Submit a bulk redaction
1 2mutation bulk_redact($workspaceAri: ID!, $redactions: [ShepherdBulkRedactionItemInput!]!) { shepherd { redaction { bulkRedact(input: { workspaceId: $workspaceAri, redactions: $redactions }) { success jobId redactionIds errors { message } } } } }
Where ShepherdBulkRedactionItemInput is
1 2input ShepherdBulkRedactionItemInput { id: ID resourceAri: ID! @ARI(owner: "any", type: "any") fieldId: String! detection: String! start: ShepherdContentLocationInput! end: ShepherdContentLocationInput! timestamp: DateTime contentHash: String } input ShepherdContentLocationInput { index: Int! pointer: String! }
These are the inputs that can be used in the mutation.
| Input | Description |
|---|---|
id | Required The ID of the redaction item. Must be a UUID. Necessary to correlate errors with individual redactions. |
resourceAri | Required The ARI of the resource (such as the Jira work item, Confluence page, etc.) that contains the content to be redacted. |
fieldId | Required The location (for example |
detection | The detection type that triggered the redaction. |
start | Required The start location of the content to be redacted. See Location input for more detail. |
end | Required The end location of the content to be redacted. See Location input for more detail. |
timestamp | The latest timestamp for the page or blog that contains the sensitive data. Necessary only for Confluence redactions. |
contentHash | Required The SHA-256 hash of the content to be redacted. Necessary only for Jira redactions. |
Sensitive content is delimited by a start and end. These are ShepherdContentLocationInput objects that have the following fields.
| Input | Description |
|---|---|
pointer | Required For ADF content, this is the JSON pointer to node containing the sensitive information. For plain text, content use |
index | Required The index of the content to be redacted. |
You can include the following fields in your query for them to be returned in the response.
| Field | Description |
|---|---|
success | Boolean indicating whether or not the bulk redaction job was successfully created. |
jobId | Job ID to be used in when checking status of job. |
redactionIds | IDs of the redaction items. |
errors | Any errors that occurred during job creation. If there are any submitted redactions that are invalid they will be included here. |
If you’re submitting a GraphQL query via the GraphQL API explorer your variables will look something like this.
1 2{ "workspaceAri": "ari:cloud:beacon:ce79bf6e-4550-4d02-905a-8f6d989be7ce:workspace/ad124ef0-a8d4-4350-9cb1-a70a9ede28ec", "redactions": [{ "id": "66dd89e7-85d5-4be0-8d23-ffcf8c0c07ed", "resourceAri": "ari:cloud:jira:ce79bf6e-4550-4d02-905a-8f6d989be7ce:issue/activation/ad124ef0-a8d4-4350-9cb1-a70a9ede28ec/10025", "fieldId": "description", "detection": "CREDIT_CARD", "start":{"index":0, "pointer":"/content/0/content/0/text"}, "end":{"index":19, "pointer":"/content/0/content/0/text"}, "contentHash": "s/hGspPOwIHwdAvarsvqOHdUlDueL/bYO4tFnRu7Q6w=", "timestamp": "2025-01-27T18:37:01.679Z" }] }
The size of a GraphQL payload submitted to Atlassian is limited to 500KB. Make sure that the number of redactions you’re submitting doesn’t cause the body to exceed that limit.
The following query can be used to check the status of a bulk redaction job.
1 2query bulk_redact_status($workspaceAri: ID!, $jobId: ID!) { shepherd { redaction { checkBulkRedactionStatus(workspaceId: $workspaceAri, jobId: $jobId) { jobStatus totalRedactions completedRedactions redactionErrors { id status errors } } } } }
| Input | Description |
|---|---|
workspaceId | Required The ID of your workspace. See Build your ARI. |
jobId | Required The ID of the job. |
You can include the following fields in your query for them to be returned in the response.
| Field | Description |
|---|---|
jobStatus | Status of the redaction job. Will be one of
|
totalRedactions | Total number of redactions in the job. |
completedRedactions | Number of completed redactions in the job. |
redactionErrors | Any errors that have occurred during the redaction job. |
id | ID of the redaction item. |
status | Status of the redaction for this item. Will be one of
|
errors | Any errors that occurred during the redaction of this item. |
If you’re submitting a GraphQL query via the GraphQL API explorer your variables will look something like this.
1 2{ "workspaceAri": "ari:cloud:beacon:ce79bf6e-4550-4d02-905a-8f6d989be7ce:workspace/ad124ef0-a8d4-4350-9cb1-a70a9ede28ec", "jobId": "4cd7f84a-702c-45c2-9f59-196f0fba3165" }
Your CSV file contains a field called Sensitive data field. For Jira, you can use these values in your script. For Confluence detections, make sure you convert the field to the following values for use in your GraphQL operation:
confluence_page_body → bodyconfluence_page_title → titleconfluence_comment → bodyconfluence_blog_body → bodyconfluence_blog_title → titleIf there are multiple redactions that need to be be made to a single Jira work item, Confluence page, or Confluence blog post those redactions should be submitted in the same job. Redactions can move content in a way that could cause subsequent redactions to fail. Since the contents of the CSV are sorted by detection type it’s possible that it will need to be reordered.
GraphQL payloads are limited to 500 KB. This means a job submission can contain approximately 1000 records. Another job cannot be submitted until the previous job has completed.
Redactions can only be performed within a single ADF node. If sensitive content is detected that spans multiple nodes, it cannot be redacted and will be rejected.
Rate this page: