Working with submissions


SecureDrop Workstation is currently in a closed beta, and we do not recommend installing it for production purposes independently. See our blog post for more information.

When a source submits files, you will see a Download button in the conversation flow, a file size, and light-gray text that says “Encrypted file on server.”



To download a file, click the Download button. An animated spinner will indicate that the file is downloading:


Once the file has been downloaded and decrypted, the filename will be visible, as will the action Export and Print. The displayed file size may increase after the download is complete, because the SecureDrop Client automatically decompresses the downloaded file.



To view a downloaded submission, click its filename. This will open the file in a temporary environment, called a “disposable VM.” The file you clicked on will open in a new window with a different colored border and a window title prefixed with “disp” (meaning disposable).


This disposable VM is a special isolated environment similar to the Secure Viewing Station; it does not have internet access, and isolates the files that you are viewing from other sensitive files and applications on the same computer.


In Qubes, window border colors are used to signify different virtual machines.


To print a document, click the Print button. Currently, printing is only supported with a specific HP printer model, and for security reasons you are required not to use a printer that has any wireless capabilities.

You should have access to a supported printer that has been set up by your administrator. The printer must be plugged into the computer’s USB port.

Exporting to an Export USB

Currently, a LUKS-encrypted USB drive is required for exporting submissions. A Linux-based system such as Tails is required to configure and use a LUKS-encrypted drive, meaning that for the time being, you will only be able to export to a Linux environment where these drives can be read. For assistance with this, see your SecureDrop administrator.

Once you have provisioned a LUKS-encrypted export drive, insert the drive and click Export.


You will be prompted for the password configured for this USB drive.


Once you see a message informing you that the export was successfully completed, you can safely unplug the USB drive. Alternatively, you can leave the drive plugged in and export additional files.