Activating the Schrift Encryption service
1. Order an encryption service
The Schrift Encryption service is available on a paid tariff and can be connected as an additional service. To do this, go to the Security tab in the Settings section of your Company Account.
After proceeding to the order confirmation form, enter the relevant data and confirm the purchase of the service.
After purchasing the service, the Company Account Security tab will show information that the service is connected and that you need to configure the API access key and further configure the encryption agent.
2. Install the encryption agent
2.1 Install the Docker application on your server or desktop computer.
If you plan to use a third-party service to install the encryption agent, this article describes an example of an order and the configuration process.
The encryption agent performs operations related to job encryption keys, document and file processing. Operations are performed as needed during the work of your company's employees or according to a schedule. It is advisable that the agent is always enabled and has a stable connection to the server.
2.2 Create a folder to store the agent files, for example Agent, and save the agent startup file and the configuration file in this folder:
Change the values in the settings.env file (you can open the file for editing with any text editor):
Companydomain for the domain name and CompanyId for your company ID (specified in the Company Information tab of the Company Account in the Settings section);
C:\Users\User\Downloads\Agent to the actual address of the folder where these agent files are located.
2.3 After installation, run the following command, replacing the red text in it:
docker compose -p encryptionagent-CompanyId -f Agent/docker-compose.yml --env-file Agent/settings.env up -d --force-recreate
As an example, the state of the command line prepared for execution:
docker compose -p encryptionagent-11896 -f Downloads/SchriftAgentFolder/docker-compose.yml --env-file Downloads/SchriftAgentFolder/settings.env up -d --force-recreate
After the command line is successfully executed, the container will be created and launched.
If you use the service from Microsoft Azure Container App or Amazon Elastic Container Service, address to receive the container image: ostrean/encryptionagent:latest
3. Create an API access key for the agent
Next, create the agent's API access key and copy it. The API key value is displayed only once, so copy it so that you can use it when authorising the encryption agent later. You can delete and recreate the agent API key if necessary.
You can deactivate the agent, i.e. disconnect it from company data, at any time by deleting the API key in the agent settings in the Security tab of the Company Account section. There, you can also create a new API key and restore the agent to the same or another device.
4. Configure the encryption keys
Go to the agent web interface using the link from the container
Fill in the agent's API access key, agent's private key, and company key. The company key and agent key can be generated in the agent application or the company administrator can generate them in any application convenient for this purpose and enter their values in the appropriate fields.
After successful data entry, the agent will display the working status in the web interface:
If the company's data is already encrypted, the agent will not be able to connect to the Font server unless its data contains up-to-date agent keys and an API access key. If the company's data is not yet encrypted, then the generation of agent keys will be available and only the API access key will be enough to connect.
We recommend that the administrator or owner of the company save the folder with the encryption agent files in a safe place. Since this folder contains the agent keys and the API access key, it will be possible to restore the encryption agent to any other device without any problems.
The active status of the agent will be displayed in the Company Account Security tab:
5. Start data encryption
Activate data encryption
Clicking the “Start encryption” button will start the process of encrypting company data.
The agent will create the necessary encryption keys and encrypt all company data. The process can take from several seconds to several hours, depending on the amount of data in the company. While the agent is performing the initial encryption of company data, user access to company data will be suspended.
After the initial encryption is completed, the encryption agent will work in the background during normal operation in relation to user actions.
6. Check the status of the encryption agent
After the agent has completed the work of transferring the company to the state with encrypted data, the agent's status can be monitored through the agent's web interface and through the Company Account Security tab.
6.1 Active state of the agent
6.2 Agent is not available
If an agent is unavailable due to a communication failure or other reasons, its status will be displayed as follows.
The user interface displays information that the encryption agent is unavailable.
In the state when the agent is unavailable, company users have no restrictions on the actions they can perform in the system. Some system functions will be partially performed, for example, when adding files, pdf previews of files and file thumbnails will not be generated, etc. Assigning employees to positions and creating positions will be possible only when the agent resumes work. After the connection with the agent is restored, all tasks that are waiting for the agent will be completed by it.
If you need help, contact our technical support via chat in the Schrift system.