v5.18.0/website/docs/r/dialogflow_cx_security_settings.html.markdown - terraform-provider-google-beta - Git at Google

 ---
 # ----------------------------------------------------------------------------
 #
 #     ***     AUTO GENERATED CODE    ***    Type: MMv1     ***
 #
 # ----------------------------------------------------------------------------
 #
 #     This file is automatically generated by Magic Modules and manual
 #     changes will be clobbered when the file is regenerated.
 #
 #     Please read more about how to change this file in
 #     .github/CONTRIBUTING.md.
 #
 # ----------------------------------------------------------------------------
 subcategory: "Dialogflow CX"
 description: |-
   Represents the settings related to security issues, such as data redaction and data retention.
 ---

 # google\_dialogflow\_cx\_security\_settings

 Represents the settings related to security issues, such as data redaction and data retention. It may take hours for updates on the settings to propagate to all the related components and take effect.
 Multiple security settings can be configured in each location. Each agent can specify the security settings to apply, and each setting can be applied to multiple agents in the same project and location.


 To get more information about SecuritySettings, see:

 * [API documentation](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/projects.locations.securitySettings)
 * How-to Guides
     * [Official Documentation](https://cloud.google.com/dialogflow/cx/docs)

 <div class = "oics-button" style="float: right; margin: 0 0 -15px">
   <a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=dialogflowcx_security_settings_basic&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
     <img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
   </a>
 </div>
 ## Example Usage - Dialogflowcx Security Settings Basic


 ```hcl
 resource "google_dialogflow_cx_security_settings" "basic_security_settings" {
   display_name          = "dialogflowcx-security-settings"
   location              = "global"
   purge_data_types      = []
   retention_window_days = 7
 }
 ```
 ## Example Usage - Dialogflowcx Security Settings Full


 ```hcl
 resource "google_data_loss_prevention_inspect_template" "inspect" {
   parent       = "projects/my-project-name/locations/global"
   display_name = "dialogflowcx-inspect-template"
   inspect_config {
     info_types {
       name = "EMAIL_ADDRESS"
     }
   }
 }

 resource "google_data_loss_prevention_deidentify_template" "deidentify" {
   parent       = "projects/my-project-name/locations/global"
   display_name = "dialogflowcx-deidentify-template"
   deidentify_config {
     info_type_transformations {
       transformations {
         primitive_transformation {
           replace_config {
             new_value {
               string_value = "[REDACTED]"
             }
           }
         }
       }
     }
   }
 }

 resource "google_storage_bucket" "bucket" {
   name                        = "dialogflowcx-bucket"
   location                    = "US"
   uniform_bucket_level_access = true
 }

 resource "google_dialogflow_cx_security_settings" "basic_security_settings" {
   display_name        = "dialogflowcx-security-settings"
   location            = "global"
   redaction_strategy  = "REDACT_WITH_SERVICE"
   redaction_scope     = "REDACT_DISK_STORAGE"
   inspect_template    = google_data_loss_prevention_inspect_template.inspect.id
   deidentify_template = google_data_loss_prevention_deidentify_template.deidentify.id
   purge_data_types    = ["DIALOGFLOW_HISTORY"]
   audio_export_settings {
     gcs_bucket             = google_storage_bucket.bucket.id
     audio_export_pattern   = "export"
     enable_audio_redaction = true
     audio_format           = "OGG"
   }
   insights_export_settings {
     enable_insights_export = true
   }
   retention_strategy = "REMOVE_AFTER_CONVERSATION"
 }
 ```

 ## Argument Reference

 The following arguments are supported:


 * `location` -
   (Required)
   The location these settings are located in. Settings can only be applied to an agent in the same location.
   See [Available Regions](https://cloud.google.com/dialogflow/cx/docs/concept/region#avail) for a list of supported locations.

 * `display_name` -
   (Required)
   The human-readable name of the security settings, unique within the location.


 - - -


 * `redaction_strategy` -
   (Optional)
   Defines how we redact data. If not set, defaults to not redacting.
   * REDACT_WITH_SERVICE: Call redaction service to clean up the data to be persisted.
   Possible values are: `REDACT_WITH_SERVICE`.

 * `redaction_scope` -
   (Optional)
   Defines what types of data to redact. If not set, defaults to not redacting any kind of data.
   * REDACT_DISK_STORAGE: On data to be written to disk or similar devices that are capable of holding data even if power is disconnected. This includes data that are temporarily saved on disk.
   Possible values are: `REDACT_DISK_STORAGE`.

 * `inspect_template` -
   (Optional)
   [DLP](https://cloud.google.com/dlp/docs) inspect template name. Use this template to define inspect base settings. If empty, we use the default DLP inspect config.
   Note: inspectTemplate must be located in the same region as the SecuritySettings.
   Format: projects/<Project ID>/locations/<Location ID>/inspectTemplates/<Template ID> OR organizations/<Organization ID>/locations/<Location ID>/inspectTemplates/<Template ID>

 * `deidentify_template` -
   (Optional)
   [DLP](https://cloud.google.com/dlp/docs) deidentify template name. Use this template to define de-identification configuration for the content. If empty, Dialogflow replaces sensitive info with [redacted] text.
   Note: deidentifyTemplate must be located in the same region as the SecuritySettings.
   Format: projects/<Project ID>/locations/<Location ID>/deidentifyTemplates/<Template ID> OR organizations/<Organization ID>/locations/<Location ID>/deidentifyTemplates/<Template ID>

 * `purge_data_types` -
   (Optional)
   List of types of data to remove when retention settings triggers purge.
   Each value may be one of: `DIALOGFLOW_HISTORY`.

 * `audio_export_settings` -
   (Optional)
   Controls audio export settings for post-conversation analytics when ingesting audio to conversations.
   If retention_strategy is set to REMOVE_AFTER_CONVERSATION or gcs_bucket is empty, audio export is disabled.
   If audio export is enabled, audio is recorded and saved to gcs_bucket, subject to retention policy of gcs_bucket.
   This setting won't effect audio input for implicit sessions via [Sessions.DetectIntent](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/projects.locations.agents.sessions/detectIntent#google.cloud.dialogflow.cx.v3.Sessions.DetectIntent).
   Structure is [documented below](#nested_audio_export_settings).

 * `insights_export_settings` -
   (Optional)
   Controls conversation exporting settings to Insights after conversation is completed.
   If retentionStrategy is set to REMOVE_AFTER_CONVERSATION, Insights export is disabled no matter what you configure here.
   Structure is [documented below](#nested_insights_export_settings).

 * `retention_window_days` -
   (Optional)
   Retains the data for the specified number of days. User must set a value lower than Dialogflow's default 365d TTL (30 days for Agent Assist traffic), higher value will be ignored and use default. Setting a value higher than that has no effect. A missing value or setting to 0 also means we use default TTL.
   Only one of `retention_window_days` and `retention_strategy` may be set.

 * `retention_strategy` -
   (Optional)
   Defines how long we retain persisted data that contains sensitive info. Only one of `retention_window_days` and `retention_strategy` may be set.
   * REMOVE_AFTER_CONVERSATION: Removes data when the conversation ends. If there is no conversation explicitly established, a default conversation ends when the corresponding Dialogflow session ends.
   Possible values are: `REMOVE_AFTER_CONVERSATION`.

 * `project` - (Optional) The ID of the project in which the resource belongs.
     If it is not provided, the provider project is used.


 <a name="nested_audio_export_settings"></a>The `audio_export_settings` block supports:

 * `gcs_bucket` -
   (Optional)
   Cloud Storage bucket to export audio record to. Setting this field would grant the Storage Object Creator role to the Dialogflow Service Agent. API caller that tries to modify this field should have the permission of storage.buckets.setIamPolicy.

 * `audio_export_pattern` -
   (Optional)
   Filename pattern for exported audio.

 * `enable_audio_redaction` -
   (Optional)
   Enable audio redaction if it is true.

 * `audio_format` -
   (Optional)
   File format for exported audio file. Currently only in telephony recordings.
   * MULAW: G.711 mu-law PCM with 8kHz sample rate.
   * MP3: MP3 file format.
   * OGG: OGG Vorbis.
   Possible values are: `MULAW`, `MP3`, `OGG`.

 <a name="nested_insights_export_settings"></a>The `insights_export_settings` block supports:

 * `enable_insights_export` -
   (Required)
   If enabled, we will automatically exports conversations to Insights and Insights runs its analyzers.

 ## Attributes Reference

 In addition to the arguments listed above, the following computed attributes are exported:

 * `id` - an identifier for the resource with format `projects/{{project}}/locations/{{location}}/securitySettings/{{name}}`

 * `name` -
   The unique identifier of the settings.
   Format: projects/<Project ID>/locations/<Location ID>/securitySettings/<Security Settings ID>.


 ## Timeouts

 This resource provides the following
 [Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options:

 - `create` - Default is 40 minutes.
 - `update` - Default is 40 minutes.
 - `delete` - Default is 20 minutes.

 ## Import


 SecuritySettings can be imported using any of these accepted formats:

 * `projects/{{project}}/locations/{{location}}/securitySettings/{{name}}`
 * `{{project}}/{{location}}/{{name}}`
 * `{{location}}/{{name}}`


 In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import SecuritySettings using one of the formats above. For example:

 ```tf
 import {
   id = "projects/{{project}}/locations/{{location}}/securitySettings/{{name}}"
   to = google_dialogflow_cx_security_settings.default
 }
 ```

 When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), SecuritySettings can be imported using one of the formats above. For example:

 ```
 $ terraform import google_dialogflow_cx_security_settings.default projects/{{project}}/locations/{{location}}/securitySettings/{{name}}
 $ terraform import google_dialogflow_cx_security_settings.default {{project}}/{{location}}/{{name}}
 $ terraform import google_dialogflow_cx_security_settings.default {{location}}/{{name}}
 ```

 ## User Project Overrides

 This resource supports [User Project Overrides](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#user_project_override).
	---
	# ----------------------------------------------------------------------------
	#
	# * AUTO GENERATED CODE * Type: MMv1 ***
	#
	# ----------------------------------------------------------------------------
	#
	# This file is automatically generated by Magic Modules and manual
	# changes will be clobbered when the file is regenerated.
	#
	# Please read more about how to change this file in
	# .github/CONTRIBUTING.md.
	#
	# ----------------------------------------------------------------------------
	subcategory: "Dialogflow CX"
	description: \|-
	Represents the settings related to security issues, such as data redaction and data retention.
	---

	# google\_dialogflow\_cx\_security\_settings

	Represents the settings related to security issues, such as data redaction and data retention. It may take hours for updates on the settings to propagate to all the related components and take effect.
	Multiple security settings can be configured in each location. Each agent can specify the security settings to apply, and each setting can be applied to multiple agents in the same project and location.


	To get more information about SecuritySettings, see:

	* [API documentation](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/projects.locations.securitySettings)
	* How-to Guides
	* [Official Documentation](https://cloud.google.com/dialogflow/cx/docs)

	<div class = "oics-button" style="float: right; margin: 0 0 -15px">
	<a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=dialogflowcx_security_settings_basic&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
	<img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
	</a>
	</div>
	## Example Usage - Dialogflowcx Security Settings Basic


	```hcl
	resource "google_dialogflow_cx_security_settings" "basic_security_settings" {
	display_name = "dialogflowcx-security-settings"
	location = "global"
	purge_data_types = []
	retention_window_days = 7
	}
	```
	## Example Usage - Dialogflowcx Security Settings Full


	```hcl
	resource "google_data_loss_prevention_inspect_template" "inspect" {
	parent = "projects/my-project-name/locations/global"
	display_name = "dialogflowcx-inspect-template"
	inspect_config {
	info_types {
	name = "EMAIL_ADDRESS"
	}
	}
	}

	resource "google_data_loss_prevention_deidentify_template" "deidentify" {
	parent = "projects/my-project-name/locations/global"
	display_name = "dialogflowcx-deidentify-template"
	deidentify_config {
	info_type_transformations {
	transformations {
	primitive_transformation {
	replace_config {
	new_value {
	string_value = "[REDACTED]"
	}
	}
	}
	}
	}
	}
	}

	resource "google_storage_bucket" "bucket" {
	name = "dialogflowcx-bucket"
	location = "US"
	uniform_bucket_level_access = true
	}

	resource "google_dialogflow_cx_security_settings" "basic_security_settings" {
	display_name = "dialogflowcx-security-settings"
	location = "global"
	redaction_strategy = "REDACT_WITH_SERVICE"
	redaction_scope = "REDACT_DISK_STORAGE"
	inspect_template = google_data_loss_prevention_inspect_template.inspect.id
	deidentify_template = google_data_loss_prevention_deidentify_template.deidentify.id
	purge_data_types = ["DIALOGFLOW_HISTORY"]
	audio_export_settings {
	gcs_bucket = google_storage_bucket.bucket.id
	audio_export_pattern = "export"
	enable_audio_redaction = true
	audio_format = "OGG"
	}
	insights_export_settings {
	enable_insights_export = true
	}
	retention_strategy = "REMOVE_AFTER_CONVERSATION"
	}
	```

	## Argument Reference

	The following arguments are supported:


	* `location` -
	(Required)
	The location these settings are located in. Settings can only be applied to an agent in the same location.
	See [Available Regions](https://cloud.google.com/dialogflow/cx/docs/concept/region#avail) for a list of supported locations.

	* `display_name` -
	(Required)
	The human-readable name of the security settings, unique within the location.


	- - -


	* `redaction_strategy` -
	(Optional)
	Defines how we redact data. If not set, defaults to not redacting.
	* REDACT_WITH_SERVICE: Call redaction service to clean up the data to be persisted.
	Possible values are: `REDACT_WITH_SERVICE`.

	* `redaction_scope` -
	(Optional)
	Defines what types of data to redact. If not set, defaults to not redacting any kind of data.
	* REDACT_DISK_STORAGE: On data to be written to disk or similar devices that are capable of holding data even if power is disconnected. This includes data that are temporarily saved on disk.
	Possible values are: `REDACT_DISK_STORAGE`.

	* `inspect_template` -
	(Optional)
	[DLP](https://cloud.google.com/dlp/docs) inspect template name. Use this template to define inspect base settings. If empty, we use the default DLP inspect config.
	Note: inspectTemplate must be located in the same region as the SecuritySettings.
	Format: projects/<Project ID>/locations/<Location ID>/inspectTemplates/<Template ID> OR organizations/<Organization ID>/locations/<Location ID>/inspectTemplates/<Template ID>

	* `deidentify_template` -
	(Optional)
	[DLP](https://cloud.google.com/dlp/docs) deidentify template name. Use this template to define de-identification configuration for the content. If empty, Dialogflow replaces sensitive info with [redacted] text.
	Note: deidentifyTemplate must be located in the same region as the SecuritySettings.
	Format: projects/<Project ID>/locations/<Location ID>/deidentifyTemplates/<Template ID> OR organizations/<Organization ID>/locations/<Location ID>/deidentifyTemplates/<Template ID>

	* `purge_data_types` -
	(Optional)
	List of types of data to remove when retention settings triggers purge.
	Each value may be one of: `DIALOGFLOW_HISTORY`.

	* `audio_export_settings` -
	(Optional)
	Controls audio export settings for post-conversation analytics when ingesting audio to conversations.
	If retention_strategy is set to REMOVE_AFTER_CONVERSATION or gcs_bucket is empty, audio export is disabled.
	If audio export is enabled, audio is recorded and saved to gcs_bucket, subject to retention policy of gcs_bucket.
	This setting won't effect audio input for implicit sessions via [Sessions.DetectIntent](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/projects.locations.agents.sessions/detectIntent#google.cloud.dialogflow.cx.v3.Sessions.DetectIntent).
	Structure is [documented below](#nested_audio_export_settings).

	* `insights_export_settings` -
	(Optional)
	Controls conversation exporting settings to Insights after conversation is completed.
	If retentionStrategy is set to REMOVE_AFTER_CONVERSATION, Insights export is disabled no matter what you configure here.
	Structure is [documented below](#nested_insights_export_settings).

	* `retention_window_days` -
	(Optional)
	Retains the data for the specified number of days. User must set a value lower than Dialogflow's default 365d TTL (30 days for Agent Assist traffic), higher value will be ignored and use default. Setting a value higher than that has no effect. A missing value or setting to 0 also means we use default TTL.
	Only one of `retention_window_days` and `retention_strategy` may be set.

	* `retention_strategy` -
	(Optional)
	Defines how long we retain persisted data that contains sensitive info. Only one of `retention_window_days` and `retention_strategy` may be set.
	* REMOVE_AFTER_CONVERSATION: Removes data when the conversation ends. If there is no conversation explicitly established, a default conversation ends when the corresponding Dialogflow session ends.
	Possible values are: `REMOVE_AFTER_CONVERSATION`.

	* `project` - (Optional) The ID of the project in which the resource belongs.
	If it is not provided, the provider project is used.


	<a name="nested_audio_export_settings"></a>The `audio_export_settings` block supports:

	* `gcs_bucket` -
	(Optional)
	Cloud Storage bucket to export audio record to. Setting this field would grant the Storage Object Creator role to the Dialogflow Service Agent. API caller that tries to modify this field should have the permission of storage.buckets.setIamPolicy.

	* `audio_export_pattern` -
	(Optional)
	Filename pattern for exported audio.

	* `enable_audio_redaction` -
	(Optional)
	Enable audio redaction if it is true.

	* `audio_format` -
	(Optional)
	File format for exported audio file. Currently only in telephony recordings.
	* MULAW: G.711 mu-law PCM with 8kHz sample rate.
	* MP3: MP3 file format.
	* OGG: OGG Vorbis.
	Possible values are: `MULAW`, `MP3`, `OGG`.

	<a name="nested_insights_export_settings"></a>The `insights_export_settings` block supports:

	* `enable_insights_export` -
	(Required)
	If enabled, we will automatically exports conversations to Insights and Insights runs its analyzers.

	## Attributes Reference

	In addition to the arguments listed above, the following computed attributes are exported:

	* `id` - an identifier for the resource with format `projects/{{project}}/locations/{{location}}/securitySettings/{{name}}`

	* `name` -
	The unique identifier of the settings.
	Format: projects/<Project ID>/locations/<Location ID>/securitySettings/<Security Settings ID>.


	## Timeouts

	This resource provides the following
	[Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options:

	- `create` - Default is 40 minutes.
	- `update` - Default is 40 minutes.
	- `delete` - Default is 20 minutes.

	## Import


	SecuritySettings can be imported using any of these accepted formats:

	* `projects/{{project}}/locations/{{location}}/securitySettings/{{name}}`
	* `{{project}}/{{location}}/{{name}}`
	* `{{location}}/{{name}}`


	In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import SecuritySettings using one of the formats above. For example:

	```tf
	import {
	id = "projects/{{project}}/locations/{{location}}/securitySettings/{{name}}"
	to = google_dialogflow_cx_security_settings.default
	}
	```

	When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), SecuritySettings can be imported using one of the formats above. For example:

	```
	$ terraform import google_dialogflow_cx_security_settings.default projects/{{project}}/locations/{{location}}/securitySettings/{{name}}
	$ terraform import google_dialogflow_cx_security_settings.default {{project}}/{{location}}/{{name}}
	$ terraform import google_dialogflow_cx_security_settings.default {{location}}/{{name}}
	```

	## User Project Overrides

	This resource supports [User Project Overrides](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#user_project_override).