Some products and features are in the process of being renamed. Generative playbook and flow features are also being migrated to a single consolidated console. See the details.
Stay organized with collections
Save and categorize content based on your preferences.
Security settings are used to configure data redaction and data retention.
For example, these settings control how data is redacted in
Cloud logging
and interaction logging used by
Conversation history.
Security settings are set at the project level. If a user is granted access to an agent in a project, they can view project-level Security settings. To update project-level Security settings, a user should have the dialogflow.securitySettings. permission.
The following table provides summary descriptions of the settings.
For more information on the settings, see the
RPC SecuritySettings reference.
Security settings
Description
redaction_strategy
Strategy used for redaction.
redaction_scope
The data redaction is applied to.
inspect_template
DLP inspect template name. There are no incremental costs when using DLP in Conversational Agents (Dialogflow CX).
deidentify_template
DLP deidentify template name. There are no incremental costs when using DLP in Conversational Agents (Dialogflow CX).
purge_data_types
Data to remove when a data retention purge is triggered.
retention_window_days
Number of days that data is retained.
Multiple security settings can be configured in each
location.
Each agent can specify the security settings to apply, and each setting can be
applied to multiple agents in the same project and location.
For more information about how data is applied at varying levels, see the
data application levels.
If no security settings are specified in an agent,
no redaction will be applied.
Create a security settings resource
To create a security settings resource in a particular location:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-07 UTC."],[[["\u003cp\u003eSecurity settings at the project level configure data redaction and retention for data in Cloud Logging and Conversation history, with access and updates requiring specific Dialogflow permissions.\u003c/p\u003e\n"],["\u003cp\u003eThese settings include various options like redaction strategy and scope, DLP inspect and deidentify templates, data purge types, and the number of days data is retained.\u003c/p\u003e\n"],["\u003cp\u003eMultiple security settings can be configured per location, applied to one or more agents within the same project and location, while not specifying a setting results in no redaction.\u003c/p\u003e\n"],["\u003cp\u003eSecurity settings can be managed through the Dialogflow CX console or via API methods, allowing for the creation of new settings or the application of existing settings to agents.\u003c/p\u003e\n"],["\u003cp\u003eA default template is used if DLP is not defined, which could be unreliable at identifying certain types of data; therefore it is recommended that users create their own DLP template.\u003c/p\u003e\n"]]],[],null,["# Security settings are used to configure data redaction and data retention.\nFor example, these settings control how data is redacted in\n[Cloud logging](/dialogflow/cx/docs/concept/logging)\nand interaction logging used by\n[Conversation history](/dialogflow/cx/docs/concept/conversation-history).\n\nSecurity settings are set at the project level. If a user is granted [access](/dialogflow/cx/docs/concept/access-control#df-console) to an agent in a project, they can view project-level Security settings. To update project-level Security settings, a user should have the [dialogflow.securitySettings. permission](/iam/docs/understanding-roles#dialogflow.aamAdmin).\n| **Note:** For other redaction options, see [parameter redaction](/dialogflow/cx/docs/concept/parameter#redact).\n\nThe following table provides summary descriptions of the settings.\nFor more information on the settings, see the\n[RPC SecuritySettings reference](/dialogflow/cx/docs/reference/rpc/google.cloud.dialogflow.cx.v3#google.cloud.dialogflow.cx.v3.SecuritySettings).\n\nMultiple security settings can be configured in each\n[location](/dialogflow/cx/docs/concept/region).\nEach agent can specify the security settings to apply, and each setting can be\napplied to multiple agents in the same project and location.\nFor more information about how data is applied at varying levels, see the\n[data application levels](/dialogflow/cx/docs/concept/data-level).\n\nIf no security settings are specified in an agent,\nno redaction will be applied.\n\nCreate a security settings resource\n-----------------------------------\n\nTo create a security settings resource in a particular location: \n\n### Console\n\n1. Open the [Dialogflow CX console](https://dialogflow.cloud.google.com/cx/projects).\n2. Choose your Google Cloud project.\n3. Select your agent.\n4. Click **Agent Settings**.\n5. Click the **Security** tab.\n6. Click **Manage Security Settings**. The CCAI console opens in a new tab.\n7. Click **Create Security Settings** in the CCAI console.\n8. Enter security settings configuration.\n9. Click **Create**.\n\n### API\n\nSee the `create` method for the `SecuritySettings` type.\n\n\nGo to the SecuritySettings API reference \n**Select a protocol and version for the SecuritySettings reference:**\n\nClose\n\n\u003cbr /\u003e\n\nSpecify a security setting in agent\n-----------------------------------\n\nTo specify a security setting in agent: \n\n### Console\n\n1. Open the [Dialogflow CX console](https://dialogflow.cloud.google.com/cx/projects).\n2. Choose your Google Cloud project.\n3. Select your agent.\n4. Click **Agent Settings**.\n5. Click the **Security** tab.\n6. Select the settings in **Security settings** drop down menu.\n7. Click **Save**.\n\n### API\n\nSee the `patch/update` methods for the `Agent` type.\n\n\nGo to the Agent API reference \n**Select a protocol and version for the Agent reference:**\n\nClose\n\n\u003cbr /\u003e\n\n| **Note:** If the DLP inspect template is not defined, a default template is used. The default template only has some of the [infoType detectors](/sensitive-data-protection/docs/concepts-infotypes) enabled and may be unreliable for identifying and removing the types as per the end-users requirement. Hence, it is recommended to always [create](https://console.cloud.google.com/security/dlp/create/template) a DLP template whenever possible.\n| **Note:** It may take hours for updates on these settings to propagate to all the related components and take effect."]]
