Guidewire Cloud file transfer decryption

Question

We are preparing to receive PGP encrypted files and need to have them decypted after they arrive in the prescribed S3 bucket. I have been unable to determine if this is something the Cloud infrastructure supports or not. There are too many conflicting Security Standards and documents out there that either show how to go about doing this, or say in no uncertain terms, it is prohibited in GW Cloud (e.g. iEncryption)

I'd very much like to know if this is something we can build an implement? I was in the process of using PBEEncryptionPlugin as a framework, but things have ground to a halt, as no one is quite sure if this is allowed or not.

Or if there is another way we can go about decrypting and ingesting this file once it arrives in the S3 bucket. We are unable to perform the encryption/decryption as part of the file transfer process due to business constraints. However, if we can use PBEEncryptionPlugin as part of building an SFTP process that is Cloud-approved, then I am very, very happy to continue working on my plugin build.

Any help or clarification is greatly appreciated.

Answer 1

Cloud standards are subject to change, so the following answer regards the cloud standards existing when this answer was written.

The best way to solve this problem would be an Integration Gateway app. While Guidewire doesn't allow for the decryption to happen in InsuranceSuite directly, Guidewire does allow for an IG app to read from an S3 bucket, decrypt, and then send to XCenter via rest api, or perhaps push to another S3 bucket unencrypted for XCenter to pick up.

If you are trying to do an SFTP integration, IG is again the best way to implement this. While you cannot create a custom integration within XCenter to send or receive files from an SFTP server, you can build an IG app which is called via REST from Xcenter and then interacts with an SFTP server.

You are correct that you should cease using the PBEEncryptionPlugin, as you've stated. Guidewire no longer allows encryption or decryption compute to be done directly in InsuranceSuite.

Keep in mind it's always advisable to check the current cloud standards which can be found in your docs link in a section entitled "Welcome To Guidewire Cloud Standards".