Given the sensitive nature of health-related information, research involving patient data requires high levels of security and data protection across ICT infrastructure and processes. To support these requirements, the BioMedIT Interoperability Working Group developed and maintains sett, the BioMedIT Secure Encryption and Transfer Tool.

How sett works

sett enables the encryption of sensitive data at the data-providing institution (for example, a university hospital) and its secure transfer to a secure environment—a B-space—hosted at a BioMedIT node.

Upon receipt, sett enables the legitimate recipients—for whom the data was encrypted—to locally decrypt the data. As part of the decryption process, sett also performs a number of checks to verify that the data was not corrupted during transfer.

sett is developed to be an “all in one” tool to send sensitive data to and from trusted research environments: secure computing environments designed to host sensitive data.

sett makes the management of encryption keys effortless. Users can generate and manage their personal keys directly within the tool, enabling secure encryption and digital signing of data packages.
Through integration with the OpenPGP keyserver, public keys can be easily published and discovered, supporting trusted data exchange with external partners.

sett securely encrypts and transfers data of any type and size. Files can be encrypted locally or packaged, compressed, encrypted, and transferred in a single stream, avoiding local duplication of the data.

Data can be transferred via HTTPS to an S3-compatible object store or via SFTP, ensuring flexibility while maintaining strong security standards.

sett automatically verifies data integrity and confidentiality during decryption, ensuring that all files arrive complete and unaltered, and only the specified recipient(s) can decrypt them.

For S3-based transfers, packages can be downloaded, decrypted, and decompressed in a single streaming process—no temporary files, no unnecessary storage overhead.

As part of the BioMedIT ecosystem, sett supports authenticated data exchange out of the box. Authorized users within a hosted project can exchange data without configuring connection details.

sett ensures that only authorized senders and receivers can exchange data—and that the transfer is approved according to the predefined workflow.

sett is built on open standards and designed for broad compatibility across platforms and environments:

Not limited to the BioMedIT network
sett can be used both within and outside the BioMedIT network, enabling secure data exchange with external partners while maintaining the same security guarantees.

Multiple user interfaces
sett is available in three user interfaces to suit different workflows:

• GUI – a graphical desktop application for intuitive, interactive use
• CLI – a command-line interface for scripting and automation
• TUI – an interactive, terminal-based interface for efficient use in console environments

Broad compatibility, always up to date
sett supports most major operating systems and keeps users informed of new releases through automatic update notifications (available in sett GUI).

Secure implementation
sett is written in Rust, a high-performance, memory-safe programming language designed for reliability and security.

Open standards
sett uses the sequoia implementation of the OpenPGP standards for encryption and digital signatures, ensuring interoperability and long-term compatibility.

Open-source licensing
sett is licensed under the GNU General Public License v3 (GPLv3). The full source code is publicly available via its GitLab repository.

Automation and integration support
sett supports automation workflows. Users can generate a Personal Access Token (PAT) for non-interactive and scripted use.

Performance transparency
Benchmarks are available, providing insight into sett’s performance characteristics for encryption, transfer, and decryption operations.