Managing encrypted data managing-encrypted-data

About pre-processing stages about-preprocessing-stages

In some cases, the data that you want to import Campaign Servers may need to be encrypted, for example if it contains PII data.

To be able to encrypt outgoing data or decrypt incoming data, you need to manage GPG keys using the Control Panel.

NOTE
Control Panel is available to all customers hosted on AWS (excepted for customers who host their marketing instances on premise).

If you are not eligible to use Control Panel, you need to contact Adobe Customer Care so that they provide your instance with the needed encryption/decryption commands. To do this, submit a request indicating:

  • The label that will display in Campaign interface to use the command. For example “Encrypt file”.
  • The command to install on your instance.

Once the request is processed, the encryption / decryption commands will be available in the Pre-processing stage field from the Load file and Extract file activities. You can use them to decrypt or encrypt the files that you want to import or export.

Related topics:

Use case: Importing data encrypted using a key generated by Control Panel use-case-gpg-decrypt

In this use case, build a workflow in order to import data that has been encrypted in an external system, using a key generated in the Control Panel.

Discover this feature in video

The steps to perform this use case are as follows:

  1. Use the Control Panel to generate a key pair (public/private). Detailed steps are available in Control Panel documentation.

    • The public key will be shared with the external system, which will use it to encrypt the data to send to Campaign.
    • The private key will be used by Campaign to decrypt the incoming encrypted data.

  2. In the external system, use the public key downloaded from the Control Panel to encrypt the data to import into Campaign Standard.

  3. In Campaign Standard, build a workflow to import the encrypted data and decrypt it using the private key that has been installed via the Control Panel. To do this, build a workflow as follows:

    • Transfer file activity: Transfers the file from an external source to Campaign. In this example, we want to transfer the file from an SFTP server.
    • Load file activity: Loads the data from the file into the database and decrypt it using the private key generated in the Control Panel.
  4. Open the Transfer file activity then configure it according to your needs. Global concepts on how to configure the activity are available in this section.

    In the Protocol tab, specify details about the sftp server and the encrypted .gpg file that you want to transfer.

  5. Open the Load file activity, then configure it according to your needs. Global concepts on how to configure the activity are available in this section.

    Add a pre-processing stage to the activity, in order to decrypt the incoming data. To do this, select the Decryption GPG option from the list.

    note note
    NOTE
    Note that you do not need to specify the private key to use to decrypt the data. The private key is stored in Control Panel, which will automatically detect the key to use to decrypt the file.

  6. Click OK to confirm the activity configuration.

  7. You can now run the workflow.

Use case: Encrypting and exporting data using a key installed on Control Panel use-case-gpg-encrypt

In this use case, build a workflow in order to encrypt and export data using a key installed on Control Panel.

Discover this feature in video

The steps to perform this use case are as follows:

  1. Generate a GPG key pair (public/private) using a GPG utility, then install the public key onto Control Panel. Detailed steps are available in Control Panel documentation.

  2. In Campaign Standard, build a workflow to export the data and encrypt it using the private key that has been installed via the Control Panel. To do this, build a workflow as follows:

    • Query activity: In this example, we want to execute a query to target the data from the database that we want to export.
    • Extract file activity: Encrypts and extracts the data into a file.
    • Transfer file activity: Transfers the file containing the encrypted data to an SFTP server.
  3. Configure the Query activity to target the desired data from the database. For more on this, refer to this section.

  4. Open the Extract file activity then configure it according to your needs (output file, columns, format, etc). Global concepts on how to configure the activity are available in this section.

    Add a pre-processing stage to the activity, in order to encrypt the data to extract. To do this, select the encryption GPG key to use to encrypt the data.

    note note
    NOTE
    The value in parentheses is the comment that you defined when generating the key pair using your GPG encryption tool. Make sure you select the correct matching key, otherwise the recipient will not be able to decrypt the file.
  5. Open the Transfer file activity, then specify the SFTP server to which you want to send the file. Global concepts on how to configure the activity are available in this section.

  6. You can now run the workflow. Once it is executed, data target by the query will be exported to the SFTP server into an encrypted .gpg file.

Tutorial videos video

This video shows how to use a GPG key to decrypt data.

This video shows how to use a GPG key to encrypt data.

Additional Campaign Standard how-to videos are available here.

recommendation-more-help
3ef63344-7f3d-48f9-85ed-02bf569c4fff