SFTP

The SFTP connector lets you connect to a SFTP server and perform file transfer operations.

Before you begin

In your Google Cloud project, do the following tasks:

Ensure that network connectivity is set up. For information, see Network connectivity .
Grant the roles/connectors.admin IAM role to the user configuring the connector.
Grant roles/secretmanager.viewer and roles/secretmanager.secretAccessor IAM roles to the service account that you want to use for the connector. If you don't have a service account, you must create a service account. The connector and the service account must belong to the same project.
Enable secretmanager.googleapis.com (Secret Manager API) and connectors.googleapis.com (Connectors API). For more information, see Enabling services .

Create a SFTP connection

A connection is specific to a data source. It means that if you have many data sources, you must create a separate connection for each data source. To create a connection, do the following:

In the Cloud console , go to the Integration Connectors > Connections page and then select or create a Google Cloud project.
Go to the Connections page
Click + Create new to open the Create Connection page.
In the Location section, select a location from the Region list and then click Next .
For the list of all the supported regions, see Locations .
In the Connection Details section, complete the following:
1. In the Connector field, select SFTP .
2. In the Connector version field, select the desired version.
3. In the Connection Name field, enter a name for the connection instance. The connection name can contain lower-case letters, numbers, or hyphens. The name must begin with a letter and end with a letter or number and the name must not exceed 49 characters.
4. Optionally, enter a Description for the connection instance.
5. Optionally, enable Cloud logging , and then select a log level. By default, the log level is set to Error .
6. In the Service Account field, select an account that has the required roles .
7. Optionally, click + Add label to add a label to the Connection in the form of a key/value pair.
8. Click Next .

In the Destinations section, enter details of the remote host (backend system) you want to connect to and click Next .

In the Destination Type field, select the desired type:

To specify the destination hostname or IP address, select Host address and enter the address in the Host 1 field.
To establish a private connection, select Endpoint attachment and choose the required attachment from the Endpoint Attachment list.
Note: To understand how to create an endpoint attachment, see PSC service attachment and endpoint attachment . After you have created the endpoint attachment, it will be visible in the Endpoint Attachment list.

If you want to establish a public connection to your backend systems with additional security, you can consider configuring static outbound IP addresses for your connections , and then configure your firewall rules to allowlist only the specific static IP addresses.

In the Authentication section, select an Authentication type and enter the relevant details and click Next .
The following authentication types are supported by the SFTP connection:
- Username and password
- SSH_PUBLIC_KEY
To understand how to configure these authentication types, see Configure authentication .
Review your connection and authentication details, and then click Create .

Configure authentication

Enter the details based on the authentication you want to use.

Username and password
- Username : The SFTP username to use for the connection.
- Password : Secret Manager Secret containing the password associated with the SFTP username.

SSH_PUBLIC_KEY
- Username : The SFTP user account used to authenticate.
- SSH Private Key : Private Key for SSH authentication.
- SSH Private Key password : Passphrase/password protecting the private key, if any.
- SSH Private Key type : Format of the Private Key.

Use the SFTP connection in an integration

After you create the connection, it becomes available in both Apigee Integration and Application Integration. You can use the connection in an integration through the Connectors task.

To understand how to create and use the Connectors task in Apigee Integration, see Connectors task .
To understand how to create and use the Connectors task in Application Integration, see Connectors task .

Actions

This section lists some of the actions supported by the connector. To understand how to configure the actions, see Action examples .

Note: The results of all the actions will be available as a JSON response in the Connectors task's connectorOutputPayload response parameter after you run your integration.

Upload action

The following table describes the input parameters of the Upload action.

Parameter name	Data type	Required	Description
Content	String	No	Content to upload as a file.
ContentBytes	String	No	Bytes content (as a Base64 string) to upload as a file. Use this to upload binary data.
HasBytes	Boolean	No	Specifies if the content should be uploaded as bytes. The default value is `false` .
RemoteFile	String	Yes	The file name on the remote host.
Overwrite	Boolean	No	Specifies if the remote file should be overwritten. The default value is `false` .

For examples on how to configure the Upload action, see Examples .

Download action

The following table describes the input parameters of the Download action.

Parameter name	Data type	Required	Description
RemoteFile	String	Yes	The file name on the remote host.
HasBytes	Boolean	No	Specifies if the content should be downloaded as bytes. The default value is `false` .

For examples on how to configure the Download action, see Examples .

MoveFile action

The following table describes the input parameters of the MoveFile action.

Parameter name	Data type	Required	Description
RemoteFile	String	Yes	The path of the remote file to be moved.
DestinationPath	String	Yes	The new path you want to move the file to.

For examples on how to configure the MoveFile action, see Examples .

RenameFile action

The following table describes the input parameters of the RenameFile action.

Parameter name	Data type	Required	Description
RemoteFile	String	Yes	Remote file path and name to be renamed.
NewFileName	String	Yes	New name of the remote file.

For examples on how to configure the RenameFile action, see Examples .

Examples

This section describes how to perform some of the entity operations and actions in this connector. The examples describe the following operations:

List all files in the root directory
List files that match a pattern in a directory
Move a file
Rename a file
Delete a file
Upload an ASCII text file
Upload a binary file
Download an ASCII text file
Download a binary file
Download multiple files

The following table lists the sample scenarios and the corresponding configuration in the Connectors task:

Task

Sample command

Configuration

List all files in the root directory

ls /

In the Configure connector task dialog, click Entities .
Select the Root entity and then select the List operation.
Click Done .

List .csv files in a directory

ls /tmp/*.csv

In the Configure connector task dialog, click Entities .
Select the base directory (/tmp) from the Entity list.
Select the List operation, and then click Done .
Set the filter clause. To set the clause, in the Task Input section of the Connectors task, click filterClause and then enter FilePath LIKE '/tmp/%.csv' in the Default Value field.

Move a file

mv /tmp/dir_A/hello_world.txt /dir_B/dir_C/

In the Configure connector task dialog, click Actions .
Select the MoveFile action, and then click Done .
In the Task Input section of the Connectors task, click connectorInputPayload and then enter a value similar to the following in the Default Value field:
```
 { 
 "RemoteFile" 
 : 
  
 "/tmp/dir_A/hello_world.txt" 
 , 
 "DestinationPath" 
 : 
  
 "/dir_B/dir_C/" 
 } 
```

This example moves the /tmp/dir_A/hello_world.txt file to the /dir_B/dir_C/ directory. Running this example, returns a response smiliar to the following in the Connector task's connectorOutputPayload output variable:

 [{ 
 "Success" 
 : 
 "true" 
 }]

Rename a file

mv /tmp/hello_world.txt /tmp/hello_world_new.txt

In the Configure connector task dialog, click Actions .
Select the RenameFile action, and then click Done .
In the Task Input section of the Connectors task, click connectorInputPayload and then enter a value similar to the following in the Default Value field:
```
 { 
 "RemoteFile" 
 : 
  
 "/tmp/hello_world.txt" 
 , 
 "NewFilename" 
 : 
  
 "hello_world_new.txt" 
 } 
```

This example renames the hello_world.txt file to hello_world_new.txt . Running this example, returns a response smiliar to the following in the Connector task's connectorOutputPayload output variable:

 [{ 
 "Success" 
 : 
 "true" 
 }]

Delete a file

rm /tmp/myfile.csv

In the Configure connector task dialog, click Entities .
From the Entity list, select the base directory that has the file to be moved.
Select the Delete operation, and then click Done .
Set the entity ID to the file's full path. To set the entity ID, in the Task Input section of the Connectors task, click entityId and then enter /tmp/myfile.csv in the Default Value field.
Alternately, instead of specifying the entityId , you can also set the filterClause to FilePath LIKE '/tmp/myfile.csv' .

Upload an ASCII text file

put file_1.txt /tmp/file_1.txt

In the Configure connector task dialog, click Actions .
Select the Upload action, and then click Done .

In the Task Input section of the Connectors task, click connectorInputPayload and then enter the following in the Default Value field:

 { 
  
 "Content" 
 : 
  
 "This is a sample text!\r\n" 
 , 
  
 "RemoteFile" 
 : 
  
 "/tmp/file_1.txt" 
 , 
  
 "Overwrite" 
 : 
  
 true 
 }

This sample creates the file_1.txt file that has the content This is a sample text! in the SFTP server's /tmp directory. And any existing file with the same name is overwritten because the Overwrite attribute value is true .

Setting the Overwrite attribute is optional; by default, the value is false .

Note: You can't upload a local file directly to the SFTP server. You must specify the file's entire content in the Content attribute.

Upload a binary file

put image_1.png /tmp/image_1.png

To upload a binary content, you must first encode the content in the Base64 format. You can choose a tool of your choice to encode the content. Steps for encoding the content are out of the scope of this document. After you have the content as a Base64 string, perform the following steps:

In the Configure connector task dialog, click Actions .
Select the Upload action, and then click Done .

In the Task Input section of the Connectors task, click connectorInputPayload and then enter the following in the Default Value field:

 { 
  
 "ContentBytes" 
 : 
  
 "SGVsbG8gd29ybGQ=" 
 , 
  
 "RemoteFile" 
 : 
  
 "/tmp/image_1.png" 
 , 
  
 "Overwrite" 
 : 
  
 true 
 , 
  
 "HasBytes" 
 : 
  
 true 
 }

This sample creates the image_1.png file with the content as specified in the ContentBytes field. The file is created in the SFTP server's /tmp directory. And any existing file with the same name is overwritten because the Overwrite attribute value is true .

Setting the Overwrite attribute is optional; by default the value is false .

Download an ASCII text file

get /tmp/myfile.txt

In the Configure connector task dialog, click Actions .
Select the Download action, and then click Done .
In the Task Output section of the Connectors task, click connectorInputPayload and then enter the following in the Default Value field:
```
 { 
 "RemoteFile" 
 : 
  
 "/tmp/myfile.txt" 
 } 
```

The content of the downloaded file is available as a string in the Content field of the Connector task's connectorOutputPayload response parameter.

Download a binary file

get /tmp/myfile.png

In the Configure connector task dialog, click Actions .
Select the Download action, and then click Done .
In the Task Output section of the Connectors task, click connectorInputPayload and then enter the following in the Default Value field:
```
 { 
 "RemoteFile" 
 : 
  
 "/tmp/myfile.png" 
 , 
 "HasBytes" 
  
 : 
  
 true 
 } 
```

The content of the downloaded file is available as a Base64 encoded string in the ContentBytes field of the Connector task's connectorOutputPayload response parameter.

Download multiple files

In the Configure connector task dialog, click Actions .
Select the Download action, and then click Done .
In the Task Output section of the Connectors task, click connectorInputPayload and then enter the following in the Default Value field:
```
 { 
 "RemoteFile" 
 : 
  
 "/tmp/myfile*.txt" 
 } 
```

System limitations

The SFTP connector can process 1 transaction per second, per node , and throttles any transactions beyond this limit. By default, Integration Connectors allocates 2 nodes (for better availability) for a connection.

For information on the limits applicable to Integration Connectors, see Limits .

Note: The number of Integration Connectors nodes will autoscale dynamically based on your usage. However, if you want to reserve capacity for large volumes without waiting for autoscaling, you can adjust the minimum node value for a connection. More nodes are required to process more transactions for a connection. Conversely, fewer nodes are required if a connection processes fewer transactions. To configure the node values, do the following:

If you are a pay-as-you-go customer, configure the minimum and maximum node value in the edit connection page.
If you are a subscription based customer, contact support .

The maximum transactions that a node can handle depends on various factors. So, before adjusting the minimum nodes for better throughput, it is recommended you check if your backend systems are set up optimally to handle the required traffic.

Create connections using Terraform

You can use the Terraform resource to create a new connection.

To learn how to apply or remove a Terraform configuration, see Basic Terraform commands .

To view a sample terraform template for connection creation, see sample template .

When creating this connection by using Terraform, you must set the following variables in your Terraform configuration file:

Parameter name	Data type	Required	Description
remote_path	STRING	False	The current path in the SFTP server.

JSON schema for payload

All the entity objects in a SFTP connection have a pre-defined JSON schema. The entity objects in a SFTP connection use the following JSON schema:

  
 { 
  
 "type" 
 : 
  
 "object" 
 , 
  
 "properties" 
 : 
  
 { 
  
 "FilePath" 
 : 
  
 { 
  
 "type" 
 : 
  
 "string" 
 , 
  
 "readOnly" 
 : 
  
 false 
  
 }, 
  
 "Filename" 
 : 
  
 { 
  
 "type" 
 : 
  
 [ 
  
 "string" 
 , 
  
 "null" 
  
 ], 
  
 "readOnly" 
 : 
  
 false 
 , 
  
 "description" 
 : 
  
 "The name of the file or directory." 
  
 }, 
  
 "FileSize" 
 : 
  
 { 
  
 "type" 
 : 
  
 [ 
  
 "number" 
 , 
  
 "null" 
  
 ], 
  
 "readOnly" 
 : 
  
 false 
 , 
  
 "description" 
 : 
  
 "The size of the file." 
  
 }, 
  
 "LastModified" 
 : 
  
 { 
  
 "type" 
 : 
  
 [ 
  
 "string" 
 , 
  
 "null" 
  
 ], 
  
 "readOnly" 
 : 
  
 false 
  
 }, 
  
 "IsDirectory" 
 : 
  
 { 
  
 "type" 
 : 
  
 [ 
  
 "boolean" 
 , 
  
 "null" 
  
 ], 
  
 "readOnly" 
 : 
  
 false 
  
 }, 
  
 "Permissions" 
 : 
  
 { 
  
 "type" 
 : 
  
 [ 
  
 "string" 
 , 
  
 "null" 
  
 ], 
  
 "readOnly" 
 : 
  
 false 
  
 }, 
  
 "Owner" 
 : 
  
 { 
  
 "type" 
 : 
  
 [ 
  
 "string" 
 , 
  
 "null" 
  
 ], 
  
 "readOnly" 
 : 
  
 false 
  
 }, 
  
 "OwnerId" 
 : 
  
 { 
  
 "type" 
 : 
  
 [ 
  
 "string" 
 , 
  
 "null" 
  
 ], 
  
 "readOnly" 
 : 
  
 false 
  
 }, 
  
 "Group" 
 : 
  
 { 
  
 "type" 
 : 
  
 [ 
  
 "string" 
 , 
  
 "null" 
  
 ], 
  
 "readOnly" 
 : 
  
 false 
  
 }, 
  
 "GroupId" 
 : 
  
 { 
  
 "type" 
 : 
  
 [ 
  
 "string" 
 , 
  
 "null" 
  
 ], 
  
 "readOnly" 
 : 
  
 false 
  
 } 
  
 } 
  
 }

Get help from the Google Cloud community

You can post your questions and discuss this connector in the Google Cloud community at Cloud Forums .

What's next

Understand how to suspend and resume a connection .
Understand how to monitor connector usage .
Understand how to view connector logs .