One option is to encrypt it through the public key of Agent which is being used to create the ssh tunnel. Other option is to share a symetric key between agent and the controller when the initial connection is created and use that key to encrypt / decrypt messages
Currently the messages published to agent through controller is in un encrypted format: https://github.com/apache/airavata-mft/blob/master/controller/src/main/java/org/apache/airavata/mft/controller/TransferDispatcher.java#L73. We need to encrypt agentTransferRequest object so that only the target agent can decrypt it. Typically the agent connects to the consul through a ssh tunnel. https://github.com/apache/airavata-mft/blob/master/controller/src/main/java/org/apache/airavata/mft/controller/spawner/SSHProvider.java#L123
One option is to encrypt it through the public key of Agent which is being used to create the ssh tunnel. Other option is to share a symetric key between agent and the controller when the initial connection is created and use that key to encrypt / decrypt messages