This add-on is operated by Crazy Ant Labs
Fully Managed SFTP Service with S3 and HTTP file access
SFTP To Go
Last updated 23 January 2020
Table of Contents
- Provisioning the add-on
- Local setup
- Configuring DNS for custom subdomain
- Using with Linux/Mac command line interface
- Using with data integration platforms
- Using with graphical client tools
- Using with Ruby
- Using with other languages
- Amazon S3 access
- Credentials and permissions
- Migrating between plans
- Removing the add-on
- Known issues and remedies
SFTP To Go allows you to add fully managed cloud SFTP storage to your Heroku applications. SFTP is a standard network protocol for secure file access, transfer, and management.
Having a managed SFTP service enables you to exchange data with partners and customers securely in a standard protocol, without purchasing and running your own SFTP servers and storage. SFTP To Go is based on AWS offerings, making it highly scalable and highly available with multi-AZ architecture.
Provisioning the add-on
SFTP To Go can be attached to a Heroku application via the CLI:
A list of all plans available can be found here.
$ heroku addons:create sftptogo -----> Adding sftptogo to sharp-mountain-4005... done, v18 (free)
After you provision SFTP To Go, the
SFTPTOGO_URL config var is available in your app’s configuration. It contains the URL to your provisioned SFTP service, including the root username, password, and host. You can confirm this via the
heroku config:get command:
$ heroku config:get SFTPTOGO_URL sftp://user:email@example.com
The root user has read/write access to your entire SFTP service.
Once you provision the SFTP To Go add-on, there is nothing to set up. You and your application can immediately access your SFTP service.
After you provision the add-on, it’s necessary to locally replicate its config vars so your development environment can operate against the service.
Use the Heroku Local command-line tool to configure, run and manage process types specified in your app’s Procfile. Heroku Local reads configuration variables from a
.env file. To view all of your app’s config vars, type
heroku config. Use the following command for each value that you want to add to your
$ heroku config:get SFTPTOGO_URL -s >> .env
Credentials and other sensitive configuration values should not be committed to source-control. In Git exclude the
.env file with:
echo .env >> .gitignore.
For more information, see the Heroku Local article.
Configuring DNS for custom subdomain
After provisioning the add-on, you can add a DNS record to use your subdomain instead of SFTP To Go’s host name. To do that, copy your add-on host name from the dashboard and add a
CNAME record to point to the host name. For example:
Consult your DNS provider’s documentation for specific instructions on creating
Using with Linux/Mac command line interface
Start an interactive SFTP session using the following command:
$ sftp user@host
You will then be prompted to enter your password.
Some of the simple commands you can use with SFTP:
||change the remote working directory to
||display remote path listing of
||quit sftp session.|
Using with data integration platforms
Modern data integration platforms allow you to easily read data files from SFTP or write files into SFTP to easily integrate data from a variety of sources for further analysis and BI processes.
For example, to connect from Xplenty, a data integration add-on in Heroku, to SFTP To Go, create an SFTP connection in Xplenty. Go to SFTP To Go dashboard, copy the host, user and password, and paste in Xplenty’s new SFTP Connection page according to the steps here.
Using with graphical client tools
There are many available SFTP GUI clients, such as Cyberduck, WinSCP, FileZilla, and CloudBerry.
To use Cyberduck with SFTP To Go, copy the value of your
SFTPTOGO_URL config var to CyberDuck and click Quick Connect.
Using with Ruby
Ruby applications need to add the following entry into their
Gemfile specifying the Net-SFTP client library:
Update application dependencies with bundler:
$ bundle install
To download a file:
require 'net/sftp' require 'uri' sftptogo_url = ENV['SFTPTOGO_URL'] uri = URI.parse(sftptogo_url) Net::SFTP.start(uri.host, uri.user, :password => uri.password) do |sftp| # download a file or directory from the remote host sftp.download!("/path/to/remote", "/path/to/local") end
Using with other languages
Amazon S3 access
S3 access is only available in Gold plan and above
In addition to the SFTP protocol, SFTP To Go allows you to use S3 APIs to access the same data. This allows you to share data with some users or applications using SFTP and with others, using S3, out of the box. When the add-on is provisioned, the following environment variables are added to your app to allow programmatic access using S3 APIs:
SFTPTOGO_AWS_ACCESS_KEY_ID- IAM access key
SFTPTOGO_AWS_SECRET_ACCESS_KEY- IAM secret
SFTPTOGO_AWS_BUCKET- bucket name
SFTPTOGO_AWS_REGION- AWS region
You can also use the values in these environment variables to access your data using Amazon S3 CLI and UI clients.
Note that the values (especially access key and secret) may change, so please refer to the environment variables.
Use The SFTP To Go dashboard to:
- Access your SFTP server’s information (host, user name, and password),
- Rotate your password. This generates a new password and changes the URI in the
- Get storage and bandwidth metrics to monitor your add-on usage.
- Add/remove/modify credentials (see below).
You can access the dashboard via the CLI:
$ heroku addons:open sftptogo Opening sftptogo for sharp-mountain-4005
or by visiting the Heroku Dashboard and selecting the application in question. Select SFTP To Go from the Add-ons menu.
Credentials and permissions
You can create more credentials to use within the same add-on instance using the UI:
- Click Add credential
- Optionally choose a nickname for the credential. This only shows in the UI.
- Optionally select a home directory for the credential. By default, each credential has access to its own home directory and nothing else. You can change the credential’s home directory to have multiple credentials access the same directory.
- Select the level of permissions for the new user. By default the user has read-only access to her home directory. Read and write gives the user full access to her home directory. Use None to remove all permissions for the user (but keep the user intact).
- Click Add credential. The user will be given a random user name and password.
You may also import public ssh keys to use with the user name instead of password:
- Click Import SSH key.
- Generate a new key pair or copy an existing public key (usually ends with
.pub). You can generate a new key pair using
ssh-keygen -t rsaon Linux/Mac or using PuTTYgen on Windows. Make sure you generate a new RSA key.
- Paste the public key. Make sure it begins with
- Click Import SSH key
Migrating between plans
Application owners should carefully manage the migration timing to ensure proper application function during the migration process.
heroku addons:upgrade command to migrate to a new plan.
$ heroku addons:upgrade sftptogo:newplan -----> Upgrading sftptogo:[[newplan]] to sharp-mountain-4005... done, v18 ($50/mo) Your plan has been updated to: sftptogo:newplan
Removing the add-on
You can remove SFTP To Go via the CLI:
This will destroy all associated data and cannot be undone!
$ heroku addons:destroy sftptogo -----> Removing sftptogo from sharp-mountain-4005... done, v20 (free)
Before removing SFTP To Go, you can download your data using your favorite sftp client.
Known issues and remedies
Troubleshooting slow connection time
If you see that opening a connection to SFTP To Go takes a long time, or get connection timeouts in your client, follow these steps to troubleshoot:
Try to connect to SFTP To Go from a different network - there may be issues in your local network that are causing these connectivity issues. If it works well on the new network, resolve issues in your network.
Try to connect to SFTP To Go from a different computer - it may be your computer and services (e.g. anti-virus apps) on it that are causing these connectivity issues. If it works well on the new computer, resolve issues in your computer.
If after running these two tests, you still experience slow connection time or connection timeouts, use the following command pattern on a Mac console to get a client side log with timestamps. Replace
URLwith your add-on URL (copied from the add-on dashboard):
sftp -v URL 2>&1 | while read line; do echo "`date -u +"%Y-%m-%dT%H:%M:%SZ"` $line"; done
sftp -v sftp://a9fe70b82zbb94f7160dfcBfcd7@yellow-rectangle-14793.sftptogo.com 2>&1 | while read line; do echo "`date -u +"%Y-%m-%dT%H:%M:%SZ"` $line"; done
Paste your password when prompted to do it, and hit
Wait until you see the text
Connected to ... .sftptogo.com. and then type
quit and hit
Copy the client log and send it to us in addition to your computer’s time zone so we can investigate what happened on the servers at the same time.
How to handle FileZilla connection timeout to SFTP To Go
If you use FileZilla to connect to SFTP To Go and keep getting error messages such as Connection timed out after 20 seconds of inactivity, follow these steps to change client side configuration:
- On Windows, click Edit >> Settings
- On Mac, click FileZilla >> Settings
- Under [Connection], increase the value for timeout in seconds to 600 (default is 20 seconds).
- Click [OK] to save you changes and connect again.
- The data you store on SFTP To Go is encrypted in transit and at rest on the server side.
- Our physical infrastructure is hosted on Amazon Web Services’ (AWS) data centers.
- AWS Security Groups (virtual firewalls) are utilized to restrict access to our network from external networks and between systems internally.
- Backend access to the OS level and AWS console is limited to Crazy Ant Labs staff and requires key authentication and multi factor authentication.
All SFTP To Go support and runtime issues should be submitted via one of the Heroku Support channels. Any non-support related issues or product feedback is welcome at firstname.lastname@example.org.