google_dialogflow_cx_security_settings

Represents the settings related to security issues, such as data redaction and data retention. It may take hours for updates on the settings to propagate to all the related components and take effect. Multiple security settings can be configured in each location. Each agent can specify the security settings to apply, and each setting can be applied to multiple agents in the same project and location.

To get more information about SecuritySettings, see:

Open in Cloud Shell

Example Usage - Dialogflowcx Security Settings Basic

resource "google_dialogflow_cx_security_settings" "basic_security_settings" {
  display_name          = "dialogflowcx-security-settings"
  location              = "global"
  purge_data_types      = []
  retention_window_days = 7
}

Example Usage - Dialogflowcx Security Settings Full

resource "google_data_loss_prevention_inspect_template" "inspect" {
  parent       = "projects/my-project-name/locations/global"
  display_name = "dialogflowcx-inspect-template"
  inspect_config {
    info_types {
      name = "EMAIL_ADDRESS"
    }
  }
}

resource "google_data_loss_prevention_deidentify_template" "deidentify" {
  parent       = "projects/my-project-name/locations/global"
  display_name = "dialogflowcx-deidentify-template"
  deidentify_config {
    info_type_transformations {
      transformations {
        primitive_transformation {
          replace_config {
            new_value {
              string_value = "[REDACTED]"
            }
          }
        }
      }
    }
  }
}

resource "google_storage_bucket" "bucket" {
  name                        = "dialogflowcx-bucket"
  location                    = "US"
  uniform_bucket_level_access = true
}

resource "google_dialogflow_cx_security_settings" "basic_security_settings" {
  display_name        = "dialogflowcx-security-settings"
  location            = "global"
  redaction_strategy  = "REDACT_WITH_SERVICE"
  redaction_scope     = "REDACT_DISK_STORAGE"
  inspect_template    = google_data_loss_prevention_inspect_template.inspect.id
  deidentify_template = google_data_loss_prevention_deidentify_template.deidentify.id
  purge_data_types    = ["DIALOGFLOW_HISTORY"]
  audio_export_settings {
    gcs_bucket             = google_storage_bucket.bucket.id
    audio_export_pattern   = "export"
    enable_audio_redaction = true
    audio_format           = "OGG"
  }
  insights_export_settings {
    enable_insights_export = true
  }
  retention_strategy = "REMOVE_AFTER_CONVERSATION"
}

Argument Reference

The following arguments are supported:


The audio_export_settings block supports:

The insights_export_settings block supports:

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

Timeouts

This resource provides the following Timeouts configuration options:

Import

SecuritySettings can be imported using any of these accepted formats:

In Terraform v1.5.0 and later, use an import block to import SecuritySettings using one of the formats above. For example:

import {
  id = "projects/{{project}}/locations/{{location}}/securitySettings/{{name}}"
  to = google_dialogflow_cx_security_settings.default
}

When using the terraform import command, SecuritySettings can be imported using one of the formats above. For example:

$ terraform import google_dialogflow_cx_security_settings.default projects/{{project}}/locations/{{location}}/securitySettings/{{name}}
$ terraform import google_dialogflow_cx_security_settings.default {{project}}/{{location}}/{{name}}
$ terraform import google_dialogflow_cx_security_settings.default {{location}}/{{name}}

User Project Overrides

This resource supports User Project Overrides.