I was experimenting with Google provided the article to re-identify Credit Card Number using Deterministic encryption using AES-SIV
Accordingly, I have created a google DLP template to de-identify data and in the test option of the template it is working if we provide a 3 line csv with correct header names [I am using record type template]
As per the following link and video provided, the same template can be used to re-identify the data back to the original
"Cloud DLP can perform both de-identification and re-identification on an entire column using a RecordTransformation without a surrogate annotation."
https://cloud.google.com/dlp/docs/pseudonymization#cryptographic-hashing
But when we tried the same, it is re-encoding it again to a newly encoded value as per below.
DLP Template Re-identify Not working
Please let me know what I am doing wrong and how I can re-identify PII using Deterministic encryption using AES-SIV successfully
Note: This was the same behavior I got when I continued through the article ahead and did not work as expected in the blog to re-identify the data
https://cloud.google.com/solutions/validating-de-identified-data-bigquery-re-identifying-pii-data
You can't re-authenticate on the console, you need to use the API for this. And, because you don't use surrogate prefix, you have to rebuild your table in JSON (and it's boring to do... Or you can script it).
You have the full detail of the API here
The JSON to summit: the table (your deidenticated table and the template use)
I saved the content in a file named:
dlpdata.json
The curl request to call the API