This article outlines the process to enable PGP (Pretty Good Privacy) encryption for automated data exchanges.
Background
For data transfer jobs between the platform and a 3rd party system(HRIS/LMS), SFTP is employed, encrypting data in transit. Customer data is securely housed on the platform on encrypted volumes. For customers seeking an additional layer of encryption on their data at rest, they can configure their system to enable PGP encryption and, through sharing of keys via a shared SFTP server, enable the system to input and output files with such. There are (2) sets of keys that must be generated, one by Udemy and one set by the customer, each set having both a public and private encryption key. The Udemy public key is used by the customer for encrypted files to be input into the platform. The customer public key is used by Udemy to encrypt files to be output by the platform. Enabling this feature significantly protects your personally identifiable information (PII).
PGP enablement instructions
- Contact your Customer Success or Sales point of contact with your request to enable PGP encryption on file existing transfers between you and the platform. If interested in setting up an SFTP automated data exchange, view our article about configuring automated data exchanges for more information.
- Directions for customer IT
- Generate a PGP key pair in ASCII armored format.
- Securely house the private key in a directory of your choosing.
- Upload the public key to the SFTP server insuring the following path:
- /<tenant>/keys/<tenant>_public_key.asc
- Note, key must have .asc extension.
- Once keys are generated and securely and accurately uploaded, alert your Customer Success/Sales point of contact.
- Note: This is critical. Udemy cannot move forward without knowledge of the public key being in place.
- You should expect an update from Customer Success/Sales point of contact, confirming setup or requiring further information.
- Once set up, upload the encrypted .csv file(s) in ASCII armored format moving forward. Unencrypted .csv files will no longer work.
- You must retrieve the latest Udemy public key for encryption of any files to be used for the Udemy batch load process as the key will be rotated on a scheduled basis. The key can be found on the SFTP <tenant>/keys/cohort_public_key.asc.
FAQ
Q: How long will it take for the customer to be set up?
A: Expect Udemy to complete in 1-2 weeks, given customer instructions are timely and accurately followed.
Q: How often are the keys rotated?
A: We will rotate keys, at a minimum, of every (6) months.
Q: What maintenance is needed by the customer?
A: Officially, none. However, if and/or when a customer creates a new key pair, the new public key would need to replace the existing in SFTP directory. Additionally, ensuring that the automated retrieval of the latest Udemy public key in order to encrypt and send files is imperative for a seamless exchange and to eliminate maintenance.
Q: Is there a staging environment for testing this configuration and exchange?
A: No
Q: Is the private key securely held by Udemy?
A: Yes, it is password protected, in a secure location, and has a set expiration.
Q: Can I cache the public key for repeated use?
A: No, Udemy will perpetually refresh the public key. Customers are advised to always use the latest key available on the SFTP server.