You have identified that sensitive personally identifiable information (PII) is being ingested into your Google Cloud environment during a daily ETL process from an on-premises environment to BigQuery datasets. You need to redact this data to obfuscate the PII but retain the ability to re-identify it for data analytics purposes. Which two components should you use in your solution?