This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Download Microsoft Edge
More info about Internet Explorer and Microsoft Edge
Try out
Data Factory in Microsoft Fabric
, an all-in-one analytics solution for enterprises.
Microsoft Fabric
covers everything from data movement to data science, real-time analytics, business intelligence, and reporting. Learn how to
start a new trial
for free!
This article outlines how to use Copy Activity to copy data from and to the secure FTP (SFTP) server, and use Data Flow to transform data in SFTP server. To learn more read the introductory article for
Azure Data Factory
or
Azure Synapse Analytics
.
Supported capabilities
This SFTP connector is supported for the following capabilities:
Supported capabilities
① Azure integration runtime ② Self-hosted integration runtime
Specifically, the SFTP connector supports:
Copying files from and to the SFTP server by using
Basic
,
SSH public key
or
multi-factor
authentication.
Copying files as is or by parsing or generating files with the
supported file formats and compression codecs
.
Prerequisites
If your data store is located inside an on-premises network, an Azure virtual network, or Amazon Virtual Private Cloud, you need to configure a
self-hosted integration runtime
to connect to it.
If your data store is a managed cloud data service, you can use the Azure Integration Runtime. If the access is restricted to IPs that are approved in the firewall rules, you can add
Azure Integration Runtime IPs
to the allow list.
You can also use the
managed virtual network integration runtime
feature in Azure Data Factory to access the on-premises network without installing and configuring a self-hosted integration runtime.
For more information about the network security mechanisms and options supported by Data Factory, see
Data access strategies
.
Get started
To perform the Copy activity with a pipeline, you can use one of the following tools or SDKs:
The Copy Data tool
The Azure portal
The .NET SDK
The Python SDK
Azure PowerShell
The REST API
The Azure Resource Manager template
Create an SFTP linked service using UI
Use the following steps to create an SFTP linked service in the Azure portal UI.
Browse to the Manage tab in your Azure Data Factory or Synapse workspace and select Linked Services, then click New:
Azure Data Factory
Azure Synapse
Connector configuration details
The following sections provide details about properties that are used to define entities specific to SFTP.
Linked service properties
The following properties are supported for the SFTP linked service:
Property
Description
Required
The port on which the SFTP server is listening.
The allowed value is an integer, and the default value is
22
.
skipHostKeyValidation
Specify whether to skip host key validation.
Allowed values are
true
and
false
(default).
hostKeyFingerprint
Specify the fingerprint of the host key.
Yes, if the "skipHostKeyValidation" is set to false.
authenticationType
Specify the authentication type.
Allowed values are
Basic
,
SshPublicKey
and
MultiFactor
. For more properties, see the
Use basic authentication
section. For JSON examples, see the
Use SSH public key authentication
section.
connectVia
The
integration runtime
to be used to connect to the data store. To learn more, see the
Prerequisites
section. If the integration runtime isn't specified, the service uses the default Azure Integration Runtime.
Use basic authentication
To use basic authentication, set the
authenticationType
property to
Basic
, and specify the following properties in addition to the SFTP connector generic properties that were introduced in the preceding section:
Property
Description
Required
password
The password for the user (userName). Mark this field as a SecureString to store it securely, or
reference a secret stored in an Azure key vault
.
Example:
"name": "SftpLinkedService",
"properties": {
"type": "Sftp",
"typeProperties": {
"host": "<sftp server>",
"port": 22,
"skipHostKeyValidation": false,
"hostKeyFingerPrint": "ssh-rsa 2048 xx:00:00:00:xx:00:x0:0x:0x:0x:0x:00:00:x0:x0:00",
"authenticationType": "Basic",
"userName": "<username>",
"password": {
"type": "SecureString",
"value": "<password>"
"connectVia": {
"referenceName": "<name of integration runtime>",
"type": "IntegrationRuntimeReference"
Use SSH public key authentication
To use SSH public key authentication, set "authenticationType" property as
SshPublicKey
, and specify the following properties besides the SFTP connector generic ones introduced in the last section:
Property
Description
Required
privateKeyPath
Specify the absolute path to the private key file that the integration runtime can access. This applies only when the self-hosted type of integration runtime is specified in "connectVia."
Specify either
privateKeyPath
or
privateKeyContent
.
privateKeyContent
Base64 encoded SSH private key content. SSH private key should be OpenSSH format. Mark this field as a SecureString to store it securely, or
reference a secret stored in an Azure key vault
.
Specify either
privateKeyPath
or
privateKeyContent
.
passPhrase
Specify the pass phrase or password to decrypt the private key if the key file or the key content is protected by a pass phrase. Mark this field as a SecureString to store it securely, or
reference a secret stored in an Azure key vault
.
Yes, if the private key file or the key content is protected by a pass phrase.
The SFTP connector supports an RSA/DSA OpenSSH key. Make sure that your key file content starts with "-----BEGIN [RSA/DSA] PRIVATE KEY-----". If the private key file is a PPK-format file, use the PuTTY tool to convert from PPK to OpenSSH format.
Example 1: SshPublicKey authentication using private key filePath
"name": "SftpLinkedService",
"properties": {
"type": "Sftp",
"typeProperties": {
"host": "<sftp server>",
"port": 22,
"skipHostKeyValidation": true,
"authenticationType": "SshPublicKey",
"userName": "xxx",
"privateKeyPath": "D:\\privatekey_openssh",
"passPhrase": {
"type": "SecureString",
"value": "<pass phrase>"
"connectVia": {
"referenceName": "<name of integration runtime>",
"type": "IntegrationRuntimeReference"
Example 2: SshPublicKey authentication using private key content
"name": "SftpLinkedService",
"type": "Linkedservices",
"properties": {
"type": "Sftp",
"typeProperties": {
"host": "<sftp server>",
"port": 22,
"skipHostKeyValidation": true,
"authenticationType": "SshPublicKey",
"userName": "<username>",
"privateKeyContent": {
"type": "SecureString",
"value": "<base64 string of the private key content>"
"passPhrase": {
"type": "SecureString",
"value": "<pass phrase>"
"connectVia": {
"referenceName": "<name of integration runtime>",
"type": "IntegrationRuntimeReference"
Use multi-factor authentication
To use multi-factor authentication which is a combination of basic and SSH public key authentications, specify the user name, password and the private key info described in above sections.
Example: multi-factor authentication
"name": "SftpLinkedService",
"properties": {
"type": "Sftp",
"typeProperties": {
"host": "<host>",
"port": 22,
"authenticationType": "MultiFactor",
"userName": "<username>",
"password": {
"type": "SecureString",
"value": "<password>"
"privateKeyContent": {
"type": "SecureString",
"value": "<base64 encoded private key content>"
"passPhrase": {
"type": "SecureString",
"value": "<passphrase for private key>"
"connectVia": {
"referenceName": "<name of integration runtime>",
"type": "IntegrationRuntimeReference"
Dataset properties
For a full list of sections and properties that are available for defining datasets, see the
Datasets
article.
Azure Data Factory supports the following file formats. Refer to each article for format-based settings.
Avro format
Binary format
Delimited text format
Excel format
JSON format
ORC format
Parquet format
XML format
The following properties are supported for SFTP under
location
settings in the format-based dataset:
Property
Description
Required
folderPath
The path to the folder. If you want to use a wildcard to filter the folder, skip this setting and specify the path in activity source settings.
fileName
The file name under the specified folderPath. If you want to use a wildcard to filter files, skip this setting and specify the file name in activity source settings.
Example:
"name": "DelimitedTextDataset",
"properties": {
"type": "DelimitedText",
"linkedServiceName": {
"referenceName": "<SFTP linked service name>",
"type": "LinkedServiceReference"
"schema": [ < physical schema, optional, auto retrieved during authoring > ],
"typeProperties": {
"location": {
"type": "SftpLocation",
"folderPath": "root/folder/subfolder"
"columnDelimiter": ",",
"quoteChar": "\"",
"firstRowAsHeader": true,
"compressionCodec": "gzip"
Copy activity properties
For a full list of sections and properties that are available for defining activities, see the
Pipelines
article. This section provides a list of properties that are supported by the SFTP source.
SFTP as source
Azure Data Factory supports the following file formats. Refer to each article for format-based settings.
Avro format
Binary format
Delimited text format
Excel format
JSON format
ORC format
Parquet format
XML format
The following properties are supported for SFTP under the
storeSettings
settings in the format-based Copy source:
Property
Description
Required
OPTION 2: wildcard
- wildcardFolderPath
The folder path with wildcard characters to filter source folders.
Allowed wildcards are
*
(matches zero or more characters) and
?
(matches zero or a single character); use
^
to escape if your actual folder name has a wildcard or this escape char inside.
For more examples, see
Folder and file filter examples
.
OPTION 2: wildcard
- wildcardFileName
The file name with wildcard characters under the specified folderPath/wildcardFolderPath to filter source files.
Allowed wildcards are
*
(matches zero or more characters) and
?
(matches zero or a single character); use
^
to escape if your actual file name has wildcard or this escape char inside. For more examples, see
Folder and file filter examples
.
OPTION 3: a list of files
- fileListPath
Indicates to copy a specified file set. Point to a text file that includes a list of files you want to copy (one file per line, with the relative path to the path configured in the dataset).
When you use this option, don't specify the file name in the dataset. For more examples, see
File list examples
.
Additional settings
recursive
Indicates whether the data is read recursively from the subfolders or only from the specified folder. When recursive is set to true and the sink is a file-based store, an empty folder or subfolder isn't copied or created at the sink.
Allowed values are
true
(default) and
false
.
This property doesn't apply when you configure
fileListPath
.
deleteFilesAfterCompletion
Indicates whether the binary files will be deleted from source store after successfully moving to the destination store. The file deletion is per file, so when copy activity fails, you will see some files have already been copied to the destination and deleted from source, while others are still remaining on source store.
This property is only valid in binary files copy scenario. The default value: false.
modifiedDatetimeStart
Files are filtered based on the attribute
Last Modified
.
The files are selected if their last modified time is greater than or equal to
modifiedDatetimeStart
and less than
modifiedDatetimeEnd
. The time is applied to the UTC time zone in the format of
2018-12-01T05:00:00Z
.
The properties can be NULL, which means that no file attribute filter is applied to the dataset. When
modifiedDatetimeStart
has a datetime value but
modifiedDatetimeEnd
is NULL, it means that the files whose last modified attribute is greater than or equal to the datetime value are selected. When
modifiedDatetimeEnd
has a datetime value but
modifiedDatetimeStart
is NULL, it means that the files whose last modified attribute is less than the datetime value are selected.
This property doesn't apply when you configure
fileListPath
.
modifiedDatetimeEnd
Same as above.
enablePartitionDiscovery
For files that are partitioned, specify whether to parse the partitions from the file path and add them as additional source columns.
Allowed values are
false
(default) and
true
.
partitionRootPath
When partition discovery is enabled, specify the absolute root path in order to read partitioned folders as data columns.
If it is not specified, by default,
- When you use file path in dataset or list of files on source, partition root path is the path configured in dataset.
- When you use wildcard folder filter, partition root path is the sub-path before the first wildcard.
For example, assuming you configure the path in dataset as "root/folder/year=2020/month=08/day=27":
- If you specify partition root path as "root/folder/year=2020", copy activity will generate two more columns
month
and
day
with value "08" and "27" respectively, in addition to the columns inside the files.
- If partition root path is not specified, no extra column will be generated.
maxConcurrentConnections
The upper limit of concurrent connections established to the data store during the activity run. Specify a value only when you want to limit concurrent connections.
disableChunking
When copying data from SFTP, the service tries to get the file length first, then divide the file into multiple parts and read them in parallel. Specify whether your SFTP server supports getting file length or seeking to read from a certain offset.
Allowed values are
false
(default),
true
.
Example:
"activities":[
"name": "CopyFromSFTP",
"type": "Copy",
"inputs": [
"referenceName": "<Delimited text input dataset name>",
"type": "DatasetReference"
"outputs": [
"referenceName": "<output dataset name>",
"type": "DatasetReference"
"typeProperties": {
"source": {
"type": "DelimitedTextSource",
"formatSettings":{
"type": "DelimitedTextReadSettings",
"skipLineCount": 10
"storeSettings":{
"type": "SftpReadSettings",
"recursive": true,
"wildcardFolderPath": "myfolder*A",
"wildcardFileName": "*.csv",
"disableChunking": false
"sink": {
"type": "<sink type>"
SFTP as a sink
Azure Data Factory supports the following file formats. Refer to each article for format-based settings.
Avro format
Binary format
Delimited text format
JSON format
ORC format
Parquet format
The following properties are supported for SFTP under storeSettings settings in a format-based Copy sink:
Property
Description
Required
copyBehavior
Defines the copy behavior when the source is files from a file-based data store.
Allowed values are:
- PreserveHierarchy (default): Preserves the file hierarchy in the target folder. The relative path of the source file to the source folder is identical to the relative path of the target file to the target folder.
- FlattenHierarchy: All files from the source folder are in the first level of the target folder. The target files have autogenerated names.
- MergeFiles: Merges all files from the source folder to one file. If the file name is specified, the merged file name is the specified name. Otherwise, it's an autogenerated file name.
maxConcurrentConnections
The upper limit of concurrent connections established to the data store during the activity run. Specify a value only when you want to limit concurrent connections.
useTempFileRename
Indicate whether to upload to temporary files and rename them, or directly write to the target folder or file location. By default, the service first writes to temporary files and then renames them when the upload is finished. This sequence helps to (1) avoid conflicts that might result in a corrupted file if you have other processes writing to the same file, and (2) ensure that the original version of the file exists during the transfer. If your SFTP server doesn't support a rename operation, disable this option and make sure that you don't have a concurrent write to the target file. For more information, see the troubleshooting tip at the end of this table.
No. Default value is true.
operationTimeout
The wait time before each write request to SFTP server times out. Default value is 60 min (01:00:00).
If you receive the error "UserErrorSftpPathNotFound," "UserErrorSftpPermissionDenied," or "SftpOperationFail" when you're writing data into SFTP, and the SFTP user you use does have the proper permissions, check to see whether your SFTP server support file rename operation is working. If it isn't, disable the Upload with temp file (useTempFileRename) option and try again. To learn more about this property, see the preceding table. If you use a self-hosted integration runtime for the Copy activity, be sure to use version 4.6 or later.
Example:
"activities":[
"name": "CopyToSFTP",
"type": "Copy",
"inputs": [
"referenceName": "<input dataset name>",
"type": "DatasetReference"
"outputs": [
"referenceName": "<output dataset name>",
"type": "DatasetReference"
"typeProperties": {
"source": {
"type": "<source type>"
"sink": {
"type": "BinarySink",
"storeSettings":{
"type": "SftpWriteSettings",
"copyBehavior": "PreserveHierarchy"
Folder and file filter examples
This section describes the behavior that results from using wildcard filters with folder paths and file names.
folderPath
fileName
recursive
Source folder structure and filter result (files in bold are retrieved)
(empty, use default)
false
FolderA
File1.csv
File2.json
Subfolder1
File3.csv
File4.json
File5.csv
AnotherFolderB
File6.csv
Folder*
(empty, use default)
FolderA
File1.csv
File2.json
Subfolder1
File3.csv
File4.json
File5.csv
AnotherFolderB
File6.csv
Folder*
*.csv
false
FolderA
File1.csv
File2.json
Subfolder1
File3.csv
File4.json
File5.csv
AnotherFolderB
File6.csv
Folder*
*.csv
FolderA
File1.csv
File2.json
Subfolder1
File3.csv
File4.json
File5.csv
AnotherFolderB
File6.csv
File list examples
This table describes the behavior that results from using a file list path in the Copy activity source. It assumes that you have the following source folder structure and want to copy the files that are in bold type:
Sample source structure
Content in FileListToCopy.txt
Azure Data Factory configuration
root
FolderA
File1.csv
File2.json
Subfolder1
File3.csv
File4.json
File5.csv
Metadata
FileListToCopy.txt
File1.csv
Subfolder1/File3.csv
Subfolder1/File5.csv
In the dataset:
- Folder path: root/FolderA
In the Copy activity source:
- File list path: root/Metadata/FileListToCopy.txt
The file list path points to a text file in the same data store that includes a list of files you want to copy (one file per line, with the relative path to the path configured in the dataset).
Mapping data flow properties
When you're transforming data in mapping data flows, you can read and write files from SFTP in the following formats:
Delimited text
Excel
Parquet
Format specific settings are located in the documentation for that format. For more information, see Source transformation in mapping data flow and Sink transformation in mapping data flow.
SSH host key validation is not supported in mapping data flow now.
To access on premise SFTP sever, you need to use Azure Data Factory or Synapse workspace Managed Virtual Network using a private endpoint. Refer to this tutorial for detailed steps.
The below table lists the properties supported by SFTP source. You can edit these properties in the Source options tab. When using inline dataset, you will see additional settings, which are the same as the properties described in dataset properties section.
Description
Required
Allowed values
Data flow script property
Wildcard path
Using a wildcard pattern will instruct ADF to loop through each matching folder and file in a single source transformation. This is an effective way to process multiple files within a single flow.
String[]
wildcardPaths
Partition Root Path
If you have partitioned folders in your file source with a key=value format (for example, year=2019), then you can assign the top level of that partition folder tree to a column name in your data flow data stream.
String
partitionRootPath
Allow no files found
If true, an error is not thrown if no files are found.
true or false
ignoreNoFilesFound
List of files
This is a file set. Create a text file that includes a list of relative path files to process. Point to this text file.
true or false
fileList
Column to store file name
Store the name of the source file in a column in your data. Enter a new column name here to store the file name string.
String
rowUrlColumn
After completion
Choose to do nothing with the source file after the data flow runs, delete the source file, or move the source file. The paths for the move are relative.
Delete: true or false
Move: ['<from>', '<to>']
purgeFiles
moveFiles
Filter by last modified
You can filter which files you process by specifying a date range of when they were last modified. All date-times are in UTC.
Timestamp
modifiedAfter
modifiedBefore
SFTP source script example
When you use SFTP dataset as source type, the associated data flow script is:
source(allowSchemaDrift: true,
validateSchema: false,
ignoreNoFilesFound: true,
purgeFiles: true,
fileList: true,
modifiedAfter: (toTimestamp(1647388800000L)),
modifiedBefore: (toTimestamp(1647561600000L)),
partitionRootPath: 'partdata',
wildcardPaths:['partdata/**/*.csv']) ~> SFTPSource
The below table lists the properties supported by SFTP sink. You can edit these properties in the Settings tab. When using inline dataset, you will see additional settings, which are the same as the properties described in dataset properties section.
Description
Required
Allowed values
Data flow script property
Clear the folder
Determines whether or not the destination folder gets cleared before the data is written.
true or false
truncate
File name option
The naming format of the data written. By default, one file per partition in format part-#####-tid-<guid>.
Pattern: String
Per partition: String[]
Name file as column data: String
Name folder as column data: String
Output to single file: ['<fileName>']
filePattern
partitionFileNames
rowUrlColumn
rowFolderUrlColumn
partitionFileNames
Quote all
Determines whether to enclose all values in quotes.
true or false
quoteAll
SFTP sink script example
When you use SFTP dataset as sink type, the associated data flow script is:
IncomingStream sink(allowSchemaDrift: true,
validateSchema: false,
filePattern:'loans[n].csv',
truncate: true,
skipDuplicateMapInputs: true,
skipDuplicateMapOutputs: true) ~> SFTPSink
Lookup activity properties
For information about Lookup activity properties, see Lookup activity.
For information about GetMetadata activity properties, see GetMetadata activity.
Delete activity properties
For information about Delete activity properties, see Delete activity.
Legacy models
The following models are still supported as is for backward compatibility. We recommend that you use the previously discussed new model, because the authoring UI has switched to generating the new model.
Legacy dataset model
Property
Description
Required
folderPath
The path to the folder. A wildcard filter is supported. Allowed wildcards are * (matches zero or more characters) and ? (matches zero or a single character); use ^ to escape if your actual file name has a wildcard or this escape char inside.
Examples: rootfolder/subfolder/, see more examples in Folder and file filter examples.
fileName
Name or wildcard filter for the files under the specified "folderPath". If you don't specify a value for this property, the dataset points to all files in the folder.
For filter, the allowed wildcards are * (matches zero or more characters) and ? (matches zero or a single character).
- Example 1: "fileName": "*.csv"
- Example 2: "fileName": "???20180427.txt"
Use ^ to escape if your actual folder name has wildcard or this escape char inside.
modifiedDatetimeStart
Files are filtered based on the attribute Last Modified. The files are selected if their last modified time is greater than or equal to modifiedDatetimeStart and less than modifiedDatetimeEnd. The time is applied to UTC time zone in the format of 2018-12-01T05:00:00Z.
The overall performance of data movement will be affected by enabling this setting when you want to do file filter from large numbers of files.
The properties can be NULL, which means that no file attribute filter is applied to the dataset. When modifiedDatetimeStart has a datetime value but modifiedDatetimeEnd is NULL, it means that the files whose last modified attribute is greater than or equal to the datetime value are selected. When modifiedDatetimeEnd has a datetime value but modifiedDatetimeStart is NULL, it means that the files whose last modified attribute is less than the datetime value are selected.
modifiedDatetimeEnd
Files are filtered based on the attribute Last Modified. The files are selected if their last modified time is greater than or equal to modifiedDatetimeStart and less than modifiedDatetimeEnd. The time is applied to UTC time zone in the format of 2018-12-01T05:00:00Z.
The overall performance of data movement will be affected by enabling this setting when you want to do file filter from large numbers of files.
The properties can be NULL, which means that no file attribute filter is applied to the dataset. When modifiedDatetimeStart has a datetime value but modifiedDatetimeEnd is NULL, it means that the files whose last modified attribute is greater than or equal to the datetime value are selected. When modifiedDatetimeEnd has a datetime value but modifiedDatetimeStart is NULL, it means that the files whose last modified attribute is less than the datetime value are selected.
format
If you want to copy files as is between file-based stores (binary copy), skip the format section in both input and output dataset definitions.
If you want to parse files with a specific format, the following file format types are supported: TextFormat, JsonFormat, AvroFormat, OrcFormat, and ParquetFormat. Set the type property under format to one of these values. For more information, see Text format, Json format, Avro format, Orc format, and Parquet format sections.
No (only for binary copy scenario)
compression
Specify the type and level of compression for the data. For more information, see Supported file formats and compression codecs.
Supported types are GZip, Deflate, BZip2, and ZipDeflate.
Supported levels are Optimal and Fastest.
To copy all files under a folder, specify folderPath only.
To copy a single file with a specified name, specify folderPath with the folder part and fileName with the file name.
To copy a subset of files under a folder, specify folderPath with the folder part and fileName with the wildcard filter.
If you were using fileFilter property for the file filter, it is still supported as is, but we recommend that you use the new filter capability added to fileName from now on.
Example:
"name": "SFTPDataset",
"type": "Datasets",
"properties": {
"type": "FileShare",
"linkedServiceName":{
"referenceName": "<SFTP linked service name>",
"type": "LinkedServiceReference"
"typeProperties": {
"folderPath": "folder/subfolder/",
"fileName": "*",
"modifiedDatetimeStart": "2018-12-01T05:00:00Z",
"modifiedDatetimeEnd": "2018-12-01T06:00:00Z",
"format": {
"type": "TextFormat",
"columnDelimiter": ",",
"rowDelimiter": "\n"
"compression": {
"type": "GZip",
"level": "Optimal"
Legacy Copy activity source model
Property
Description
Required
recursive
Indicates whether the data is read recursively from the subfolders or only from the specified folder. When recursive is set to true and the sink is a file-based store, empty folders and subfolders won't be copied or created at the sink.
Allowed values are true (default) and false
maxConcurrentConnections
The upper limit of concurrent connections established to the data store during the activity run. Specify a value only when you want to limit concurrent connections.
Example:
"activities":[
"name": "CopyFromSFTP",
"type": "Copy",
"inputs": [
"referenceName": "<SFTP input dataset name>",
"type": "DatasetReference"
"outputs": [
"referenceName": "<output dataset name>",
"type": "DatasetReference"
"typeProperties": {
"source": {
"type": "FileSystemSource",
"recursive": true
"sink": {
"type": "<sink type>"
Next steps
For a list of data stores that are supported as sources and sinks by the Copy activity, see supported data stores.
