I was experimenting with Google provided the article to re-identify Credit Card Number using Deterministic encryption using AES-SIV
Accordingly, I have created a google DLP template to de-identify data and in the test option of the template it is working if we provide a 3 line csv with correct header names [I am using record type template]
As per the following link and video provided, the same template can be used to re-identify the data back to the original
"Cloud DLP can perform both de-identification and re-identification on an entire column using a RecordTransformation without a surrogate annotation."
https://cloud.google.com/dlp/docs/pseudonymization#cryptographic-hashing
But when we tried the same, it is re-encoding it again to a newly encoded value as per below.
DLP Template Re-identify Not working
Please let me know what I am doing wrong and how I can re-identify PII using Deterministic encryption using AES-SIV successfully
Note: This was the same behavior I got when I continued through the article ahead and did not work as expected in the blog to re-identify the data
https://cloud.google.com/solutions/validating-de-identified-data-bigquery-re-identifying-pii-data