Using triggers to automatically encrypt file uploads


One of the features of an MFT that you might look for is the ability to encrypt files in transit and at rest (ref: gartner).

This article will demonstrate one way of doing this for newly uploaded files using PGP to do the encryption.

In this example, we already have an external FTP server mounted in a virtual file system on the MFT server.


You must have the PGP Encryption extension installed. Navigate to Extensions->Extensions and click on the Available tab. Click the download icon next to the PGP Encryption module. Restart the service when prompted.


You also need to have PGP software installed so that you can generate your private and public keys. For Windows, you might want to use Gpg4win.

Follow this guide for installing the software, generating a key pair and downloading your public key with Kleopatra.


Creating a Trigger

Log on to your MFT server as admin, then navigate to Triggers and Click Create.

Give the trigger a name, such as Encrypt files. Set Event to File Upload Started, then set Triggers Task to PGP Encrypt Transformation.

For this example we are only going to encrypt files in one of the folders in the Virtual File System, so click the plus icon next to Meets ALL the following conditions.

In the first drop down, select Virtual Path, in the second drop down, select Starts With.
In the last text field type in /ftp (as that is the location where our FTP server is mounted in this example).

Now click the File tab. Next to Output File click the ${} button and select ${attr.fileName}, then add .pgp so that it reads ${attr.fileName}.pgp.

Keep Armor and Integrity Check set to On.



Click the Key tab. In the Public Key section, paste in your PGP Public Key, then click Create to finish creating the trigger.



Let's do a quick test to make sure the trigger is running.

As a user, we connect to the web UI and access My Resources->My Files. We then click on the ftp directory to see a list of files.


Now, we'll drag over a file (in this case a simple text file containing dummy text) into the upload box in the page. Here are the contents of that file before uploading:


After uploading, we can see the the file appears and has had the pgp suffix added.


So let's download that file now and edit it to make sure it was encrypted. Here's the resulting file.


As you can see, this succeeded. You can continue to extend on this functionality by creating another trigger to automatically decrypt the same files triggered by File Download Started to allow your users to get the files back in a readable format. With triggers like this in place, you can be confident in the knowledge that the files your users will remain in an encrypted state when they are at rest.


Have more questions? Submit a request