I'm attempting to setup a file transfer activity from the Marketing Cloud Safehouse to our FTP Export Folder, encrypted. However, to do this, I have to enable a 'Customer Public Key'. On the activity it shows 'No Items' in the drop down. Is this something I need to setup or have Salesforce enable?
[SalesForce] PGP Encryption Marketing Cloud File Transfer
Related Solutions
I'm not sure which PGP public key you are using. You can use a public key to encrypt a PGP file, but you can't use a public key alone to decrypt a PGP file as this will require the corresponding private key (unless you are using the ExactTarget public key).
I believe it is possible to use your own PGP public/private key combination with Safehouse, but you will need to open a support case to have this configured. I've never done this though. My advice would be to encrypt the PGP file using the ExactTarget PGP public key (if you are not doing so already) which you can download here.
Here are the two steps that should appear in your Automation.
1. File Transfer Activity
- Set Transfer Type as 'Download'
- Set the File location to where the file is transferred to
- Set File naming pattern to
%%FILENAME_FROM_TRIGGER%%
- Enable 'File is encrypted' in Transfer Settings
- Configure other settings as you normally would
2. Import Activity
- Set file location to 'Safehouse'
- Set filenaming pattern to
%%BASEFILENAME_FROM_TRIGGER%%.csv
(change 'csv' to match the file extension of the decrypted file) - Configure other settings as you normally would
Safehouse
The Safehouse file location is not created by default. If you do not have this in Email app > Admin > Data Management > File Locations, create one named 'Safehouse' and set the Location Type to 'Safehouse'.
Note that I've configured a couple of different accounts recently where importing decrypted PGP files fail. If the automation fails on the import activity as it can't find the decrypted file in Safehouse, then you will need to open a support case to have this configured.
No. It is still possible to encrypt data coming from SFMC data extensions even if decrypted on import.
The process from import to export is:
Import:
- File is dropped with PGP encryption to FTP
- File transfer to decrypt and send to safehouse
- import activity aiming at file in safehouse
This will decrypt your data and store it unencrypted in SFMC. From there, you have 2 choices on encrypting and exporting your information.
Export manually:
- Go to the 'records' section of your desired Data Extension
- Select 'Export' option
- Check the 'encrypt file' option under 'Export Options'
This is a simple usage and is great for 'one off' needs, but is not available for automation.
Export via Data Extract Activity and File Transfer:
- Create a data extract activity aimed at your DE. (this will create an unencrypted file that lives in your safehouse)
- Create a File Transfer activity that utilizes the 'Move file from safehouse' option
- write in the file naming that you had from data extract and then select 'Encrypt file'
- Here you will be able to select PGP or GPG encrypt
This will then let you take the file, encrypt it in PGP or GPG and then place it on your FTP. Using Data Extract and File Transfer allows you to place these in an automation for scheduled or trigger based usage.
If you really want to, you can also remove the UI completely and create the Data Extract, File Transfer and automation via the API.
Best Answer
You need to upload your PGP key under Key Management in Setup.
Select Asymmetric, fill out Name and External Key fields, and upload the file containing your public PGP key: Find more information on how to do this, on these pages.
Once created, the key will appear in the drop down of your file transfer activity