This project sets up a Cloud Run service to log and analyze LLM prompts using Google Cloud DLP to redact sensitive data such as SSNs and credit card numbers. The redacted images and logs reside in a Cloud Storage bucket. It uses Cloud KMS for key management and Cloud Storage for storing data.
- Google Cloud Project: You'll need a Google Cloud Project with billing enabled. Have your Project ID ready for configuration, and determine which location you want to use for your bucket.
- Google Cloud APIs: Ensure the following APIs are enabled. The deployment script will not work without them. (Click the Enable button on each console page):
-
Clone the Repository:
- Open the Google Cloud Console.
- Navigate to Cloud Shell. This provides a command-line interface directly within your browser that has authenticated access to your project and all the tools you need to run this project.
- Clone this repository and navigate to the directory:
git clone https://github.com/GCP-Architecture-Guides/gcp-llm-logging.git cd gcp-llm-logging
-
Run the Setup Scripts
- From inside
/gcp-llm-logging
:
chmod +x setup.sh ./setup.sh
- From inside
-
Authorize:
Within Cloud Shell, you will get an authorization prompt. Click Authorize.
-
Provision and Deploy:
- After configuration and authorization, the script will:
- Create necessary storage buckets.
- Generate a Cloud KMS keyring and keyset.
- Store inputs and an encrypted key in the buckets.
- Apply a DLP inspect template.
- Deploy the Cloud Run service.
- After configuration and authorization, the script will:
-
Testing:
- Use the
curl
command provided at the end of the script's output to test the Cloud Run endpoint. You'll need to be authenticated withgcloud auth login
beforehand.
- Use the
-
Viewing Logs:
- The script will also provide a link to Cloud Logging where you can view and analyze the logs generated by the LLM service. Alternatively, you can visit Cloud Logging at any time and enter the following query:
logName="projects/<your-project-id>/logs/llm-prompt"