Share Google Docs Securely with a Google Apps Script

Add Additional Data Protections to G Suite with the Virtru SDK

Trevor Foskett
Nov 7 · 7 min read
Photo by Safar Safarov on Unsplash

I’m not a developer. I know a little JavaScript and Python — enough to write a couple of basic scripts to help with some of my more mundane tasks — but I certainly don’t have the skills or know-how to write actual software. What I do know, however, are my customers and the challenges they face in keeping their data secure. So when we released the Virtru SDK, touting its ease of use, I was skeptical. How hard is this going to be for my customers to integrate into their existing workflows? Could someone with my limited coding skills build something with this? Let’s find out!

TL; DR: Yes. It actually is really easy to add the Virtru SDK to your project, as I’ll demonstrate through the construction of a “Protect & Share” Google Docs add-on. See the completed project here.


Identifying a Project

What are my most common workflows?

Could these workflows use additional layers of data protection?

What’s the lowest barrier to entry?


Goal

  • Capture Google Doc content in a PDF.
  • Encrypt that PDF with policy controls set by the user such as document watermarking, expiration date, and disable re-sharing.
  • Download the encrypted PDF, OR
  • Send the encrypted PDF as an email attachment.

The first, third, and fourth functions above are all straightforward and easily accomplished with the tools available in Google Apps Script. The only new functionality I need to add is to encrypt the document and apply my access controls.


Building It

When In Doubt, Copy & Paste

A basic add-on has two parts: server-side code running within the Google Apps Script environment — ‘Code.gs’ — and client-side code running directly on the page — ‘virtruSidebar.html’. I want to encrypt client-side, so I can copy some sample code from the Virtru Developer Hub’s browser JS quick-start into my client-side HTML file to import the Virtru SDK and styling:

virtruSidebar.html: Adding Virtru SDK & styling to client-side HTML.

Next, I need to add the element that will actually perform the encryption step — the Virtru ‘client’. Again, the browser JS quick-start has some helpful code I can copy to generate the client:

virtruSidebar.html: Loading default Virtru client.

This is a good start, but as-is, this client is configured to accept a simple string input and output an encrypted .txt file; I need to take a PDF as input and output an encrypted PDF before this will actually be useful.

Generating a PDF

Code.gs: Creating PDF blob from Google Doc content.

And then a client-side function to call the above server-side function and return the document data to the client:

virtruSidebar.html: Calling the server-side function to generate pdf blob & transport to client.

Customizing the Quick Start

  • Change the data source for encryption from string to array buffer. With an array buffer input, the client can accept any file type so long as it has been appropriately converted beforehand.
  • Change the output type to ensure the final encrypted file will render as and decrypt to PDF.
virtruSidebar.html: Updating the client to accept arrayBuffer and output pdf.tdf3.html.

At this point, the add-on can generate an encrypted copy of the Google Doc. Great! However, it lacks any access controls or sharing options. By default, the document owner is the only authorized user. Let’s change that.

Adding Access Controls

virtruSidebar.html: Creating an access control policy based on user input checkboxes.

The policy is then passed to the encryption client. Authorized users can be included in the policy object itself, or added as an additional encryption parameter {array} as shown here:

virtruSidebar.html: Adding the policy object and authorized users to the encrypt client.

Sending an Email

virtruSidebar.html: Updating the client to send encrypted content server-side for email generation.

This string can then be passed to a server-side function to create an email with the encrypted file attached:

Code.gs: Server-side function to generate and send an email with encrypted attachment.

Tying It All Together

  • Choose “Encrypt & Download” or “Encrypt & Email”.
  • Add authorized users.
  • Add access controls.
  • Include a custom message to email recipients.

This actually accounted for the majority of code that I wrote for this project. The protection-specific pieces — encrypting the file and adding access controls — account for a very small portion of the add-on. And of that portion, I copied and pasted most of it!

The entire project is available on GitHub, where you can take a look at all the additional elements I added. Here’s the full add-on in action:

Encrypt & Download:

Encrypting, downloading, and previewing the document.

Encrypt & Email:

Encrypting, emailing, and accessing the document.

Food for Thought

With this under my belt, I think I’ll try to develop some additional functions or new add-ons to see how else I can leverage Google Apps Script in my day-to-day. Please let me know in the comments if you have any ideas for next projects or additional features!


About Me

Virtru Technology Blog

Building developer tools in the interest of data protection and sharing.

Trevor Foskett

Written by

Sr. Solutions Engineer — Virtru

Virtru Technology Blog

Building developer tools in the interest of data protection and sharing.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade