Running the sample application

A sample application to use AI Developer Edition.

In AI Developer Edition, a user uploads a file using the sample application, which is processed by the Data Discovery container. The containers detect sensitive data. A Python module then redacts, masks, or protects and unprotects the data. The sanitized file is saved to a configured location. For more information about the sample application, refer to Sample application.

Use the steps provided here to run the application end-to-end. If required, run the APIs and functions provided for performing specific tasks. For more information about the identification APIs, refer to Data Discovery API.

Note: The Java samples provided in this section are for Linux or macOS. For Windows, use <filename>.bat.

Applications are provided out-of-the-box to test and understand the capabilities of AI Developer Edition.

Running the sample find application

  1. Open a command prompt.
  2. Navigate to the directory where AI Developer Edition is cloned.
  3. Run the sample application using the following command.
python samples/python/sample-app-find.py

bash samples/java/sample-app-find.sh
  1. View the output of the files processed on the screen. The output displays a list of sensitive items in the source file.

Running the sample find and redact application

  1. Open a command prompt.
  2. Navigate to the directory where AI Developer Edition is cloned.
  3. Run the sample application using the following command.
python samples/python/sample-app-find-and-redact.py

bash samples/java/sample-app-find-and-redact.sh
  1. View the output of the files processed on the screen. The output displays a list of sensitive items in the source file. It also displays the location and name of the output file with the redacted output.
  2. View the processed output file in the output directory.

Running Data Discovery

The sample-classification-python-text analyzes the text in the file. The sample-classification-python-tabular analyzes text from the data-discovery/input.csv file. For more information about the Data Discovery APIs, refer to the section Data Discovery APIs.

  1. Open a command prompt.

  2. Navigate to the directory where AI Developer Edition is cloned.

  3. Run the sample application using the following command.

    python data-discovery/sample-classification-python-text.py
python data-discovery/sample-classification-python-tabular.py

  4. View the output of the files processed on the screen. The output displays a list of sensitive items in the source file.

Running Semantic Guardrail

For more information about the Semantic Guardrail APIs, refer to the section Semantic Guardrail APIs.

  1. Open a command prompt.

  2. Navigate to the directory where AI Developer Edition is cloned.

  3. Run the following command to test Semantic Guardrails using python scripts. The following command submits a multi-turn conversation for analysis. One for semantic and a second one for PII processing.

    python semantic-guardrail/sample-guardrail-python.py

  4. Run the following command to start Jupyter Lab for running Semantic Guardrail.

    jupyter lab

  5. Copy the URL displayed and navigate to the site from a web browser. Ensure that localhost is replaced with the IP address of the system where the AI Developer Edition is set up.

  6. In the left pane of the Jupyter Lab, navigate to samples/python/sample-app-semantic-guardrails.

  7. Open the Sample Application.ipynb file.

  8. Click the Play icon and follow the prompts in the Jupyter Lab.

Generating Synthetic Data

For more information about the Synthetic Data APIs, refer to the section Synthetic Data APIs.

  1. Open a command prompt.

  2. Navigate to the directory where AI Developer Edition is cloned.

  3. Run the following command to start Jupyter Lab.

    jupyter lab

  4. Copy the URL displayed and navigate to the site from a web browser. Ensure that localhost is replaced with the IP address of the system where the AI Developer Edition is set up.

  5. In the left pane of the Jupyter Lab, navigate to samples/python/sample-app-synthetic-data.

  6. Open the synthetic_data.ipynb file.

  7. Click the Play icon and follow the prompts in the Jupyter Lab.

Using the protection notebook

The online notebook provides a quick way to test tokenization using just a browser.

  1. Ensure that the required credentials are obtained and environment variables specified, using the steps from Optional - Obtaining access to the AI Developer Edition API Service.

  2. Navigate to the protection notebook.

  3. Click the Play button to progress through the notebook. Specify the email address, password, and API key when prompted.

Running the sample find and protect application

  1. Ensure that the required credentials are obtained and environment variables specified, using the steps from Optional - Obtaining access to the AI Developer Edition API Service.
  2. Open a command prompt.
  3. Navigate to the directory where AI Developer Edition is cloned.
  4. Run the sample application using the following command.
python samples/python/sample-app-find-and-protect.py

bash samples/java/sample-app-find-and-protect.sh

  1. View the output of the files processed on the screen. The output displays the protected data and unprotected data.

  2. View the processed output file in the output directory. The samples/sample-data/output-protect.txt file is generated with protected, tokenized-like, values.

  3. To obtain the original data, run the following command.

python samples/python/sample-app-find-and-unprotect.py

bash samples/java/sample-app-find-and-unprotect.sh

This reads the `samples/sample-data/output-protect.txt` file and produces the `samples/sample-data/output-unprotect.txt` file with original values.

Running the script for protecting data

The sample-app-protection showcases the various scenarios to protect, unprotect, and reprotect data.

Understanding Users and Roles

The users and roles are built-in for impersonate testing. Leverage any of the preconfigured users to showcase Protegrity’s Role-Based Access Controls. Using a different user will result in distinct views over sensitive data. Some users will only be able to protect data but will not be able to reverse the operation. Some users will only be able to re-identify selected attributes.

To use any of the roles, simply pass the chosen value to the payload in the user attribute during the protect or unprotect operation. If the user is not specified, the request will default to superuser.

The following roles and users have been configured and are available for use:

RoleUserDescription
ADMINadmin, devops, jay.banerjeeThe role can protect all data but cannot unprotect. If this role attempts to unprotect, they will only see protected values.
FINANCEfinance, robin.goodwillThe role can unprotect all PII and PCI data. The role cannot protect any data. If this role attempts to unprotect data without authorization they will only see null values.
MARKETINGmarketing, merlin.ishidaThe role can unprotect some PII data that is required for analytical research and campaign outreach. When attempting to unprotect data without authorization, they will only see null values. The role cannot protect any data.
HRhr, paloma.torresThe role can unprotect all PII data but cannot view any PCI data. When attempting to unprotect data without authorization, they will only see null values. The role cannot protect any data.
OTHERsuperuserThe role can perform any protect and unprotect operation. This superuser role has been made available for testing only. It is strongly advised that superuser roles should not be created.

Additionally, it is possible to enter in any username to simulate unauthorized user behavior.

Understanding the Data Elements

Provided here is a list of supported data elements. For a mapping of the Data Element and the Entity Type, refer to Supported Sensitive Entity Types.

For more information about the data elements policy, refer to Policy Definition.

NameDescription
nameProtect or unprotect name of a person.
name_deProtect or unprotect name of a person in the German language.
name_frProtect or unprotect name of a person in the French language.
addressProtect or unprotect an address.
address_deProtect or unprotect an address in the German language.
address_frProtect or unprotect an address in the French language.
cityProtect or unprotect a town or city.
city_deProtect or unprotect a town or city name in the German language.
city_frProtect or unprotect a town or city name in the French language.
postcodeProtect or unprotect a postal code with digits and characters.
zipcodeProtect or unprotect a postal code with digits only.
phoneProtect or unprotect a phone number.
emailProtect or unprotect an email.
datetimeProtect or unprotect all components of a datetime string date, month, and year. The input for the datetime data element must be in the yyyy-mm-dd [hh:mm:ss] format.
datetime_ycProtect or unprotect a datetime string. Year will be in the clear. The input for the datetime data element must be in the yyyy-mm-dd [hh:mm:ss] format.
intProtect or unprotect a 4-byte integer string.
ninProtect or unprotect a National Insurance Number UK.
ssnProtect or unprotect a Social Security Number US.
ccnProtect or unprotect a Credit Card Number.
ccn_binProtect or unprotect a Credit Card Number. Leaves 8-digit BIN in the clear.
passportProtect or unprotect a passport number.
ibanProtect or unprotect an International Banking Account Number.
iban_ccProtect or unprotect an International Banking Account Number. Leaves letters in the clear.
stringProtect or unprotect a string.
numberProtect or unprotect a number.
textProtect or unprotect text using encryption.
maskUnprotect with any user not having permission to perform unprotect operation. The output is masked.
fpe_numericProtect or unprotect a number using a Format Preserving Encryption data element.
fpe_alphaProtect or unprotect a string containing alphabets using a Format Preserving Encryption data element.
fpe_alphanumericProtect or unprotect a string containing alphabets and numbers using a Format Preserving Encryption data element.
fpe_latin1_alphaProtect or unprotect a string containing basic latin and latin-1 supplement characters using a Format Preserving Encryption data element.
fpe_latin1_alphanumericProtect or unprotect a string containing numbers, basic latin and latin-1 supplement characters using a Format Preserving Encryption data element.
no_encryptionWhen applied, the No Encryption protection method lets sensitive data be stored in the clear. It is highly transparent, which means that the implementation of this method does not cause any changes in the target environment.
shortProtect or unprotect a 2-byte integer string.
longProtect or unprotect a 8-byte integer string.

Testing the sample file

  1. Ensure that the required credentials are obtained and environment variables specified, using the steps from Optional - Obtaining access to the AI Developer Edition API Service.
  2. Open a command prompt.
  3. Navigate to the directory where AI Developer Edition is cloned.
  4. Protect data using the following command.
python samples/python/sample-app-protection.py --input_data "John Smith" --policy_user superuser --data_element name --protect

bash samples/java/sample-app-protection.sh --input_data "John Smith" --policy_user superuser --data_element name --protect

  1. View the protected output.

  2. Unprotect the data obtained from the earlier step using the following command.

python samples/python/sample-app-protection.py --input_data "<protected_data>" --policy_user superuser --data_element name --unprotect

bash samples/java/sample-app-protection.sh --input_data "<protected_data>" --policy_user superuser --data_element name --unprotect

  1. View the unprotected output.

  2. Encrypt data using the following command.

python samples/python/sample-app-protection.py --input_data "John Smith" --policy_user superuser --data_element text --enc

bash samples/java/sample-app-protection.sh --input_data "John Smith" --policy_user superuser --data_element text --enc

  1. View the encrypted output.

  2. Decrypt the data obtained from the earlier step using the following command.

python samples/python/sample-app-protection.py --input_data "<encrypted_data>" --policy_user superuser --data_element text --dec

bash samples/java/sample-app-protection.sh --input_data "<encrypted_data>" --policy_user superuser --data_element text --dec

  1. View the decrypted output.

  2. Use the help command for more information about using the sample file.

python samples/python/sample-app-protection.py --help

bash samples/java/sample-app-protection.sh --help

FPE, Masking, and No Encryption Samples

  1. Open a command prompt.
  2. Navigate to the directory where AI Developer Edition is cloned.
  3. Run the Format Preserving Encryption (FPE) using the following command.
python samples/python/sample-app-protection.py --input_data "ELatin1_S+NSABC¹º»¼½¾¿ÄÅÆÇÈAlice1234567Bob" --policy_user superuser --data_element fpe_latin1_alphanumeric --protect

bash samples/java/sample-app-protection.sh --input_data "ELatin1_S+NSABC¹º»¼½¾¿ÄÅÆÇÈAlice1234567Bob" --policy_user superuser --data_element fpe_latin1_alphanumeric --protect

  1. View the protected output.

  2. Unprotect the data obtained from the earlier step using the following command.

python samples/python/sample-app-protection.py --input_data "VðÈuXñ5_À+Áîg1ÿ¹º»¼½¾¿12ÔP1ëÕÖlgxÏHóFÚ6O3W" --policy_user superuser --data_element fpe_latin1_alphanumeric --unprotect

bash samples/java/sample-app-protection.sh --input_data "VðÈuXñ5_À+Áîg1ÿ¹º»¼½¾¿12ÔP1ëÕÖlgxÏHóFÚ6O3W" --policy_user superuser --data_element fpe_latin1_alphanumeric --unprotect
  1. View the unprotected output.
  2. Use the no_encryption data element using the following command.
python samples/python/sample-app-protection.py --input_data "John Smith" --policy_user superuser --data_element no_encryption --protect

bash samples/java/sample-app-protection.sh --input_data "John Smith" --policy_user superuser --data_element no_encryption --protect

  1. View the output. The output data will be in clear.

  2. Unprotect the data using masking data element.

python samples/python/sample-app-protection.py --input_data "John Smith" --policy_user hr --data_element mask --unprotect

bash samples/java/sample-app-protection.sh --input_data "John Smith" --policy_user hr --data_element mask --unprotect

Additional use cases

This section demonstrates the expected behavior of various user roles when running the sample-app-protection.py. Each section describes the permissions and restrictions for a role, followed by example commands and their outputs.

ADMIN

Users: admin, devops, jay.banerjee

This role can protect all data but cannot unprotect. When attempting to unprotect, protected values are displayed.

python samples/python/sample-app-protection.py --input_data "Protegrity$" --policy_user devops --data_element name --protect

bash samples/java/sample-app-protection.sh --input_data "Protegrity$" --policy_user devops --data_element name --protect

python samples/python/sample-app-protection.py --input_data "2839874358655598" --policy_user admin --data_element ccn --protect

bash samples/java/sample-app-protection.sh --input_data "2839874358655598" --policy_user admin --data_element ccn --protect

python samples/python/sample-app-protection.py --input_data "CxWHeztVNp$" --policy_user jay.banerjee --data_element name --protect --unprotect

bash samples/java/sample-app-protection.sh --input_data "CxWHeztVNp$" --policy_user jay.banerjee --data_element name --protect --unprotect

python samples/python/sample-app-protection.py --input_data "6211214171366290" --policy_user admin --data_element ccn --protect --unprotect

bash samples/java/sample-app-protection.sh --input_data "6211214171366290" --policy_user admin --data_element ccn --protect --unprotect

FINANCE

Users: finance, robin.goodwill

This role can unprotect all PII and PCI data. The role cannot protect any data. When attempting to unprotect data without authorization, the value Null is displayed.

python samples/python/sample-app-protection.py --input_data "xzrT sqdVc" --policy_user finance --data_element name --unprotect

bash samples/java/sample-app-protection.sh --input_data "xzrT sqdVc" --policy_user finance --data_element name --unprotect

python samples/python/sample-app-protection.py --input_data "4321567898765432" --policy_user finance --data_element ccn --unprotect

bash samples/java/sample-app-protection.sh --input_data "4321567898765432" --policy_user finance --data_element ccn --unprotect

python samples/python/sample-app-protection.py --input_data "John Smith" --policy_user finance --data_element name --protect

bash samples/java/sample-app-protection.sh --input_data "John Smith" --policy_user finance --data_element name --protect

python samples/python/sample-app-protection.py --input_data "2839874358655598" --policy_user robin.goodwill --data_element ccn --protect

bash samples/java/sample-app-protection.sh --input_data "2839874358655598" --policy_user robin.goodwill --data_element ccn --protect

python samples/python/sample-app-protection.py --input_data "1998/10/11" --policy_user finance --data_element datetime  --unprotect

bash samples/java/sample-app-protection.sh --input_data "1998/10/11" --policy_user finance --data_element datetime  --unprotect

python samples/python/sample-app-protection.py --input_data "1998/10/11" --policy_user robin.goodwill --data_element datetime  --unprotect

bash samples/java/sample-app-protection.sh --input_data "1998/10/11" --policy_user robin.goodwill --data_element datetime  --unprotect

MARKETING

Users: marketing, merlin.ishida

This role can unprotect some PII data that is required for analytical research and campaign outreach. The role cannot protect any data. When attempting to unprotect data without authorization, the value Null is displayed.

python samples/python/sample-app-protection.py --input_data "DnZQHKcpVJ, J.G." --policy_user marketing --data_element city --unprotect

bash samples/java/sample-app-protection.sh --input_data "DnZQHKcpVJ, J.G." --policy_user marketing --data_element city --unprotect

python samples/python/sample-app-protection.py --input_data "4321567898765432" --policy_user merlin.ishida --data_element ccn --unprotect

bash samples/java/sample-app-protection.sh --input_data "4321567898765432" --policy_user merlin.ishida --data_element ccn --unprotect

python samples/python/sample-app-protection.py --input_data "Washington, D.C." --policy_user marketing --data_element city --protect

bash samples/java/sample-app-protection.sh --input_data "Washington, D.C." --policy_user marketing --data_element city --protect

python samples/python/sample-app-protection.py --input_data "2839874358655598" --policy_user merlin.ishida --data_element ccn --protect

bash samples/java/sample-app-protection.sh --input_data "2839874358655598" --policy_user merlin.ishida --data_element ccn --protect

HR

Users: hr, paloma.torres

This role can unprotect all PII data but cannot view any PCI data. The role cannot protect any data. When attempting to unprotect data without authorization, the value Null is displayed.

python samples/python/sample-app-protection.py --input_data "2839874358655598" --policy_user paloma.torres --data_element ccn --unprotect

bash samples/java/sample-app-protection.sh --input_data "2839874358655598" --policy_user paloma.torres --data_element ccn --unprotect

python samples/python/sample-app-protection.py --input_data "CIF123654987" --policy_user hr --data_element passport --unprotect

bash samples/java/sample-app-protection.sh --input_data "CIF123654987" --policy_user hr --data_element passport --unprotect

python samples/python/sample-app-protection.py --input_data "John Doe" --policy_user hr --data_element name --protect

bash samples/java/sample-app-protection.sh --input_data "John Doe" --policy_user hr --data_element name --protect

python samples/python/sample-app-protection.py --input_data "John Doe" --policy_user paloma.torres --data_element name --protect

bash samples/java/sample-app-protection.sh --input_data "John Doe" --policy_user paloma.torres --data_element name --protect

python samples/python/sample-app-protection.py --input_data "4321567898765432" --policy_user paloma.torres --data_element ccn --protect

bash samples/java/sample-app-protection.sh --input_data "4321567898765432" --policy_user paloma.torres --data_element ccn --protect

OTHER

User: superuser

This role can perform any protect and unprotect operation. The role is only made available for testing. It is strongly advised against creating superuser roles in an environment.

python samples/python/sample-app-protection.py --input_data "John Smith" --policy_user superuser --data_element name --protect --unprotect

bash samples/java/sample-app-protection.sh --input_data "John Smith" --policy_user superuser --data_element name --protect --unprotect

python samples/python/sample-app-protection.py --input_data "2839874358655598" --policy_user superuser --data_element ccn --protect --unprotect

bash samples/java/sample-app-protection.sh --input_data "2839874358655598" --policy_user superuser --data_element ccn --protect --unprotect

Last modified : January 20, 2026