaceValueConfig.newBuilder()
.setNewValue(Value.newBuilder()
.setStringValue("[" + toRedact + "]").build())
.build();
var primitiveTransformation =
PrimitiveTransformation.newBuilder()
.setReplaceConfig(replaceValueConfig).build();
var infoTypeTransformation = InfoTypeTransformations.InfoTypeTransformation.newBuilder()
.addInfoTypes(infoType)
.setPrimitiveTransformation(primitiveTransformation)
.build();
infoTypeTransfBuilder.addTransformations(infoTypeTransformation);
});
redactConfig.setInfoTypeTransformations(
infoTypeTransfBuilder);
DeidentifyContentRequest request =
DeidentifyContentRequest.newBuilder()
.setParent(LocationName.of(System.getenv("GCP_PROJECT_ID"), "global").toString())
.setItem(item)
.setDeidentifyConfig(redactConfig)
.setInspectConfig(inspectConfigbuilder)
.build();
DeidentifyContentResponse response = dlp.deidentifyContent(request);
return response.getItem().getValue();
} catch (IOException e) {
throw new RuntimeException("Failed to redact message.", e);
}
}
public static void main(String[] args) {
var model = VertexAiGeminiChatModel.builder()
.project(System.getenv("GCP_PROJECT_ID"))
.location(System.getenv("GCP_LOCATION"))
.modelName("gemini-1.5-flash-002")
.build();
String userMessage = """
My name is Alicia Bob.
My number is +33612345678, can you call me please?
Please wire some $$$ on FR7630001007941234567890185
You can check my passport if needed, it's 78TH67845.
""";
String redactedMessage = redact(userMessage);
System.out.println(
redactedMessage
);
System.out.println(
model.generate(redactedMessage)
);
}
}
@glaforge
Copy link
Author

glaforge commented Sep 10, 2025

That's a fair point, indeed, that's a remote / cloud-hosted service. It's certainly built so as to not log PII information, it's going through HTTPS, etc. But if instead you are running everything on your own server, with a local redaction service, then it's as secure as your server.

That said, for companies running their applications on GCP, it's great to have that service around, so that the PII doesn't get outside of the perimeter of that app and cloud.

I haven't researched thoroughly if there are Java libraries that do that, even if a quick search seems to yield some results like phileas, maybe there are others.
In the Python world, I saw a demo of Presidio but if you're developing in Java, usually you don't want to use a library in another programming language.

@skanga
Copy link

skanga commented Sep 10, 2025

Thanks for the response. I'll look into phileas (and the less useful Presidio) but I appreciate the research

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment