With the SFTP connector, you can use commands in a chain to manage files and directories on a Secure File Transfer Protocol (SFTP) server. For example, with this connector, you can use templates to create a chain to securely download a file from an SFTP server and then upload it to a Wdata table.
Prerequisites
To use the SFTP Connector, your organization needs access to its own SFTP server. Workiva can neither host nor provide these servers.
To secure the connection with your SFTP server, the connector supports either basic username and password authentication or public key/private key authentication. To set up the connection, you'll need:
- The server's Host name or IP address
- The port the server runs on
- The username used to access the server
- The username's authentication credentials
- For basic authentication, its password
- For public key authentication, the private key file as a PEM or PPK, and its password (if applicable). Learn more about private keys.
Set up the SFTP connector
Note: To make the connector available for use in your organization's chains, an org security administrator first enables it from Configuration.
- From Chain Builder, click Connections , and then Create at the top right.
- Under Connector Connection, select SFTP Connector and your runner.
- Under Basic Info, enter a unique name and description to help identify the connection.
- If using public key authentication, under Resources, upload the server's private key file.
- Under Properties, enter the connection's details:
Property Details Host Enter the SFTP server's host name or IP address, such as 34.23.34.45orsftp.example.net.Port Enter the port the server runs on. Username Enter the username used to log into the server. Password For basic authentication, enter the password for Username. For public key authentication, leave blank. Private key For public key authentication, enter the filename of the private key uploaded under Resources. Private key password For public key authentication, enter the password for the private key file. If the private key has no password, leave blank. Connection timeout Enter the number of minutes to wait for the connection to the SFTP server. If the server is slow or has a high load, enter a large number. Note: All sensitive credentials are automatically encrypted and stored at Advanced Encryption Standard (AES)-256 encryption.
- Select the environments to use the connection, and click Save.
- If your network requires an allow list of outbound domains, allow the IP address listed in the Allow hosts and emails for Workiva document.
- To test the connection, create and run a chain with the SFTP Connector's List Directory command, and verify it returns a valid output.
Troubleshooting
If the connection to the SFTP server fails:
- Verify the connector's authentication credentials are correct. For example, use the same credentials to connect to the server through an SFTP client application such as FileZilla or WinSCP.
- Check that your password does not start with an "at" sign (@).
- If the connection times out, increase the Connection timeout.
- If your network requires an allow list of outbound of domains, please follow the Allow hosts and emails for Workiva document.
Private keys
If your SFTP client application doesn't enable you to generate a public/private key pair, use a tool such as PuTTYgen or ssh-keygen. For private keys, we support the following formats:
- PuTTy-generated keys, which typically end in a .ppk extension.
- RSA keys using PKCS#1 standard in PEM format, which typically ends in a .pem extension.
You can also view your RSA keys in a text editor. If the text contains -----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY----- then these formats are supported by Workiva. If these lines are missing or contain different terms, then you'll need to convert the key to this format or generate a new one.