• Add-ons
›
• All Add-ons
›
• SFTP To Go

This add-on is operated by Crazy Ant Labs

Fully Managed SFTP Service with S3 and HTTP file access

SFTP To Go

Last updated 23 January 2020

SFTP To Go allows you to add fully managed cloud SFTP storage to your Heroku applications. SFTP is a standard network protocol for secure file access, transfer, and management.

Having a managed SFTP service enables you to exchange data with partners and customers securely in a standard protocol, without purchasing and running your own SFTP servers and storage. SFTP To Go is based on AWS offerings, making it highly scalable and highly available with multi-AZ architecture.

Provisioning the add-on

SFTP To Go can be attached to a Heroku application via the CLI:

$ heroku addons:create sftptogo
-----> Adding sftptogo to sharp-mountain-4005... done, v18 (free)

After you provision SFTP To Go, the SFTPTOGO_URL config var is available in your app’s configuration. It contains the URL to your provisioned SFTP service, including the root username, password, and host. You can confirm this via the heroku config:get command:

$ heroku config:get SFTPTOGO_URL
sftp://user:pass@server.sftptogo.com

The root user has read/write access to your entire SFTP service.

Once you provision the SFTP To Go add-on, there is nothing to set up. You and your application can immediately access your SFTP service.

Local setup

Environment setup

After you provision the add-on, it’s necessary to locally replicate its config vars so your development environment can operate against the service.

Use the Heroku Local command-line tool to configure, run and manage process types specified in your app’s Procfile. Heroku Local reads configuration variables from a .env file. To view all of your app’s config vars, type heroku config. Use the following command for each value that you want to add to your .env file:

$ heroku config:get SFTPTOGO_URL -s  >> .env

For more information, see the Heroku Local article.

Configuring DNS for custom subdomain

After provisioning the add-on, you can add a DNS record to use your subdomain instead of SFTP To Go’s host name. To do that, copy your add-on host name from the dashboard and add a CNAME record to point to the host name. For example:

Consult your DNS provider’s documentation for specific instructions on creating CNAME records.

Using with Linux/Mac command line interface

Start an interactive SFTP session using the following command:

$ sftp user@host

You will then be prompted to enter your password.

Some of the simple commands you can use with SFTP:

Using with data integration platforms

Modern data integration platforms allow you to easily read data files from SFTP or write files into SFTP to easily integrate data from a variety of sources for further analysis and BI processes.

For example, to connect from Xplenty, a data integration add-on in Heroku, to SFTP To Go, create an SFTP connection in Xplenty. Go to SFTP To Go dashboard, copy the host, user and password, and paste in Xplenty’s new SFTP Connection page according to the steps here.

Using with graphical client tools

There are many available SFTP GUI clients, such as Cyberduck, WinSCP, FileZilla, and CloudBerry.

To use Cyberduck with SFTP To Go, copy the value of your SFTPTOGO_URL config var to CyberDuck and click Quick Connect.

Using with Ruby

Ruby applications need to add the following entry into their Gemfile specifying the Net-SFTP client library:

gem 'net-sftp'

Update application dependencies with bundler:

$ bundle install

To download a file:

require 'net/sftp'
require 'uri'

sftptogo_url = ENV['SFTPTOGO_URL']

uri = URI.parse(sftptogo_url)

Net::SFTP.start(uri.host, uri.user, :password => uri.password) do |sftp|
  # download a file or directory from the remote host
  sftp.download!("/path/to/remote", "/path/to/local")
end

Using with other languages

To use SFTP To Go with other languages, use language-specific SFTP SDKs (e.g., Python, Node.js, Java)

Amazon S3 access

In addition to the SFTP protocol, SFTP To Go allows you to use S3 APIs to access the same data. This allows you to share data with some users or applications using SFTP and with others, using S3, out of the box. When the add-on is provisioned, the following environment variables are added to your app to allow programmatic access using S3 APIs:

• SFTPTOGO_AWS_ACCESS_KEY_ID - IAM access key
• SFTPTOGO_AWS_SECRET_ACCESS_KEY - IAM secret
• SFTPTOGO_AWS_BUCKET - bucket name
• SFTPTOGO_AWS_REGION - AWS region

You can also use the values in these environment variables to access your data using Amazon S3 CLI and UI clients.

Note that the values (especially access key and secret) may change, so please refer to the environment variables.

Dashboard

Use The SFTP To Go dashboard to:

1. Access your SFTP server’s information (host, user name, and password),
2. Rotate your password. This generates a new password and changes the URI in the SFTPTOGO_URL config var.
3. Get storage and bandwidth metrics to monitor your add-on usage.
4. Add/remove/modify credentials (see below).

You can access the dashboard via the CLI:

$ heroku addons:open sftptogo
Opening sftptogo for sharp-mountain-4005

or by visiting the Heroku Dashboard and selecting the application in question. Select SFTP To Go from the Add-ons menu.

Credentials and permissions

You can create more credentials to use within the same add-on instance using the UI:

1. Click Add credential
2. Optionally choose a nickname for the credential. This only shows in the UI.
3. Optionally select a home directory for the credential. By default, each credential has access to its own home directory and nothing else. You can change the credential’s home directory to have multiple credentials access the same directory.
4. Select the level of permissions for the new user. By default the user has read-only access to her home directory. Read and write gives the user full access to her home directory. Use None to remove all permissions for the user (but keep the user intact).
5. Click Add credential. The user will be given a random user name and password.

You may also import public ssh keys to use with the user name instead of password:

1. Click Import SSH key.
2. Generate a new key pair or copy an existing public key (usually ends with .pub). You can generate a new key pair using ssh-keygen -t rsa on Linux/Mac or using PuTTYgen on Windows. Make sure you generate a new RSA key.
3. Paste the public key. Make sure it begins with ssh-rsa.
4. Click Import SSH key

Migrating between plans

Use the heroku addons:upgrade command to migrate to a new plan.

$ heroku addons:upgrade sftptogo:newplan
-----> Upgrading sftptogo:[[newplan]] to sharp-mountain-4005... done, v18 ($50/mo)
       Your plan has been updated to: sftptogo:newplan

Removing the add-on

You can remove SFTP To Go via the CLI:

$ heroku addons:destroy sftptogo
-----> Removing sftptogo from sharp-mountain-4005... done, v20 (free)

Before removing SFTP To Go, you can download your data using your favorite sftp client.

Known issues and remedies

Troubleshooting slow connection time

If you see that opening a connection to SFTP To Go takes a long time, or get connection timeouts in your client, follow these steps to troubleshoot:

1. Try to connect to SFTP To Go from a different network - there may be issues in your local network that are causing these connectivity issues. If it works well on the new network, resolve issues in your network.

2. Try to connect to SFTP To Go from a different computer - it may be your computer and services (e.g. anti-virus apps) on it that are causing these connectivity issues. If it works well on the new computer, resolve issues in your computer.

3. If after running these two tests, you still experience slow connection time or connection timeouts, use the following command pattern on a Mac console to get a client side log with timestamps. Replace URL with your add-on URL (copied from the add-on dashboard):

sftp -v URL 2>&1 | while read line; do echo "`date -u +"%Y-%m-%dT%H:%M:%SZ"` $line"; done

For example:

sftp -v sftp://a9fe70b82zbb94f7160dfcBfcd7@yellow-rectangle-14793.sftptogo.com 2>&1 | while read line; do echo "`date -u +"%Y-%m-%dT%H:%M:%SZ"` $line"; done

Paste your password when prompted to do it, and hit enter/return.

Wait until you see the text Connected to ... .sftptogo.com. and then type quit and hit enter/return.

Copy the client log and send it to us in addition to your computer’s time zone so we can investigate what happened on the servers at the same time.

How to handle FileZilla connection timeout to SFTP To Go

If you use FileZilla to connect to SFTP To Go and keep getting error messages such as Connection timed out after 20 seconds of inactivity, follow these steps to change client side configuration:

• On Windows, click Edit >> Settings
• On Mac, click FileZilla >> Settings
• Under [Connection], increase the value for timeout in seconds to 600 (default is 20 seconds).
• Click [OK] to save you changes and connect again.

Security

• The data you store on SFTP To Go is encrypted in transit and at rest on the server side.
• Our physical infrastructure is hosted on Amazon Web Services’ (AWS) data centers.
• AWS Security Groups (virtual firewalls) are utilized to restrict access to our network from external networks and between systems internally.
• Backend access to the OS level and AWS console is limited to Crazy Ant Labs staff and requires key authentication and multi factor authentication.

Support

All SFTP To Go support and runtime issues should be submitted via one of the Heroku Support channels. Any non-support related issues or product feedback is welcome at hello@crazyantlabs.com.