Remote SFTP Credentials
Remote SFTP credentials allow DataBlend to securely connect to external SFTP servers for collecting or delivering files. A remote SFTP is a secure way to access a file. Authentication can be performed using either a username and password or a private key.

Standard Configuration
| Field | Required/ Optional | Description |
| Name | Required | Enter a unique name for the credential. |
| Username | Required | Username used to authenticate with the remote SFTP server. |
| Password | Required | Password associated with the specified username. Not required when the remote server is configured for key-based authentication only. |
| Host | Required | Hostname or IP address of the remote SFTP server. |
| Port | Required | Port number used by the SFTP server. |
| Decryption Key | Optional | Private key used to decrypt incoming encrypted files. Required when decrypting inbound files. |
| Decryption Passphrase | Optional | Passphrase associated with the decryption key. |
| Locked | Optional | Prevents modifications to the credential once configured. Administrative permissions may be required to unlock and edit the credential. |
In addition to our standard Remote SFTP credential connection, DataBlend offers a private/public key option to allow secure access to multiple users wishing to connect to an SFTP to collect or send data.
| Field | Required/ Optional | Description |
| Name | Required | Enter a unique name for the credential. |
| Username | Required | Username used to authenticate with the remote SFTP server. |
| Use Private Key | Optional | Enable to authenticate using a private key instead of a password. |
| Private Key | Required when Use Private Key is enabled | Private key used for key-based authentication. |
| Password | Required when not using Private Key | Password associated with the specified username. Not required when the remote server is configured for key-based authentication only. |
| Host | Required | Hostname or IP address of the remote SFTP server. |
| Port | Required | Port number used by the SFTP server. |
| Encrypt Files | Optional | Enable to encrypt outbound files. |
| Encryption Key | Required when Encrypt Files is enabled | PGP public key used to encrypt files before transmission. |
| Sign Files | Optional | Enable to digitally sign outbound files. |
| Signing Key | Required when Sign Files is enabled | Private key used to generate the file signature. |
| Signing Key Passphrase | Optional | Passphrase for the signing key, if applicable. |
| Decryption Key | Optional | Private key used to decrypt incoming encrypted files. Required when decrypting inbound files. |
| Decryption Passphrase | Optional | Passphrase associated with the decryption key. |
| Locked | Optional | Prevents modifications to the credential once configured. Administrative permissions may be required to unlock and edit the credential. |
Key Formatting
DataBlend does not support all formats of keys. A few things to keep in mind:
-
Open SSH-RSA keys are not supported and should be converted to an RSA key in PEM format.
-
This should only be a format change and the actual key, and its contents do not change.
-
Whomever generated the key will likely be able to provide the updated format.
-
-
PGP is a type of encryption, and the applicable key should be put into the encryption box and not the private key box within the DataBlend UI.
-
Avoid tools like Microsoft Word for transferring keys as it can adjust the format and cause issues leveraging the key. Notepad or an alternative is recommended.
Scenarios
(1) In this scenario, the client encrypts files before placing them on the SFTP server, and DataBlend must decrypt them after retrieval.
Required fields:
- Name
- Username
- Password or Private Key
- Host
- Port
- Decryption Key
Optional fields:
- Encrypt Files
- Sign Files
Workflow:
- DataBlend provides the client with a PGP public key.
- The client encrypts files using that public key.
- The client uploads encrypted files to the SFTP server.
- DataBlend downloads the files.
- DataBlend uses the configured Decryption Key to decrypt the files for processing.
(2) DataBlend encrypts files before uploading them to the client's SFTP server.
Required fields:
- Name
- Username
- Password or Private Key
- Host
- Port
- Encrypt Files
- Encryption Key
Optional fields:
- Sign Files
- Signing Key
- Signing Key Passphrase
Workflow:
- The client provides their PGP public key.
- DataBlend enables Encrypt Files and uploads the client's public key into Encryption Key.
- DataBlend encrypts the outbound file.
- The encrypted file is uploaded to the client's SFTP server.
- The client decrypts the file using their private key.
Quick Reference:
| Scenario | Encrypt Files | Encryption Key | Sign Files | Signing Key | Decryption Key |
| Receive encrypted files from client | Yes | ||||
| Send encrypted files to client | Yes | Yes (client public key) | Optional | Optional | |
| Send signed & encrypted files to client | Yes | Yes (client public key) | Yes | Yes | |
| Receive encrypted and signed files from client | Yes |
API Basics
You can find related information in this article here: API Basics