How to automate the use of PGP encryption ?

Question

Hi Team,

Please could you guide in detail how to automate the PGP encryption of files in windows.

We have a requirement where individual users need to place sensitive files in on-prem shared folder location and Azure pipeline will need to pick these files from the location.

It is not possible for end users to encrypt the files before placing them so we need an automated way to encrypt the files and decrypt them in azure.

https://learn.microsoft.com/en-us/system-center/orchestrator/standard-activities/pgp-encrypt-file?view=sc-orch-2022

we need to have an automated process to encrypt the files as soon as user place the files in the on-prem shared location and deccrypt them in azure.

Regards,

Sourav

Answer 1

Based on the link you provided, you can proceed with the automation using the Monitoring and Encryption Process.

But before, you neef to configure PGP Encrypt File Activity in Orchestrator with :

• the path to the sensitive files
• the output folder where the encrypted files will be stored temporarily before you move them to Azure

If I go back now to the automation, you need to use the Orchestrator as I mentioned to monitor the designated folder for new files continuously.

The logic is the following : once a new file is detected, the PGP Encrypt File activity should automatically execute, encrypting the file using the provided public key.

Then you need to configure Azure Data Factory to pick up the encrypted files from the designated output folder and transport them into Azure Blob Storage or another secure location in Azure.

In Azure, you may create an Azure Function or use Azure VMs to automate the decryption process.

You can use the private PGP key and necessary decryption credentials to decrypt the files securely within the Azure environment.

And finally you can configure an Azure Pipeline to pick up the decrypted files for further processing bu setting up triggers to execute subsequent steps in the pipeline automatically once the decryption is successful.

Answer 2

Hi Sourav ,

Welcome to Microsoft Q&A platform and thanks for posting your question here.

As per my understanding, you want to automate the PGP encryption process for your files stored in On-prem.

Currently there is no direct functionality in Azure for PGP encryption/Decryption of files. But you can follow any of the below approaches.

1. Using Azure Data Factory: You can write command shells as described in this article and execute them in Databrics notebook activity in ADF. For more detailed information please refer to this article by a community volunteer: PGP File Decrypt Using Azure Data Factory

Below is the sample command for decryption:

gpg --no-tty --batch --import /dbfs/mnt/datalake/configuration/config_decrypt/privatekey.asc  
mkdir -p /dbfs/mnt/datalake/<Output directory>  
gpg --no-tty --batch --yes --ignore-mdc-error --pinentry-mode=loopback --passphrase-fd 1 --passphrase-file /dbfs/mnt/datalake/configuration/config_decrypt/Passphrase.txt --output /dbfs/mnt/datalake/<Output directory>/${output_decrypted_filename} --decrypt /dbfs/mnt/datalake/<Input Directory>/${input_encrypted_filename}  

2. Using Logic Apps/ADF: You can write your own code for encryption/decryption, and execute it in Azure function within ADF using Azure function activity or call that code in Azure functions within Logic apps, or as described in the conversation: What is best way to do PGP file encryption/decryption in logic apps

Hope it helps. Kindly accept the answer by clicking on Accept answer button. Thankyou

Answer 3

I am not clear with the above responses. I am talking about automate encryption on-prem when a file arrives and not encryption on azure or using logic app etc. I want to know specifically on how to automate the encryption process on-prem when a file arrives. I am aware of ADF pipeline copy activity and can decrypt the file in azure as well.What would be the steps to automate pgp encryption on-prem when a file arrives so that ADF can pick these encrypted files