Skip to content

Manage Sensitive Data Discovery Templates

Note

In previous documentation, identifier is referred to as classifier. The language is being updated to identifier to be more accurate and not conflate meaning with the Immuta data classification and frameworks feature.

Prerequisite

Sensitive data discovery enabled

Command overview: immuta sdd template

This command allows you to manage templates, which are a collection of identifiers and settings used to drive the configuration of SDD runs. The table below illustrates subcommands and arguments.

Subcommands Aliases Description
create save Create a template.
delete None Delete the passed template.
get None Get a template.
global None Get a global template.
search ls, list Search all templates.
update None Update a template.

Options

Use these options to get more details about the sdd template command or any of its subcommands:

  • -h
  • --help
$ immuta sdd template -h
Manage Sensitive Data Discovery Templates

Usage:
  immuta sdd template [command]

Available Commands:
  create      Create an SDD template
  delete      Delete the passed SDD template
  get         Get an SDD template.
  global      Get the SDD global template
  search      Search all templates
  update      Update an SDD template

Flags:
  -h, --help   Help for template

Global Flags:
      --config string    Config file (default $HOME/.immutacfg.yaml)
  -p, --profile string   Specifies the profile for what instance/api the cli will use (default "default")

Use "immuta sdd template [command] --help" for more information about a command.

Create a template

  1. Save your template to a valid YAML or JSON file using these attributes:

    Attribute Description Required
    name string Unique, request-friendly template name. Yes
    displayName string Unique, human-readable template name. Yes
    description string The template description. Yes
    classifiers array Includes each identifier's name and overrides for minConfidence and tags. Yes
    sampleSize integer Override for how many records to sample from the data source. No

    An example is provided below.

    {
  "name": "ACCOUNT_NUMBERS_TEMPLATE",
  "displayName": "Account Numbers Template",
  "description": "This template contains the identifier that recognizes account numbers.",
  "classifiers": [
    {
      "name": "ACCOUNT_NUMBER_IDENTIFIER"
    }
  ],
  "sampleSize": 100
}

  2. Run immuta sdd template create <filepath> [flags], referencing the file you just created. The options you can specify include

    • -h or --help: Get more information about the command.
    • -o or --output json | yaml: Specify the output format.
    • --outputTemplate string: Format the response using a Go template.

Example

$ immuta sdd template create ./account-template.json -o json
{
  "name": "ACCOUNT_NUMBERS_TEMPLATE",
  "displayName": "Account Numbers Template",
  "description": "This template contains the identifier that recognizes account numbers.",
  "sampleSize": 100,
  "createdBy": {
    "id": 1,
    "name": "Example User",
    "email": "user@example.com"
  },
  "id": 2,
  "createdAt": "2022-03-28T15:48:02.977Z",
  "updatedAt": "2022-03-28T15:48:02.977Z",
  "classifiers": [
    {
      "name": "ACCOUNT_NUMBER_IDENTIFIER",
      "overrides": {}
    }
  ]
}

Get a template

Run immuta sdd template get <templateName> [flags], specifying the name of the template you would like to get. Options you can specify include

  • -h or --help: Get more information about the command.
  • -o or --output json | yaml: Specify the output format.
  • --outputTemplate string: Format the response using a Go template.

Example

The example below illustrates a user getting a template named ACCOUNT_NUMBERS_TEMPLATE.

$ immuta sdd template get ACCOUNT_NUMBERS_TEMPLATE
Getting template ACCOUNT_NUMBERS_TEMPLATE...
{
  "name": "ACCOUNT_NUMBERS_TEMPLATE",
  "displayName": "Account Numbers Template",
  "description": "This template contains the identifier that recognizes account numbers.",
  "sampleSize": 100,
  "createdBy": {
    "id": 1,
    "name": "Example User",
    "email": "user@example.com"
  },
  "id": 2,
  "createdAt": "2022-03-28T15:48:02.977Z",
  "updatedAt": "2022-03-28T15:48:02.977Z",
  "classifiers": [
    {
      "name": "ACCOUNT_NUMBER_IDENTIFIER",
      "overrides": {}
    }
  ]
}

Get a global template

Global Templates Must be Configured in the Immuta UI

This command only returns templates that have been configured, not the default global template. If no custom global template has been configured by an Administrator, you will receive an error message.

To configure a global template in the Immuta UI, see this tutorial.

Run immuta sdd template global [flags], to get the global template that has been configured for sensitive data discovery. Options you can specify include

  • -h or --help: Get more information about the command.
  • -o or --output json | yaml: Specify the output format.
  • --outputTemplate string: Format the response using a Go template.

Example

The example below illustrates a user getting the global template that had been configured in the Immuta UI by an Administrator.

$ immuta sdd template global
Getting global template...
{
  "name": "ACCOUNT_NUMBERS_TEMPLATE",
  "displayName": "Account Numbers Template",
  "description": "This template contains the identifier that recognizes account numbers.",
  "sampleSize": 2000,
  "createdBy": {
    "id": 1,
    "name": "Example User",
    "email": "user@example.com"
  },
  "id": 3,
  "createdAt": "2022-03-28T17:10:48.507Z",
  "updatedAt": "2022-03-28T17:10:48.507Z",
  "classifiers": [
    {
      "name": "ACCOUNT_NUMBER_IDENTIFIER",
      "overrides": {}
    }
  ]
}

Search templates

Run immuta sdd template search [string] [flags] to list all templates or search templates by name. Options you can specify include

  • --classifiers strings: Limit results to only templates that contain the specified identifiers.
  • -h, --help: Help for search.
  • --limit int The search limit for pagination (default 25).
  • --offset int: The search offset for pagination.
  • --order asc | desc: The sort order.
  • -o, --output json | yaml: The output format.
  • --outputTemplate string: Format the response using a Go template.
  • -s, --sort id | name | displayName | type | createdAt | updatedAt: Field to sort by.

Example

The example below illustrates a user searching all templates containing the ACCOUNT_NUMBER_IDENTIFIER.

$ immuta sdd template search --classifiers="ACCOUNT_NUMBER_IDENTIFIER"
Searching all templates...
ACCOUNT_NUMBERS_TEMPLATE This template contains the identifier that recognizes account numbers.
Displaying 1 of 1 templates

Update a template

  1. Update your template in a valid YAML or JSON file using these attributes:

    Attribute Description Required
    name string Unique, request-friendly template name. Yes
    displayName string Unique, human-readable template name. Yes
    description string The template description. Yes
    classifiers array Includes each identifier's name and overrides for minConfidence and tags. Yes
    sampleSize integer Override for how many records to sample from the data source. No

  2. Run immuta sdd template update <templateName> <filepath> [flags], referencing the file you just updated. The options you can specify include

    • -h or --help: Get more information about the command.
    • -o or --output json | yaml: Specify the output format.
    • --outputTemplate string: Format the response using a Go template.

Example

The example below illustrates a user updating a template named ACCOUNT_NUMBERS_TEMPLATE.

$ immuta sdd template update ACCOUNT_NUMBERS_TEMPLATE ./account-template -o json
{
  "name": "ACCOUNT_NUMBERS_TEMPLATE",
  "displayName": "Account Numbers Template",
  "description": "This template contains the identifier that recognizes account numbers.",
  "sampleSize": 2000,
  "createdBy": {
    "id": 1,
    "name": "Example User",
    "email": "user@example.com"
  },
  "id": 2,
  "createdAt": "2022-03-28T15:48:02.977Z",
  "updatedAt": "2022-03-28T16:15:01.791Z",
  "classifiers": [
    {
      "name": "ACCOUNT_NUMBER_IDENTIFIER",
      "overrides": {}
    }
  ]
}

Delete a template

Run immuta sdd template delete <templateName> [flags] to delete the template. The options you can specify include

  • -h or --help: Get more information about the command.
  • -o or --output json | yaml: Specify the output format.
  • --outputTemplate string: Format the response using a Go template.

Example

$ immuta sdd template delete ACCOUNT_NUMBERS_TEMPLATE -o json
{
  "name": "ACCOUNT_NUMBERS_TEMPLATE",
  "displayName": "Account Numbers Template",
  "description": "This template contains the identifier that recognizes account numbers.",
  "sampleSize": 2000,
  "createdBy": {
    "id": 1,
    "name": "Example User",
    "email": "user@example.com"
  },
  "id": 2,
  "createdAt": "2022-03-28T15:48:02.977Z",
  "updatedAt": "2022-03-28T16:15:01.791Z",
  "classifiers": [
    {
      "name": "ACCOUNT_NUMBER_IDENTIFIER",
      "overrides": {}
    }
  ]
}