Google Cloud Security - Redact Keyword?

37 views
Skip to first unread message

Mike Vacirca

unread,
Oct 19, 2021, 10:20:33 AM10/19/21
to Protocol Buffers
Hello,

I was curious if there was ever discussion on extending Protocol Buffers to include coverage for redaction of a data field? 

Specifically, we are looking at the use case of a developer having a keyword available to them that would allow data classification services, logging services, et. al. to be able to read a particular data field as requiring redaction due to core customer content (or other data classification state) and filtering out the contents during archival/transmission/etc.

Or if this would be the wrong approach, are there areas that may be the right technical approach to "shift left" the annotation of parameters earlier in the cycle during coding?  

We are looking at ways to improve the current workflow in GCP which requires us to  track and annotate data between RPC services in production using manual annotation from engineers post-development. 

Mike Vacirca

unread,
Oct 28, 2021, 3:27:07 PM10/28/21
to Protocol Buffers
Pinging again on this item - is this the right forum to ask this type of question?
--

Michael Vacirca

718-938-9424

Senior Engineering Manager, Regulated Cloud

Google Cloud


Austin Bennett

unread,
Oct 28, 2021, 4:05:39 PM10/28/21
to Mike Vacirca, Protocol Buffers
Does protobuf really need to be extended to accommodate this?  This seems potentially/reasonably straightforwardly handled via annotations (as I currently understand your needs).  

Separately, i think I recall seeing something in a golang package sometimein the last ~year (which had also existed in java).  I'd have to look up the specifics (currently on my phone).

@mike - dm me at aus...@bamboozoology.org if you want to schedule a time to discuss this in the next week or so.   



--
You received this message because you are subscribed to the Google Groups "Protocol Buffers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to protobuf+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/protobuf/CAPvXYq1eGgNpf2KF%3D68wO4mLMwwRHMGe-%3DzE4fq4yCzTLOkGXA%40mail.gmail.com.

Josh Humphries

unread,
Oct 28, 2021, 4:05:48 PM10/28/21
to Mike Vacirca, Protocol Buffers
There is no built-in way to do this.

However, you can create your own custom options and use those to annotate sensitive fields/messages whose contents should be redacted.


----
Josh Humphries
jh...@bluegosling.com


Reply all
Reply to author
Forward
0 new messages