Using Native PGP Encryption and Decryption in NetSuite

With the release of NetSuite 2025.1, a long-awaited feature is finally here: native support for Pretty Good Privacy (PGP) encryption and decryption via the new N/pgp module. This enhancement simplifies secure data exchanges within NetSuite and eliminates the need for third-party middleware, reducing costs and streamlining system architecture.

Why PGP Matters in NetSuite Integrations

In today’s interconnected environments - especially those involving sensitive customer, financial, or proprietary data - encryption is no longer optional. From APIs to third-party integrations, businesses must ensure that data in transit is protected against interception and tampering.

PGP is a trusted, standards-based approach to securing data. It uses asymmetric encryption, allowing one key to encrypt and a different (private) key to decrypt - ensuring both confidentiality and authenticity. Before 2025.1, NetSuite developers had to rely on external iPaaS platforms like Boomi, Celigo, or Workato to integrate this level of security. Now, that functionality lives natively in NetSuite.

Native Encryption with the N/pgp Module

NetSuite’s N/pgp module provides secure methods to encrypt messages using public/private key pairs stored in NetSuite’s API Secrets record. These secrets are securely managed and accessed via script IDs.

The function below retrieves encryption keys and uses them to encrypt a message and apply a digital signature. If the private key is passphrase-protected, a securely stored passphrase is also retrieved.

This process results in an armored, ASCII-formatted output—ideal for transmitting across systems while maintaining security and traceability.

Decryption: Reversing the Process Securely

Decrypting messages is equally straightforward. The code below demonstrates how the N/pgp module retrieves the appropriate decryption keys, parses the encrypted message, and verifies its signature before returning the plaintext.

This pattern ensures message integrity while leveraging centralized, auditable key storage through the Secrets record.

Important Limitations to Consider

While the new N/pgp module is a powerful step forward, developers should be aware of its constraints:

• Key generation is not supported: All PGP key management must be done externally.
• Only string data types are supported - no streaming or large file handling.
• The module requires that entire messages fit into memory during encryption and decryption.
• Messages must be compatible with standard PGP software to ensure interoperability.

These limitations mean careful architectural planning is still required. But for many use cases, native PGP support will significantly reduce friction and improve the security posture of NetSuite implementations.

The Bigger Picture: NetSuite’s Growing Security Capabilities

As NetSuite continues to evolve, its embrace of native security tooling shows a deeper commitment to supporting enterprise-grade requirements. The N/pgp module offers an immediate win for teams who previously had to engineer workarounds to handle encrypted data securely.

Whether you're syncing sensitive customer records or exchanging financial information with third parties, native PGP support empowers developers to keep security in-house - closer to the business logic and easier to manage.

In short: fewer tools, stronger integrations, and more secure workflows.