This browser is no longer supported.

Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.

Download Microsoft Edge More info about Internet Explorer and Microsoft Edge

Try out Data Factory in Microsoft Fabric , an all-in-one analytics solution for enterprises. Microsoft Fabric covers everything from data movement to data science, real-time analytics, business intelligence, and reporting. Learn how to start a new trial for free!

This article outlines how to use Copy Activity to copy data from and to the secure FTP (SFTP) server, and use Data Flow to transform data in SFTP server. To learn more read the introductory article for Azure Data Factory or Azure Synapse Analytics .

Supported capabilities

This SFTP connector is supported for the following capabilities:

Supported capabilities

① Azure integration runtime ② Self-hosted integration runtime

Specifically, the SFTP connector supports:

  • Copying files from and to the SFTP server by using Basic , SSH public key or multi-factor authentication.
  • Copying files as is or by parsing or generating files with the supported file formats and compression codecs .
  • Prerequisites

    If your data store is located inside an on-premises network, an Azure virtual network, or Amazon Virtual Private Cloud, you need to configure a self-hosted integration runtime to connect to it.

    If your data store is a managed cloud data service, you can use the Azure Integration Runtime. If the access is restricted to IPs that are approved in the firewall rules, you can add Azure Integration Runtime IPs to the allow list.

    You can also use the managed virtual network integration runtime feature in Azure Data Factory to access the on-premises network without installing and configuring a self-hosted integration runtime.

    For more information about the network security mechanisms and options supported by Data Factory, see Data access strategies .

    Get started

    To perform the Copy activity with a pipeline, you can use one of the following tools or SDKs:

  • The Copy Data tool
  • The Azure portal
  • The .NET SDK
  • The Python SDK
  • Azure PowerShell
  • The REST API
  • The Azure Resource Manager template
  • Create an SFTP linked service using UI

    Use the following steps to create an SFTP linked service in the Azure portal UI.

  • Browse to the Manage tab in your Azure Data Factory or Synapse workspace and select Linked Services, then click New:

    Azure Data Factory Azure Synapse

    Connector configuration details

    The following sections provide details about properties that are used to define entities specific to SFTP.

    Linked service properties

    The following properties are supported for the SFTP linked service:

    Property Description Required The port on which the SFTP server is listening.
    The allowed value is an integer, and the default value is 22 . skipHostKeyValidation Specify whether to skip host key validation.
    Allowed values are true and false (default). hostKeyFingerprint Specify the fingerprint of the host key. Yes, if the "skipHostKeyValidation" is set to false. authenticationType Specify the authentication type.
    Allowed values are Basic , SshPublicKey and MultiFactor . For more properties, see the Use basic authentication section. For JSON examples, see the Use SSH public key authentication section. connectVia The integration runtime to be used to connect to the data store. To learn more, see the Prerequisites section. If the integration runtime isn't specified, the service uses the default Azure Integration Runtime.

    Use basic authentication

    To use basic authentication, set the authenticationType property to Basic , and specify the following properties in addition to the SFTP connector generic properties that were introduced in the preceding section:

    Property Description Required password The password for the user (userName). Mark this field as a SecureString to store it securely, or reference a secret stored in an Azure key vault .

    Example:

    "name": "SftpLinkedService", "properties": { "type": "Sftp", "typeProperties": { "host": "<sftp server>", "port": 22, "skipHostKeyValidation": false, "hostKeyFingerPrint": "ssh-rsa 2048 xx:00:00:00:xx:00:x0:0x:0x:0x:0x:00:00:x0:x0:00", "authenticationType": "Basic", "userName": "<username>", "password": { "type": "SecureString", "value": "<password>" "connectVia": { "referenceName": "<name of integration runtime>", "type": "IntegrationRuntimeReference"

    Use SSH public key authentication

    To use SSH public key authentication, set "authenticationType" property as SshPublicKey , and specify the following properties besides the SFTP connector generic ones introduced in the last section:

    Property Description Required privateKeyPath Specify the absolute path to the private key file that the integration runtime can access. This applies only when the self-hosted type of integration runtime is specified in "connectVia." Specify either privateKeyPath or privateKeyContent . privateKeyContent Base64 encoded SSH private key content. SSH private key should be OpenSSH format. Mark this field as a SecureString to store it securely, or reference a secret stored in an Azure key vault . Specify either privateKeyPath or privateKeyContent . passPhrase Specify the pass phrase or password to decrypt the private key if the key file or the key content is protected by a pass phrase. Mark this field as a SecureString to store it securely, or reference a secret stored in an Azure key vault . Yes, if the private key file or the key content is protected by a pass phrase.

    The SFTP connector supports an RSA/DSA OpenSSH key. Make sure that your key file content starts with "-----BEGIN [RSA/DSA] PRIVATE KEY-----". If the private key file is a PPK-format file, use the PuTTY tool to convert from PPK to OpenSSH format.

    Example 1: SshPublicKey authentication using private key filePath

    "name": "SftpLinkedService", "properties": { "type": "Sftp", "typeProperties": { "host": "<sftp server>", "port": 22, "skipHostKeyValidation": true, "authenticationType": "SshPublicKey", "userName": "xxx", "privateKeyPath": "D:\\privatekey_openssh", "passPhrase": { "type": "SecureString", "value": "<pass phrase>" "connectVia": { "referenceName": "<name of integration runtime>", "type": "IntegrationRuntimeReference"

    Example 2: SshPublicKey authentication using private key content

    "name": "SftpLinkedService", "type": "Linkedservices", "properties": { "type": "Sftp", "typeProperties": { "host": "<sftp server>", "port": 22, "skipHostKeyValidation": true, "authenticationType": "SshPublicKey", "userName": "<username>", "privateKeyContent": { "type": "SecureString", "value": "<base64 string of the private key content>" "passPhrase": { "type": "SecureString", "value": "<pass phrase>" "connectVia": { "referenceName": "<name of integration runtime>", "type": "IntegrationRuntimeReference"

    Use multi-factor authentication

    To use multi-factor authentication which is a combination of basic and SSH public key authentications, specify the user name, password and the private key info described in above sections.

    Example: multi-factor authentication

    "name": "SftpLinkedService", "properties": { "type": "Sftp", "typeProperties": { "host": "<host>", "port": 22, "authenticationType": "MultiFactor", "userName": "<username>", "password": { "type": "SecureString", "value": "<password>" "privateKeyContent": { "type": "SecureString", "value": "<base64 encoded private key content>" "passPhrase": { "type": "SecureString", "value": "<passphrase for private key>" "connectVia": { "referenceName": "<name of integration runtime>", "type": "IntegrationRuntimeReference"

    Dataset properties

    For a full list of sections and properties that are available for defining datasets, see the Datasets article.

    Azure Data Factory supports the following file formats. Refer to each article for format-based settings.

  • Avro format
  • Binary format
  • Delimited text format
  • Excel format
  • JSON format
  • ORC format
  • Parquet format
  • XML format
  • The following properties are supported for SFTP under location settings in the format-based dataset:

    Property Description Required folderPath The path to the folder. If you want to use a wildcard to filter the folder, skip this setting and specify the path in activity source settings. fileName The file name under the specified folderPath. If you want to use a wildcard to filter files, skip this setting and specify the file name in activity source settings.

    Example:

    "name": "DelimitedTextDataset", "properties": { "type": "DelimitedText", "linkedServiceName": { "referenceName": "<SFTP linked service name>", "type": "LinkedServiceReference" "schema": [ < physical schema, optional, auto retrieved during authoring > ], "typeProperties": { "location": { "type": "SftpLocation", "folderPath": "root/folder/subfolder" "columnDelimiter": ",", "quoteChar": "\"", "firstRowAsHeader": true, "compressionCodec": "gzip"

    Copy activity properties

    For a full list of sections and properties that are available for defining activities, see the Pipelines article. This section provides a list of properties that are supported by the SFTP source.

    SFTP as source

    Azure Data Factory supports the following file formats. Refer to each article for format-based settings.

  • Avro format
  • Binary format
  • Delimited text format
  • Excel format
  • JSON format
  • ORC format
  • Parquet format
  • XML format
  • The following properties are supported for SFTP under the storeSettings settings in the format-based Copy source:

    Property Description Required OPTION 2: wildcard
    - wildcardFolderPath The folder path with wildcard characters to filter source folders.
    Allowed wildcards are * (matches zero or more characters) and ? (matches zero or a single character); use ^ to escape if your actual folder name has a wildcard or this escape char inside.
    For more examples, see Folder and file filter examples . OPTION 2: wildcard
    - wildcardFileName The file name with wildcard characters under the specified folderPath/wildcardFolderPath to filter source files.
    Allowed wildcards are * (matches zero or more characters) and ? (matches zero or a single character); use ^ to escape if your actual file name has wildcard or this escape char inside. For more examples, see Folder and file filter examples . OPTION 3: a list of files
    - fileListPath Indicates to copy a specified file set. Point to a text file that includes a list of files you want to copy (one file per line, with the relative path to the path configured in the dataset).
    When you use this option, don't specify the file name in the dataset. For more examples, see File list examples . Additional settings recursive Indicates whether the data is read recursively from the subfolders or only from the specified folder. When recursive is set to true and the sink is a file-based store, an empty folder or subfolder isn't copied or created at the sink.
    Allowed values are true (default) and false .
    This property doesn't apply when you configure fileListPath . deleteFilesAfterCompletion Indicates whether the binary files will be deleted from source store after successfully moving to the destination store. The file deletion is per file, so when copy activity fails, you will see some files have already been copied to the destination and deleted from source, while others are still remaining on source store.
    This property is only valid in binary files copy scenario. The default value: false. modifiedDatetimeStart Files are filtered based on the attribute Last Modified .
    The files are selected if their last modified time is greater than or equal to modifiedDatetimeStart and less than modifiedDatetimeEnd . The time is applied to the UTC time zone in the format of 2018-12-01T05:00:00Z .
    The properties can be NULL, which means that no file attribute filter is applied to the dataset. When modifiedDatetimeStart has a datetime value but modifiedDatetimeEnd is NULL, it means that the files whose last modified attribute is greater than or equal to the datetime value are selected. When modifiedDatetimeEnd has a datetime value but modifiedDatetimeStart is NULL, it means that the files whose last modified attribute is less than the datetime value are selected.
    This property doesn't apply when you configure fileListPath . modifiedDatetimeEnd Same as above. enablePartitionDiscovery For files that are partitioned, specify whether to parse the partitions from the file path and add them as additional source columns.
    Allowed values are false (default) and true . partitionRootPath When partition discovery is enabled, specify the absolute root path in order to read partitioned folders as data columns.

    If it is not specified, by default,
    - When you use file path in dataset or list of files on source, partition root path is the path configured in dataset.
    - When you use wildcard folder filter, partition root path is the sub-path before the first wildcard.

    For example, assuming you configure the path in dataset as "root/folder/year=2020/month=08/day=27":
    - If you specify partition root path as "root/folder/year=2020", copy activity will generate two more columns month and day with value "08" and "27" respectively, in addition to the columns inside the files.
    - If partition root path is not specified, no extra column will be generated. maxConcurrentConnections The upper limit of concurrent connections established to the data store during the activity run. Specify a value only when you want to limit concurrent connections. disableChunking When copying data from SFTP, the service tries to get the file length first, then divide the file into multiple parts and read them in parallel. Specify whether your SFTP server supports getting file length or seeking to read from a certain offset.
    Allowed values are false (default), true .

    Example:

    "activities":[
            "name": "CopyFromSFTP",
            "type": "Copy",
            "inputs": [
                    "referenceName": "<Delimited text input dataset name>",
                    "type": "DatasetReference"
            "outputs": [
                    "referenceName": "<output dataset name>",
                    "type": "DatasetReference"
            "typeProperties": {
                "source": {
                    "type": "DelimitedTextSource",
                    "formatSettings":{
                        "type": "DelimitedTextReadSettings",
                        "skipLineCount": 10
                    "storeSettings":{
                        "type": "SftpReadSettings",
                        "recursive": true,
                        "wildcardFolderPath": "myfolder*A",
                        "wildcardFileName": "*.csv",
                        "disableChunking": false
                "sink": {
                    "type": "<sink type>"
    

    SFTP as a sink

    Azure Data Factory supports the following file formats. Refer to each article for format-based settings.

  • Avro format
  • Binary format
  • Delimited text format
  • JSON format
  • ORC format
  • Parquet format
  • The following properties are supported for SFTP under storeSettings settings in a format-based Copy sink:

    Property Description Required copyBehavior Defines the copy behavior when the source is files from a file-based data store.

    Allowed values are:
    - PreserveHierarchy (default): Preserves the file hierarchy in the target folder. The relative path of the source file to the source folder is identical to the relative path of the target file to the target folder.
    - FlattenHierarchy: All files from the source folder are in the first level of the target folder. The target files have autogenerated names.
    - MergeFiles: Merges all files from the source folder to one file. If the file name is specified, the merged file name is the specified name. Otherwise, it's an autogenerated file name. maxConcurrentConnections The upper limit of concurrent connections established to the data store during the activity run. Specify a value only when you want to limit concurrent connections. useTempFileRename Indicate whether to upload to temporary files and rename them, or directly write to the target folder or file location. By default, the service first writes to temporary files and then renames them when the upload is finished. This sequence helps to (1) avoid conflicts that might result in a corrupted file if you have other processes writing to the same file, and (2) ensure that the original version of the file exists during the transfer. If your SFTP server doesn't support a rename operation, disable this option and make sure that you don't have a concurrent write to the target file. For more information, see the troubleshooting tip at the end of this table. No. Default value is true. operationTimeout The wait time before each write request to SFTP server times out. Default value is 60 min (01:00:00).

    If you receive the error "UserErrorSftpPathNotFound," "UserErrorSftpPermissionDenied," or "SftpOperationFail" when you're writing data into SFTP, and the SFTP user you use does have the proper permissions, check to see whether your SFTP server support file rename operation is working. If it isn't, disable the Upload with temp file (useTempFileRename) option and try again. To learn more about this property, see the preceding table. If you use a self-hosted integration runtime for the Copy activity, be sure to use version 4.6 or later.

    Example:

    "activities":[
            "name": "CopyToSFTP",
            "type": "Copy",
            "inputs": [
                    "referenceName": "<input dataset name>",
                    "type": "DatasetReference"
            "outputs": [
                    "referenceName": "<output dataset name>",
                    "type": "DatasetReference"
            "typeProperties": {
                "source": {
                    "type": "<source type>"
                "sink": {
                    "type": "BinarySink",
                    "storeSettings":{
                        "type": "SftpWriteSettings",
                        "copyBehavior": "PreserveHierarchy"
    

    Folder and file filter examples

    This section describes the behavior that results from using wildcard filters with folder paths and file names.

    folderPath fileName recursive Source folder structure and filter result (files in bold are retrieved) (empty, use default) false FolderA
        File1.csv
        File2.json
        Subfolder1
            File3.csv
            File4.json
            File5.csv
    AnotherFolderB
        File6.csv Folder* (empty, use default) FolderA
        File1.csv
        File2.json
        Subfolder1
            File3.csv
            File4.json
            File5.csv
    AnotherFolderB
        File6.csv Folder* *.csv false FolderA
        File1.csv
        File2.json
        Subfolder1
            File3.csv
            File4.json
            File5.csv
    AnotherFolderB
        File6.csv Folder* *.csv FolderA
        File1.csv
        File2.json
        Subfolder1
            File3.csv
            File4.json
            File5.csv
    AnotherFolderB
        File6.csv

    File list examples

    This table describes the behavior that results from using a file list path in the Copy activity source. It assumes that you have the following source folder structure and want to copy the files that are in bold type:

    Sample source structure Content in FileListToCopy.txt Azure Data Factory configuration root
        FolderA
            File1.csv
            File2.json
            Subfolder1
                File3.csv
                File4.json
                File5.csv
        Metadata
            FileListToCopy.txt File1.csv
    Subfolder1/File3.csv
    Subfolder1/File5.csv In the dataset:
    - Folder path: root/FolderA

    In the Copy activity source:
    - File list path: root/Metadata/FileListToCopy.txt

    The file list path points to a text file in the same data store that includes a list of files you want to copy (one file per line, with the relative path to the path configured in the dataset).

    Mapping data flow properties

    When you're transforming data in mapping data flows, you can read and write files from SFTP in the following formats:

  • Delimited text
  • Excel
  • Parquet
  • Format specific settings are located in the documentation for that format. For more information, see Source transformation in mapping data flow and Sink transformation in mapping data flow.

    SSH host key validation is not supported in mapping data flow now.

    To access on premise SFTP sever, you need to use Azure Data Factory or Synapse workspace Managed Virtual Network using a private endpoint. Refer to this tutorial for detailed steps.

    Source transformation

    The below table lists the properties supported by SFTP source. You can edit these properties in the Source options tab. When using inline dataset, you will see additional settings, which are the same as the properties described in dataset properties section.

    Description Required Allowed values Data flow script property Wildcard path Using a wildcard pattern will instruct ADF to loop through each matching folder and file in a single source transformation. This is an effective way to process multiple files within a single flow. String[] wildcardPaths Partition Root Path If you have partitioned folders in your file source with a key=value format (for example, year=2019), then you can assign the top level of that partition folder tree to a column name in your data flow data stream. String partitionRootPath Allow no files found If true, an error is not thrown if no files are found. true or false ignoreNoFilesFound List of files This is a file set. Create a text file that includes a list of relative path files to process. Point to this text file. true or false fileList Column to store file name Store the name of the source file in a column in your data. Enter a new column name here to store the file name string. String rowUrlColumn After completion Choose to do nothing with the source file after the data flow runs, delete the source file, or move the source file. The paths for the move are relative. Delete: true or false
    Move: ['<from>', '<to>'] purgeFiles
    moveFiles Filter by last modified You can filter which files you process by specifying a date range of when they were last modified. All date-times are in UTC. Timestamp modifiedAfter
    modifiedBefore

    SFTP source script example

    When you use SFTP dataset as source type, the associated data flow script is:

    source(allowSchemaDrift: true,
    	validateSchema: false,
    	ignoreNoFilesFound: true,
    	purgeFiles: true,
    	fileList: true,
    	modifiedAfter: (toTimestamp(1647388800000L)),
    	modifiedBefore: (toTimestamp(1647561600000L)),
    	partitionRootPath: 'partdata',
    	wildcardPaths:['partdata/**/*.csv']) ~> SFTPSource
    

    Sink transformation

    The below table lists the properties supported by SFTP sink. You can edit these properties in the Settings tab. When using inline dataset, you will see additional settings, which are the same as the properties described in dataset properties section.

    Description Required Allowed values Data flow script property Clear the folder Determines whether or not the destination folder gets cleared before the data is written. true or false truncate File name option The naming format of the data written. By default, one file per partition in format part-#####-tid-<guid>. Pattern: String
    Per partition: String[]
    Name file as column data: String
    Name folder as column data: String
    Output to single file: ['<fileName>'] filePattern
    partitionFileNames
    rowUrlColumn
    rowFolderUrlColumn
    partitionFileNames Quote all Determines whether to enclose all values in quotes. true or false quoteAll

    SFTP sink script example

    When you use SFTP dataset as sink type, the associated data flow script is:

    IncomingStream sink(allowSchemaDrift: true,
    	validateSchema: false,
    	filePattern:'loans[n].csv',
    	truncate: true,
    	skipDuplicateMapInputs: true,
    	skipDuplicateMapOutputs: true) ~> SFTPSink
    

    Lookup activity properties

    For information about Lookup activity properties, see Lookup activity.

    GetMetadata activity properties

    For information about GetMetadata activity properties, see GetMetadata activity.

    Delete activity properties

    For information about Delete activity properties, see Delete activity.

    Legacy models

    The following models are still supported as is for backward compatibility. We recommend that you use the previously discussed new model, because the authoring UI has switched to generating the new model.

    Legacy dataset model

    Property Description Required folderPath The path to the folder. A wildcard filter is supported. Allowed wildcards are * (matches zero or more characters) and ? (matches zero or a single character); use ^ to escape if your actual file name has a wildcard or this escape char inside.

    Examples: rootfolder/subfolder/, see more examples in Folder and file filter examples. fileName Name or wildcard filter for the files under the specified "folderPath". If you don't specify a value for this property, the dataset points to all files in the folder.

    For filter, the allowed wildcards are * (matches zero or more characters) and ? (matches zero or a single character).
    - Example 1: "fileName": "*.csv"
    - Example 2: "fileName": "???20180427.txt"
    Use ^ to escape if your actual folder name has wildcard or this escape char inside. modifiedDatetimeStart Files are filtered based on the attribute Last Modified. The files are selected if their last modified time is greater than or equal to modifiedDatetimeStart and less than modifiedDatetimeEnd. The time is applied to UTC time zone in the format of 2018-12-01T05:00:00Z.

    The overall performance of data movement will be affected by enabling this setting when you want to do file filter from large numbers of files.

    The properties can be NULL, which means that no file attribute filter is applied to the dataset. When modifiedDatetimeStart has a datetime value but modifiedDatetimeEnd is NULL, it means that the files whose last modified attribute is greater than or equal to the datetime value are selected. When modifiedDatetimeEnd has a datetime value but modifiedDatetimeStart is NULL, it means that the files whose last modified attribute is less than the datetime value are selected. modifiedDatetimeEnd Files are filtered based on the attribute Last Modified. The files are selected if their last modified time is greater than or equal to modifiedDatetimeStart and less than modifiedDatetimeEnd. The time is applied to UTC time zone in the format of 2018-12-01T05:00:00Z.

    The overall performance of data movement will be affected by enabling this setting when you want to do file filter from large numbers of files.

    The properties can be NULL, which means that no file attribute filter is applied to the dataset. When modifiedDatetimeStart has a datetime value but modifiedDatetimeEnd is NULL, it means that the files whose last modified attribute is greater than or equal to the datetime value are selected. When modifiedDatetimeEnd has a datetime value but modifiedDatetimeStart is NULL, it means that the files whose last modified attribute is less than the datetime value are selected. format If you want to copy files as is between file-based stores (binary copy), skip the format section in both input and output dataset definitions.

    If you want to parse files with a specific format, the following file format types are supported: TextFormat, JsonFormat, AvroFormat, OrcFormat, and ParquetFormat. Set the type property under format to one of these values. For more information, see Text format, Json format, Avro format, Orc format, and Parquet format sections. No (only for binary copy scenario) compression Specify the type and level of compression for the data. For more information, see Supported file formats and compression codecs.
    Supported types are GZip, Deflate, BZip2, and ZipDeflate.
    Supported levels are Optimal and Fastest.

    To copy all files under a folder, specify folderPath only.
    To copy a single file with a specified name, specify folderPath with the folder part and fileName with the file name.
    To copy a subset of files under a folder, specify folderPath with the folder part and fileName with the wildcard filter.

    If you were using fileFilter property for the file filter, it is still supported as is, but we recommend that you use the new filter capability added to fileName from now on.

    Example:

    "name": "SFTPDataset", "type": "Datasets", "properties": { "type": "FileShare", "linkedServiceName":{ "referenceName": "<SFTP linked service name>", "type": "LinkedServiceReference" "typeProperties": { "folderPath": "folder/subfolder/", "fileName": "*", "modifiedDatetimeStart": "2018-12-01T05:00:00Z", "modifiedDatetimeEnd": "2018-12-01T06:00:00Z", "format": { "type": "TextFormat", "columnDelimiter": ",", "rowDelimiter": "\n" "compression": { "type": "GZip", "level": "Optimal"

    Legacy Copy activity source model

    Property Description Required recursive Indicates whether the data is read recursively from the subfolders or only from the specified folder. When recursive is set to true and the sink is a file-based store, empty folders and subfolders won't be copied or created at the sink.
    Allowed values are true (default) and false maxConcurrentConnections The upper limit of concurrent connections established to the data store during the activity run. Specify a value only when you want to limit concurrent connections.

    Example:

    "activities":[
            "name": "CopyFromSFTP",
            "type": "Copy",
            "inputs": [
                    "referenceName": "<SFTP input dataset name>",
                    "type": "DatasetReference"
            "outputs": [
                    "referenceName": "<output dataset name>",
                    "type": "DatasetReference"
            "typeProperties": {
                "source": {
                    "type": "FileSystemSource",
                    "recursive": true
                "sink": {
                    "type": "<sink type>"
    

    Next steps

    For a list of data stores that are supported as sources and sinks by the Copy activity, see supported data stores.