To start accepting public submissions via the public Whistle Willow site (https://whistle-eu.suprchrgd.com/), a Whistle Willow administrator needs to enable them and trigger the generation of the encryption keys.
This is a very simple automated procedure that creates a unique pair of keys for your organization - public and private, that are used to secure whistleblowing tip submissions. The generation and configuration of underlying cryptographic algorithms are done automatically. Each tip is encrypted with your organization’s public key - and can only be read using the private key, which never ever leaves secure storage in Jira or Confluence.
Once the keys are in place, a public submissions PIN is generated - it is a long string that uniquely identifies your organization on the public submissions form. This PIN needs to be specified alongside the report when submitting a public tip - so that it could be routed to your organization Jira or Confluence later on.
The PIN can and should be shared with the public - there is no need or requirement to protect it. You can share it on your website, under Trust and Security page, or a dedicated Whistleblowing instructions page.
To enable public submissions
Navigate to Whistle Willow app as admin
Open the “Program Settings” tab
Switch the toggle “Enable public submissions” to the enabled state:
Click “Save submission settings”
Reload the app
A new section will appear - click “Generate / Regenerate keys and PIN”
Now, you can copy the PIN and let everyone send their whistleblowing tips - they will appear in your Admin dashboard in a short while after a submission.