Datadog v4.50.0, May 1 25

Datadog v4.50.0 published on Thursday, May 1, 2025 by Pulumi

datadog.SensitiveDataScannerRule

Explore with Pulumi AI

Datadog v4.50.0 published on Thursday, May 1, 2025 by Pulumi

Provides a Datadog SensitiveDataScannerRule resource. This can be used to create and manage Datadog sensitive_data_scanner_rule. Setting the create_before_destroy lifecycle Meta-argument to true is highly recommended if modifying the included_keyword_configuration field to avoid unexpectedly disabling Sensitive Data Scanner groups.

Create SensitiveDataScannerRule Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new SensitiveDataScannerRule(name: string, args: SensitiveDataScannerRuleArgs, opts?: CustomResourceOptions);

@overload
def SensitiveDataScannerRule(resource_name: str,
                             args: SensitiveDataScannerRuleArgs,
                             opts: Optional[ResourceOptions] = None)

@overload
def SensitiveDataScannerRule(resource_name: str,
                             opts: Optional[ResourceOptions] = None,
                             group_id: Optional[str] = None,
                             description: Optional[str] = None,
                             excluded_namespaces: Optional[Sequence[str]] = None,
                             included_keyword_configuration: Optional[SensitiveDataScannerRuleIncludedKeywordConfigurationArgs] = None,
                             is_enabled: Optional[bool] = None,
                             name: Optional[str] = None,
                             namespaces: Optional[Sequence[str]] = None,
                             pattern: Optional[str] = None,
                             priority: Optional[int] = None,
                             standard_pattern_id: Optional[str] = None,
                             tags: Optional[Sequence[str]] = None,
                             text_replacement: Optional[SensitiveDataScannerRuleTextReplacementArgs] = None)

func NewSensitiveDataScannerRule(ctx *Context, name string, args SensitiveDataScannerRuleArgs, opts ...ResourceOption) (*SensitiveDataScannerRule, error)

public SensitiveDataScannerRule(string name, SensitiveDataScannerRuleArgs args, CustomResourceOptions? opts = null)

public SensitiveDataScannerRule(String name, SensitiveDataScannerRuleArgs args)
public SensitiveDataScannerRule(String name, SensitiveDataScannerRuleArgs args, CustomResourceOptions options)

type: datadog:SensitiveDataScannerRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args SensitiveDataScannerRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args SensitiveDataScannerRuleArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args SensitiveDataScannerRuleArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args SensitiveDataScannerRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args SensitiveDataScannerRuleArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var sensitiveDataScannerRuleResource = new Datadog.SensitiveDataScannerRule("sensitiveDataScannerRuleResource", new()
{
    GroupId = "string",
    Description = "string",
    ExcludedNamespaces = new[]
    {
        "string",
    },
    IncludedKeywordConfiguration = new Datadog.Inputs.SensitiveDataScannerRuleIncludedKeywordConfigurationArgs
    {
        CharacterCount = 0,
        Keywords = new[]
        {
            "string",
        },
    },
    IsEnabled = false,
    Name = "string",
    Namespaces = new[]
    {
        "string",
    },
    Pattern = "string",
    Priority = 0,
    StandardPatternId = "string",
    Tags = new[]
    {
        "string",
    },
    TextReplacement = new Datadog.Inputs.SensitiveDataScannerRuleTextReplacementArgs
    {
        Type = "string",
        NumberOfChars = 0,
        ReplacementString = "string",
    },
});

example, err := datadog.NewSensitiveDataScannerRule(ctx, "sensitiveDataScannerRuleResource", &datadog.SensitiveDataScannerRuleArgs{
	GroupId:     pulumi.String("string"),
	Description: pulumi.String("string"),
	ExcludedNamespaces: pulumi.StringArray{
		pulumi.String("string"),
	},
	IncludedKeywordConfiguration: &datadog.SensitiveDataScannerRuleIncludedKeywordConfigurationArgs{
		CharacterCount: pulumi.Int(0),
		Keywords: pulumi.StringArray{
			pulumi.String("string"),
		},
	},
	IsEnabled: pulumi.Bool(false),
	Name:      pulumi.String("string"),
	Namespaces: pulumi.StringArray{
		pulumi.String("string"),
	},
	Pattern:           pulumi.String("string"),
	Priority:          pulumi.Int(0),
	StandardPatternId: pulumi.String("string"),
	Tags: pulumi.StringArray{
		pulumi.String("string"),
	},
	TextReplacement: &datadog.SensitiveDataScannerRuleTextReplacementArgs{
		Type:              pulumi.String("string"),
		NumberOfChars:     pulumi.Int(0),
		ReplacementString: pulumi.String("string"),
	},
})

var sensitiveDataScannerRuleResource = new SensitiveDataScannerRule("sensitiveDataScannerRuleResource", SensitiveDataScannerRuleArgs.builder()
    .groupId("string")
    .description("string")
    .excludedNamespaces("string")
    .includedKeywordConfiguration(SensitiveDataScannerRuleIncludedKeywordConfigurationArgs.builder()
        .characterCount(0)
        .keywords("string")
        .build())
    .isEnabled(false)
    .name("string")
    .namespaces("string")
    .pattern("string")
    .priority(0)
    .standardPatternId("string")
    .tags("string")
    .textReplacement(SensitiveDataScannerRuleTextReplacementArgs.builder()
        .type("string")
        .numberOfChars(0)
        .replacementString("string")
        .build())
    .build());

sensitive_data_scanner_rule_resource = datadog.SensitiveDataScannerRule("sensitiveDataScannerRuleResource",
    group_id="string",
    description="string",
    excluded_namespaces=["string"],
    included_keyword_configuration={
        "character_count": 0,
        "keywords": ["string"],
    },
    is_enabled=False,
    name="string",
    namespaces=["string"],
    pattern="string",
    priority=0,
    standard_pattern_id="string",
    tags=["string"],
    text_replacement={
        "type": "string",
        "number_of_chars": 0,
        "replacement_string": "string",
    })

const sensitiveDataScannerRuleResource = new datadog.SensitiveDataScannerRule("sensitiveDataScannerRuleResource", {
    groupId: "string",
    description: "string",
    excludedNamespaces: ["string"],
    includedKeywordConfiguration: {
        characterCount: 0,
        keywords: ["string"],
    },
    isEnabled: false,
    name: "string",
    namespaces: ["string"],
    pattern: "string",
    priority: 0,
    standardPatternId: "string",
    tags: ["string"],
    textReplacement: {
        type: "string",
        numberOfChars: 0,
        replacementString: "string",
    },
});

type: datadog:SensitiveDataScannerRule
properties:
    description: string
    excludedNamespaces:
        - string
    groupId: string
    includedKeywordConfiguration:
        characterCount: 0
        keywords:
            - string
    isEnabled: false
    name: string
    namespaces:
        - string
    pattern: string
    priority: 0
    standardPatternId: string
    tags:
        - string
    textReplacement:
        numberOfChars: 0
        replacementString: string
        type: string

SensitiveDataScannerRule Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The SensitiveDataScannerRule resource accepts the following input properties:

GroupId string: Id of the scanning group the rule belongs to.
Description string: Description of the rule.
ExcludedNamespaces List<string>: Attributes excluded from the scan. If namespaces is provided, it has to be a sub-path of the namespaces array.
IncludedKeywordConfiguration SensitiveDataScannerRuleIncludedKeywordConfiguration: Object defining a set of keywords and a number of characters that help reduce noise. You can provide a list of keywords you would like to check within a defined proximity of the matching pattern. If any of the keywords are found within the proximity check then the match is kept. If none are found, the match is discarded. If the rule has the standard_pattern_id field, then discarding this field will apply the recommended keywords. Setting the create_before_destroy lifecycle Meta-argument to true is highly recommended if modifying this field to avoid unexpectedly disabling Sensitive Data Scanner groups.
IsEnabled bool: Whether or not the rule is enabled.
Name string: Name of the rule.
Namespaces List<string>: Attributes included in the scan. If namespaces is empty or missing, all attributes except excluded_namespaces are scanned. If both are missing the whole event is scanned.
Pattern string: Not included if there is a relationship to a standard pattern.
Priority int: Priority level of the rule (optional). Used to order sensitive data discovered in the sds summary page. It must be between 1 and 5 (1 being the most important).
StandardPatternId string: Id of the standard pattern the rule refers to. If provided, then pattern must not be provided.
Tags List<string>: List of tags.
TextReplacement SensitiveDataScannerRuleTextReplacement: Object describing how the scanned event will be replaced. Defaults to type: none

GroupId string: Id of the scanning group the rule belongs to.
Description string: Description of the rule.
ExcludedNamespaces []string: Attributes excluded from the scan. If namespaces is provided, it has to be a sub-path of the namespaces array.
IncludedKeywordConfiguration SensitiveDataScannerRuleIncludedKeywordConfigurationArgs: Object defining a set of keywords and a number of characters that help reduce noise. You can provide a list of keywords you would like to check within a defined proximity of the matching pattern. If any of the keywords are found within the proximity check then the match is kept. If none are found, the match is discarded. If the rule has the standard_pattern_id field, then discarding this field will apply the recommended keywords. Setting the create_before_destroy lifecycle Meta-argument to true is highly recommended if modifying this field to avoid unexpectedly disabling Sensitive Data Scanner groups.
IsEnabled bool: Whether or not the rule is enabled.
Name string: Name of the rule.
Namespaces []string: Attributes included in the scan. If namespaces is empty or missing, all attributes except excluded_namespaces are scanned. If both are missing the whole event is scanned.
Pattern string: Not included if there is a relationship to a standard pattern.
Priority int: Priority level of the rule (optional). Used to order sensitive data discovered in the sds summary page. It must be between 1 and 5 (1 being the most important).
StandardPatternId string: Id of the standard pattern the rule refers to. If provided, then pattern must not be provided.
Tags []string: List of tags.
TextReplacement SensitiveDataScannerRuleTextReplacementArgs: Object describing how the scanned event will be replaced. Defaults to type: none

groupId String: Id of the scanning group the rule belongs to.
description String: Description of the rule.
excludedNamespaces List<String>: Attributes excluded from the scan. If namespaces is provided, it has to be a sub-path of the namespaces array.
includedKeywordConfiguration SensitiveDataScannerRuleIncludedKeywordConfiguration: Object defining a set of keywords and a number of characters that help reduce noise. You can provide a list of keywords you would like to check within a defined proximity of the matching pattern. If any of the keywords are found within the proximity check then the match is kept. If none are found, the match is discarded. If the rule has the standard_pattern_id field, then discarding this field will apply the recommended keywords. Setting the create_before_destroy lifecycle Meta-argument to true is highly recommended if modifying this field to avoid unexpectedly disabling Sensitive Data Scanner groups.
isEnabled Boolean: Whether or not the rule is enabled.
name String: Name of the rule.
namespaces List<String>: Attributes included in the scan. If namespaces is empty or missing, all attributes except excluded_namespaces are scanned. If both are missing the whole event is scanned.
pattern String: Not included if there is a relationship to a standard pattern.
priority Integer: Priority level of the rule (optional). Used to order sensitive data discovered in the sds summary page. It must be between 1 and 5 (1 being the most important).
standardPatternId String: Id of the standard pattern the rule refers to. If provided, then pattern must not be provided.
tags List<String>: List of tags.
textReplacement SensitiveDataScannerRuleTextReplacement: Object describing how the scanned event will be replaced. Defaults to type: none

groupId string: Id of the scanning group the rule belongs to.
description string: Description of the rule.
excludedNamespaces string[]: Attributes excluded from the scan. If namespaces is provided, it has to be a sub-path of the namespaces array.
includedKeywordConfiguration SensitiveDataScannerRuleIncludedKeywordConfiguration: Object defining a set of keywords and a number of characters that help reduce noise. You can provide a list of keywords you would like to check within a defined proximity of the matching pattern. If any of the keywords are found within the proximity check then the match is kept. If none are found, the match is discarded. If the rule has the standard_pattern_id field, then discarding this field will apply the recommended keywords. Setting the create_before_destroy lifecycle Meta-argument to true is highly recommended if modifying this field to avoid unexpectedly disabling Sensitive Data Scanner groups.
isEnabled boolean: Whether or not the rule is enabled.
name string: Name of the rule.
namespaces string[]: Attributes included in the scan. If namespaces is empty or missing, all attributes except excluded_namespaces are scanned. If both are missing the whole event is scanned.
pattern string: Not included if there is a relationship to a standard pattern.
priority number: Priority level of the rule (optional). Used to order sensitive data discovered in the sds summary page. It must be between 1 and 5 (1 being the most important).
standardPatternId string: Id of the standard pattern the rule refers to. If provided, then pattern must not be provided.
tags string[]: List of tags.
textReplacement SensitiveDataScannerRuleTextReplacement: Object describing how the scanned event will be replaced. Defaults to type: none

group_id str: Id of the scanning group the rule belongs to.
description str: Description of the rule.
excluded_namespaces Sequence[str]: Attributes excluded from the scan. If namespaces is provided, it has to be a sub-path of the namespaces array.
included_keyword_configuration SensitiveDataScannerRuleIncludedKeywordConfigurationArgs: Object defining a set of keywords and a number of characters that help reduce noise. You can provide a list of keywords you would like to check within a defined proximity of the matching pattern. If any of the keywords are found within the proximity check then the match is kept. If none are found, the match is discarded. If the rule has the standard_pattern_id field, then discarding this field will apply the recommended keywords. Setting the create_before_destroy lifecycle Meta-argument to true is highly recommended if modifying this field to avoid unexpectedly disabling Sensitive Data Scanner groups.
is_enabled bool: Whether or not the rule is enabled.
name str: Name of the rule.
namespaces Sequence[str]: Attributes included in the scan. If namespaces is empty or missing, all attributes except excluded_namespaces are scanned. If both are missing the whole event is scanned.
pattern str: Not included if there is a relationship to a standard pattern.
priority int: Priority level of the rule (optional). Used to order sensitive data discovered in the sds summary page. It must be between 1 and 5 (1 being the most important).
standard_pattern_id str: Id of the standard pattern the rule refers to. If provided, then pattern must not be provided.
tags Sequence[str]: List of tags.
text_replacement SensitiveDataScannerRuleTextReplacementArgs: Object describing how the scanned event will be replaced. Defaults to type: none

groupId String: Id of the scanning group the rule belongs to.
description String: Description of the rule.
excludedNamespaces List<String>: Attributes excluded from the scan. If namespaces is provided, it has to be a sub-path of the namespaces array.
includedKeywordConfiguration Property Map: Object defining a set of keywords and a number of characters that help reduce noise. You can provide a list of keywords you would like to check within a defined proximity of the matching pattern. If any of the keywords are found within the proximity check then the match is kept. If none are found, the match is discarded. If the rule has the standard_pattern_id field, then discarding this field will apply the recommended keywords. Setting the create_before_destroy lifecycle Meta-argument to true is highly recommended if modifying this field to avoid unexpectedly disabling Sensitive Data Scanner groups.
isEnabled Boolean: Whether or not the rule is enabled.
name String: Name of the rule.
namespaces List<String>: Attributes included in the scan. If namespaces is empty or missing, all attributes except excluded_namespaces are scanned. If both are missing the whole event is scanned.
pattern String: Not included if there is a relationship to a standard pattern.
priority Number: Priority level of the rule (optional). Used to order sensitive data discovered in the sds summary page. It must be between 1 and 5 (1 being the most important).
standardPatternId String: Id of the standard pattern the rule refers to. If provided, then pattern must not be provided.
tags List<String>: List of tags.
textReplacement Property Map: Object describing how the scanned event will be replaced. Defaults to type: none

Outputs

All input properties are implicitly available as output properties. Additionally, the SensitiveDataScannerRule resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing SensitiveDataScannerRule Resource

Get an existing SensitiveDataScannerRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: SensitiveDataScannerRuleState, opts?: CustomResourceOptions): SensitiveDataScannerRule

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        description: Optional[str] = None,
        excluded_namespaces: Optional[Sequence[str]] = None,
        group_id: Optional[str] = None,
        included_keyword_configuration: Optional[SensitiveDataScannerRuleIncludedKeywordConfigurationArgs] = None,
        is_enabled: Optional[bool] = None,
        name: Optional[str] = None,
        namespaces: Optional[Sequence[str]] = None,
        pattern: Optional[str] = None,
        priority: Optional[int] = None,
        standard_pattern_id: Optional[str] = None,
        tags: Optional[Sequence[str]] = None,
        text_replacement: Optional[SensitiveDataScannerRuleTextReplacementArgs] = None) -> SensitiveDataScannerRule

func GetSensitiveDataScannerRule(ctx *Context, name string, id IDInput, state *SensitiveDataScannerRuleState, opts ...ResourceOption) (*SensitiveDataScannerRule, error)

public static SensitiveDataScannerRule Get(string name, Input<string> id, SensitiveDataScannerRuleState? state, CustomResourceOptions? opts = null)

public static SensitiveDataScannerRule get(String name, Output<String> id, SensitiveDataScannerRuleState state, CustomResourceOptions options)

resources:  _:    type: datadog:SensitiveDataScannerRule    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Description string: Description of the rule.
ExcludedNamespaces List<string>: Attributes excluded from the scan. If namespaces is provided, it has to be a sub-path of the namespaces array.
GroupId string: Id of the scanning group the rule belongs to.
IncludedKeywordConfiguration SensitiveDataScannerRuleIncludedKeywordConfiguration: Object defining a set of keywords and a number of characters that help reduce noise. You can provide a list of keywords you would like to check within a defined proximity of the matching pattern. If any of the keywords are found within the proximity check then the match is kept. If none are found, the match is discarded. If the rule has the standard_pattern_id field, then discarding this field will apply the recommended keywords. Setting the create_before_destroy lifecycle Meta-argument to true is highly recommended if modifying this field to avoid unexpectedly disabling Sensitive Data Scanner groups.
IsEnabled bool: Whether or not the rule is enabled.
Name string: Name of the rule.
Namespaces List<string>: Attributes included in the scan. If namespaces is empty or missing, all attributes except excluded_namespaces are scanned. If both are missing the whole event is scanned.
Pattern string: Not included if there is a relationship to a standard pattern.
Priority int: Priority level of the rule (optional). Used to order sensitive data discovered in the sds summary page. It must be between 1 and 5 (1 being the most important).
StandardPatternId string: Id of the standard pattern the rule refers to. If provided, then pattern must not be provided.
Tags List<string>: List of tags.
TextReplacement SensitiveDataScannerRuleTextReplacement: Object describing how the scanned event will be replaced. Defaults to type: none

Description string: Description of the rule.
ExcludedNamespaces []string: Attributes excluded from the scan. If namespaces is provided, it has to be a sub-path of the namespaces array.
GroupId string: Id of the scanning group the rule belongs to.
IncludedKeywordConfiguration SensitiveDataScannerRuleIncludedKeywordConfigurationArgs: Object defining a set of keywords and a number of characters that help reduce noise. You can provide a list of keywords you would like to check within a defined proximity of the matching pattern. If any of the keywords are found within the proximity check then the match is kept. If none are found, the match is discarded. If the rule has the standard_pattern_id field, then discarding this field will apply the recommended keywords. Setting the create_before_destroy lifecycle Meta-argument to true is highly recommended if modifying this field to avoid unexpectedly disabling Sensitive Data Scanner groups.
IsEnabled bool: Whether or not the rule is enabled.
Name string: Name of the rule.
Namespaces []string: Attributes included in the scan. If namespaces is empty or missing, all attributes except excluded_namespaces are scanned. If both are missing the whole event is scanned.
Pattern string: Not included if there is a relationship to a standard pattern.
Priority int: Priority level of the rule (optional). Used to order sensitive data discovered in the sds summary page. It must be between 1 and 5 (1 being the most important).
StandardPatternId string: Id of the standard pattern the rule refers to. If provided, then pattern must not be provided.
Tags []string: List of tags.
TextReplacement SensitiveDataScannerRuleTextReplacementArgs: Object describing how the scanned event will be replaced. Defaults to type: none

description String: Description of the rule.
excludedNamespaces List<String>: Attributes excluded from the scan. If namespaces is provided, it has to be a sub-path of the namespaces array.
groupId String: Id of the scanning group the rule belongs to.
includedKeywordConfiguration SensitiveDataScannerRuleIncludedKeywordConfiguration: Object defining a set of keywords and a number of characters that help reduce noise. You can provide a list of keywords you would like to check within a defined proximity of the matching pattern. If any of the keywords are found within the proximity check then the match is kept. If none are found, the match is discarded. If the rule has the standard_pattern_id field, then discarding this field will apply the recommended keywords. Setting the create_before_destroy lifecycle Meta-argument to true is highly recommended if modifying this field to avoid unexpectedly disabling Sensitive Data Scanner groups.
isEnabled Boolean: Whether or not the rule is enabled.
name String: Name of the rule.
namespaces List<String>: Attributes included in the scan. If namespaces is empty or missing, all attributes except excluded_namespaces are scanned. If both are missing the whole event is scanned.
pattern String: Not included if there is a relationship to a standard pattern.
priority Integer: Priority level of the rule (optional). Used to order sensitive data discovered in the sds summary page. It must be between 1 and 5 (1 being the most important).
standardPatternId String: Id of the standard pattern the rule refers to. If provided, then pattern must not be provided.
tags List<String>: List of tags.
textReplacement SensitiveDataScannerRuleTextReplacement: Object describing how the scanned event will be replaced. Defaults to type: none

description string: Description of the rule.
excludedNamespaces string[]: Attributes excluded from the scan. If namespaces is provided, it has to be a sub-path of the namespaces array.
groupId string: Id of the scanning group the rule belongs to.
includedKeywordConfiguration SensitiveDataScannerRuleIncludedKeywordConfiguration: Object defining a set of keywords and a number of characters that help reduce noise. You can provide a list of keywords you would like to check within a defined proximity of the matching pattern. If any of the keywords are found within the proximity check then the match is kept. If none are found, the match is discarded. If the rule has the standard_pattern_id field, then discarding this field will apply the recommended keywords. Setting the create_before_destroy lifecycle Meta-argument to true is highly recommended if modifying this field to avoid unexpectedly disabling Sensitive Data Scanner groups.
isEnabled boolean: Whether or not the rule is enabled.
name string: Name of the rule.
namespaces string[]: Attributes included in the scan. If namespaces is empty or missing, all attributes except excluded_namespaces are scanned. If both are missing the whole event is scanned.
pattern string: Not included if there is a relationship to a standard pattern.
priority number: Priority level of the rule (optional). Used to order sensitive data discovered in the sds summary page. It must be between 1 and 5 (1 being the most important).
standardPatternId string: Id of the standard pattern the rule refers to. If provided, then pattern must not be provided.
tags string[]: List of tags.
textReplacement SensitiveDataScannerRuleTextReplacement: Object describing how the scanned event will be replaced. Defaults to type: none

description str: Description of the rule.
excluded_namespaces Sequence[str]: Attributes excluded from the scan. If namespaces is provided, it has to be a sub-path of the namespaces array.
group_id str: Id of the scanning group the rule belongs to.
included_keyword_configuration SensitiveDataScannerRuleIncludedKeywordConfigurationArgs: Object defining a set of keywords and a number of characters that help reduce noise. You can provide a list of keywords you would like to check within a defined proximity of the matching pattern. If any of the keywords are found within the proximity check then the match is kept. If none are found, the match is discarded. If the rule has the standard_pattern_id field, then discarding this field will apply the recommended keywords. Setting the create_before_destroy lifecycle Meta-argument to true is highly recommended if modifying this field to avoid unexpectedly disabling Sensitive Data Scanner groups.
is_enabled bool: Whether or not the rule is enabled.
name str: Name of the rule.
namespaces Sequence[str]: Attributes included in the scan. If namespaces is empty or missing, all attributes except excluded_namespaces are scanned. If both are missing the whole event is scanned.
pattern str: Not included if there is a relationship to a standard pattern.
priority int: Priority level of the rule (optional). Used to order sensitive data discovered in the sds summary page. It must be between 1 and 5 (1 being the most important).
standard_pattern_id str: Id of the standard pattern the rule refers to. If provided, then pattern must not be provided.
tags Sequence[str]: List of tags.
text_replacement SensitiveDataScannerRuleTextReplacementArgs: Object describing how the scanned event will be replaced. Defaults to type: none

description String: Description of the rule.
excludedNamespaces List<String>: Attributes excluded from the scan. If namespaces is provided, it has to be a sub-path of the namespaces array.
groupId String: Id of the scanning group the rule belongs to.
includedKeywordConfiguration Property Map: Object defining a set of keywords and a number of characters that help reduce noise. You can provide a list of keywords you would like to check within a defined proximity of the matching pattern. If any of the keywords are found within the proximity check then the match is kept. If none are found, the match is discarded. If the rule has the standard_pattern_id field, then discarding this field will apply the recommended keywords. Setting the create_before_destroy lifecycle Meta-argument to true is highly recommended if modifying this field to avoid unexpectedly disabling Sensitive Data Scanner groups.
isEnabled Boolean: Whether or not the rule is enabled.
name String: Name of the rule.
namespaces List<String>: Attributes included in the scan. If namespaces is empty or missing, all attributes except excluded_namespaces are scanned. If both are missing the whole event is scanned.
pattern String: Not included if there is a relationship to a standard pattern.
priority Number: Priority level of the rule (optional). Used to order sensitive data discovered in the sds summary page. It must be between 1 and 5 (1 being the most important).
standardPatternId String: Id of the standard pattern the rule refers to. If provided, then pattern must not be provided.
tags List<String>: List of tags.
textReplacement Property Map: Object describing how the scanned event will be replaced. Defaults to type: none

Supporting Types

SensitiveDataScannerRuleIncludedKeywordConfiguration, SensitiveDataScannerRuleIncludedKeywordConfigurationArgs

CharacterCount int: Number of characters before the match to find a keyword validating the match. It must be between 1 and 50 (inclusive).
Keywords List<string>: Keyword list that is checked during scanning in order to validate a match. The number of keywords in the list must be lower than or equal to 30.

CharacterCount int: Number of characters before the match to find a keyword validating the match. It must be between 1 and 50 (inclusive).
Keywords []string: Keyword list that is checked during scanning in order to validate a match. The number of keywords in the list must be lower than or equal to 30.

characterCount Integer: Number of characters before the match to find a keyword validating the match. It must be between 1 and 50 (inclusive).
keywords List<String>: Keyword list that is checked during scanning in order to validate a match. The number of keywords in the list must be lower than or equal to 30.

characterCount number: Number of characters before the match to find a keyword validating the match. It must be between 1 and 50 (inclusive).
keywords string[]: Keyword list that is checked during scanning in order to validate a match. The number of keywords in the list must be lower than or equal to 30.

character_count int: Number of characters before the match to find a keyword validating the match. It must be between 1 and 50 (inclusive).
keywords Sequence[str]: Keyword list that is checked during scanning in order to validate a match. The number of keywords in the list must be lower than or equal to 30.

characterCount Number: Number of characters before the match to find a keyword validating the match. It must be between 1 and 50 (inclusive).
keywords List<String>: Keyword list that is checked during scanning in order to validate a match. The number of keywords in the list must be lower than or equal to 30.

SensitiveDataScannerRuleTextReplacement, SensitiveDataScannerRuleTextReplacementArgs

Type string: Type of the replacement text. None means no replacement. hash means the data will be stubbed. replacementstring means that one can chose a text to replace the data. partialreplacementfrombeginning allows a user to partially replace the data from the beginning, and partialreplacementfrom_end on the other hand, allows to replace data from the end. Valid values are none, hash, replacement_string, partial_replacement_from_beginning, partial_replacement_from_end.
NumberOfChars int: Required if type == 'partialreplacementfrombeginning' or 'partialreplacementfromend'. It must be > 0.
ReplacementString string: Required if type == 'replacement_string'.

Type string: Type of the replacement text. None means no replacement. hash means the data will be stubbed. replacementstring means that one can chose a text to replace the data. partialreplacementfrombeginning allows a user to partially replace the data from the beginning, and partialreplacementfrom_end on the other hand, allows to replace data from the end. Valid values are none, hash, replacement_string, partial_replacement_from_beginning, partial_replacement_from_end.
NumberOfChars int: Required if type == 'partialreplacementfrombeginning' or 'partialreplacementfromend'. It must be > 0.
ReplacementString string: Required if type == 'replacement_string'.

type String: Type of the replacement text. None means no replacement. hash means the data will be stubbed. replacementstring means that one can chose a text to replace the data. partialreplacementfrombeginning allows a user to partially replace the data from the beginning, and partialreplacementfrom_end on the other hand, allows to replace data from the end. Valid values are none, hash, replacement_string, partial_replacement_from_beginning, partial_replacement_from_end.
numberOfChars Integer: Required if type == 'partialreplacementfrombeginning' or 'partialreplacementfromend'. It must be > 0.
replacementString String: Required if type == 'replacement_string'.

type string: Type of the replacement text. None means no replacement. hash means the data will be stubbed. replacementstring means that one can chose a text to replace the data. partialreplacementfrombeginning allows a user to partially replace the data from the beginning, and partialreplacementfrom_end on the other hand, allows to replace data from the end. Valid values are none, hash, replacement_string, partial_replacement_from_beginning, partial_replacement_from_end.
numberOfChars number: Required if type == 'partialreplacementfrombeginning' or 'partialreplacementfromend'. It must be > 0.
replacementString string: Required if type == 'replacement_string'.

type str: Type of the replacement text. None means no replacement. hash means the data will be stubbed. replacementstring means that one can chose a text to replace the data. partialreplacementfrombeginning allows a user to partially replace the data from the beginning, and partialreplacementfrom_end on the other hand, allows to replace data from the end. Valid values are none, hash, replacement_string, partial_replacement_from_beginning, partial_replacement_from_end.
number_of_chars int: Required if type == 'partialreplacementfrombeginning' or 'partialreplacementfromend'. It must be > 0.
replacement_string str: Required if type == 'replacement_string'.

type String: Type of the replacement text. None means no replacement. hash means the data will be stubbed. replacementstring means that one can chose a text to replace the data. partialreplacementfrombeginning allows a user to partially replace the data from the beginning, and partialreplacementfrom_end on the other hand, allows to replace data from the end. Valid values are none, hash, replacement_string, partial_replacement_from_beginning, partial_replacement_from_end.
numberOfChars Number: Required if type == 'partialreplacementfrombeginning' or 'partialreplacementfromend'. It must be > 0.
replacementString String: Required if type == 'replacement_string'.

Import

$ pulumi import datadog:index/sensitiveDataScannerRule:SensitiveDataScannerRule new_list "<rule_id>"

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Datadog pulumi/pulumi-datadog
License: Apache-2.0
Notes: This Pulumi package is based on the datadog Terraform Provider.

Datadog v4.50.0 published on Thursday, May 1, 2025 by Pulumi

pulumi/pulumi-datadog

datadog.SensitiveDataScannerRule

On this page

On this page

Create SensitiveDataScannerRule Resource

Constructor syntax

Parameters

Constructor example

SensitiveDataScannerRule Resource Properties

Inputs

Outputs

Look up Existing SensitiveDataScannerRule Resource

Supporting Types

SensitiveDataScannerRuleIncludedKeywordConfiguration, SensitiveDataScannerRuleIncludedKeywordConfigurationArgs

SensitiveDataScannerRuleTextReplacement, SensitiveDataScannerRuleTextReplacementArgs

Import

Package Details

On this page

On this page