Encrypt the CSV file for the HRIS connector

  • Updated

Who can use this feature?

With the HRIS connector, you can upload a CSV file with your HRIS user fields to a dedicated FTP server to synchronize users from your HRIS to 360Learning.

By default, the HRIS connector synchronizes the data from the CSV file in plain text. To add a security layer to the synchronization and ensure data confidentiality during transmission, you can activate the encryption feature.

Encryption is the process of converting plain text into ciphertext. The ciphertext is unreadable to anyone without the decryption key. Once you encrypt your CSV file with the encryption key we provide, the data in the encrypted file can only be read by our HRIS connector with the decryption key.

Upon activation of the encryption feature, the HRIS connector will only synchronize data from encrypted files. It won't synchronize non-encrypted files.

This article presents the encryption process of your CSV file for the HRIS connector. See Synchronize users from your HRIS to:

  • Set up the HRIS connector.
  • Activate the encryption feature during the connector setup.
  • Create your CSV file.
  • Upload your CSV file to the FTP server.

About the encryption process

The CSV file for the HRIS connector can be encrypted with PGP (Pretty Good Privacy) or GnuPG/GPG (GNU Privacy Guard). The encryption algorithm uses 2 asymmetric keys that we generate:

  • The public key encrypts the file. We share the public key with you.
  • The private key decrypts the encrypted file. We store the private key encrypted in a secure vault. We never share the private key.

The following diagram shows an overview of the asymmetric encryption process for the HRIS connector:

Asymmetric encryption.svg

  1. You encrypt the CSV file in the armored format with the public key we provide.
  2. You upload the encrypted file to the FTP server.
  3. We decrypt the file with the private key and synchronize the data with your 360Learning platform.
    • If the synchronization is successful, the file is deleted.
    • If the synchronization is unsuccessful, the file is stored encrypted for up to 30 days.

Once you encrypt the file with the public key, you can't decrypt the file. The data can only be decrypted with the private key, which we store encrypted in a secure vault and never share.

Encrypt your CSV file

By default, the encryption feature is not activated. You can activate it during the HRIS connector setup, or when the connector is already up and running. Contact your Solution Architect (SA) for more information.

You can encrypt your file in the armored format using the command line interface or a graphical user interface that supports PGP or GnuPG. You can also integrate the PGP or GPG command into scripts to automate file encryption.

To encrypt your file with the command line interface:

  1. Download the public key provided by your SA from 1Password. Make sure you download the public key for the right environment:
    • If you are testing the HRIS connector in the test instance, download HRIS FTP encryption key.
    • If you are in the production environment, download [Prod] HRIS FTP encryption key.
  2. Download a PGP or GPG CLI tooling app to encrypt your file. For example:
  3. Open a command prompt.
  4. From the command prompt, enter:
    gpg --encrypt --recipient-file publicKey.asc --output users_list.csv.gpg 
    --armor users_list.csv

    Make sure you replace the following:

Once your file is encrypted, you can upload it to the FTP server. For more information, see Synchronize users from your HRIS.

Synchronization errors for encrypted files

If the synchronization for an encrypted file fails, you will receive an email notification with the following error message: Error while decrypting file {filename}: A valid encrypted file is expected.

Check the following:

  • The file uploaded is encrypted.
  • The file is encrypted with the correct public key for the right environment. Your Solution Architect (SA) provides you with a public key for each instance on 1Password:
    • For the testing instance: HRIS FTP encryption key
    • For the production instance: [Prod] HRIS FTP encryption key
  • The encrypted file is armored. To view if the file is armored, you can open it and check that it begins with -----BEGIN PGP MESSAGE-----.
  • The encrypted file name corresponds to the naming convention defined during the connector setup. For example, if the expected file name is hris-360learning.tsv, the connector will process the files with the following file names:
    • hris-360learning.tsv
    • hris-360learning.tsv.pgp
    • hris-360learning.tsv.gpg
Check out our blog for more L&D resources.

Was this article helpful?

3 out of 3 found this helpful

Have more questions? Submit a request