# Embulk Encoder Encryption PGP

This integration is currently in Beta, and TD is actively gathering feedback to improve its functionality and stability.

## Overview

PGP encryption ensures secure data transfer by encrypting files containing PII (Personally Identifiable Information) or other confidential data. Customers use external systems like LiveRamp to handle sensitive information securely. Our solution will allow seamless integration with such services by supporting encryption requirements. We will introduce an encryption option for Liveramp, but for other services, we will try to implement an encryption option to a generic SFTP v2 and more connectors.

Ad tech companies often offer an SFTP, FTP server to import Audience and conversion data in addition to their native API. Supporting SFTP, FTP, ... with encryption will help achieve integration with third-party ad tech companies without developing new dedicated connectors.

![How to encrypt and decrypt files using GPG - SAP C... - SAP Community](https://community.sap.com/legacyfs/online/storage/blog_attachments/2022/04/GoAnywhereMFT_OpenPGP-Diagram-1.png)

Key capabilities:

The **Encryption PGP Encoder** plugin provides functionality to securely encode output data using Pretty Good Privacy (PGP). This encoder can **apply****compression, including gzip, bzip2, to the data before** **encryption**, ensuring both data security and reduced data size.

The plugin allows users to encrypt data using a specified PGP public key. Data is first compressed with gzip, bzip2 and then encrypted, offering both confidentiality and efficiency.

## Prerequisites

- Basic knowledge of Treasure Data, including the TD Toolbelt.
- Basic knowledge of Encryption & Decryption


## Configure a Query Result for Export

The TD Console supports multiple ways to export data. To do so, follow these steps to export data from the Data Workbench.

1. Navigate to **Data Workbench** > **Queries**.
2. Select **New Query** and define your query.
3. Select **Export Results** to configure the data exporting. Please remember to use the connector support the encryption such as SFTP_V2.
4. Select an existing authentication or create a new one described previously
5. Select **Done.**


### Connector Configuration Parameters

| Field | Description |
|  --- | --- |
| type | The type of encoder should be `encrypt\_pgp`. |
| public_key | The PGP public key used for encryption (string, required). |
| key_identifier | The identifier for the PGP key (string, required) in the Hexa format. Specifies the Key ID of the encryption subkey used to secure the file. The master key is excluded from the encryption process |
| armor | Use ASCII armor for the encrypted output (boolean, optional). |
| encryption_algorithm | The encryption algorithm to use (string, required, default `AES\_256`) |
| compression_type | Whether to compress the data using gzip before encryption (boolean, optional). |


## (Optional) Export Integration Using the CLI, Example With SFTP V2

You can also use CLI (Toolbelt) to use the encoder encryption.

You need to specify the information for export to your LinkedIn server using the `*--result` option of*the *`td query`* command. For more information about the *`td query`*command, refer to [this article](https://docs.treasuredata.com/display/PD/TD+Toolbelt+Job+and+Query+Command+Reference).

The format of the option is JSON, and the general structure is as follows.


```
out:  type: file  path_prefix: data_bzip2  file_ext: .csv.bz2.gpg  sequence_format: ""  formatter:    type: csv    delimiter: ','    quote: '"'    quote_policy: MINIMAL    header_line: true  encoders:    - type: encrypt_pgp      public_key: |        -----BEGIN PGP PUBLIC KEY BLOCK-----        your public key content        -----END PGP PUBLIC KEY BLOCK-----      key_identifier: 6B057AFA80C04166      armor: true      encryption_algorithm: AES_256    - type: bzip2      level: 6
```

### Example for Usage With SFTP V2


```bash
td query -d luan_db -w "select * from luan_db.sfcc_500k" -T presto --result '{  "type": "sftp_v2",  "host": "ap-southeast-1.sftpcloud.io",  "auth_method": "password",  "username": "username",  "password": "password",  "path_prefix": "cli/test_27_3_500K.csv.gz.gpg",  "file_ext": ".gpg",  "rename_file_after_upload": false,  "formatter": {    "type": "csv",    "quote_policy": "MINIMAL",    "delimiter": ",",    "null_string": "null",    "newline": ""  },  "compression": "encrypt_pgp",  "public_key": "-----BEGIN PGP PUBLIC KEY BLOCK-----  your public key content-----END PGP PUBLIC KEY BLOCK-----",  "key_identifier": "6B057AFA80C04166",  "armor": true,  "compression_type": "gzip"}'
```

## Related articles

- SFTP V2: [https://docs.treasuredata.com/articles/#!project-integrations/~sftp_v2-server-export-integration](/int/sftp_v2-server-export-integration)