Sitecore 9.3 Forms process sensitive files

Created: 6 Dec 2019, last update: 30 Jan 2022

Sitecore 9.3 Forms process sensitive files

One of the new things in Sitecore 9.3 is the Out of the box File upload Form element. Also, deleting form data is now possible with a date range within the Form apps, this includes the uploaded files. Uploaded files are stored unencrypted in the ExperienceForms database, see this SQL script

Also Sitecore Forms automatically stores uploaded files when a visitor navigates between form pages, even if the form is not submitted. How long an uncommitted file is stored is determined by the FileGracePeriod setting (the default is 4 hours)

In a previous project sitecore-forms-extension-pack I already had a save action to Azure Storage without file upload (outdated), and in another blog also a Serverless AJAX Upload for Sitecore Forms.

An AJAX call upload could be a nice solution, but using out of the box functionality from Sitecore is usually also a good idea.

It is possible to use an other database for you Files or create your own FileStorageProvider
See manage file storage for forms

But what about process sensitive files with the Sitecore 9.3 Form Upload element.

First using an queue is a nice way to do something with your form data, trigger your processing. Azure Storage Queue has a Limited message size, and also Azure Service Bus is not for big files. Storing files on Azure storage is a nice way. Azure storage also has support for encryption it uses the IKey interface works great when storing the key in key Fault so no need to have a secret in the config. And to use this you need a custom Sitecore Forms save action.

See this Source Code on GitHub Sitecore Forms Cloud Upload for a save action for Sitecore Forms, demos how to work with file upload and Azure.

Remember Sitecore Forms automatically stores uploaded files when a visitor navigates between form pages. So the uploads are still unencrypted in the ExperienceForms database, you need to create also a custom FileStorageProvider class.

So back to the drawing board. Need to start with the FileStorageProvider, but dont want to depend on that because I want to process the files outside Sitecore in for example Azure functions.

See:
- Manage file storage for forms for The Documentation from Sitecore about the FileStorageProvider
AzureBlobStorageFileStorageProvider For code of a Azure FileStorageProviders without decryption

The Sitecore Forms Cloud Upload for a save action also contains a Decrypt controller, but that is more for the purpose to demo how to encrypt a file, Note in this example all files are encrypted with the same key. So still possible to easy get all uploaded files if you have the key. I expect you to delete the uploaded files after you have processed them, so that they are only there for a while.