SFTP To Go
Last updated 19 March 2019
Table of Contents
SFTP To Go allows you to add fully managed cloud SFTP storage to your Heroku applications. SFTP is a standard network protocol for secure file access, transfer, and management.
Having a managed SFTP service enables you to exchange data with partners and customers securely in a standard protocol, without purchasing and running your own SFTP servers and storage. SFTP To Go is based on AWS offerings, making it highly scalable and highly available with multi-AZ architecture.
Provisioning the add-on
SFTP To Go can be attached to a Heroku application via the CLI:
A list of all plans available can be found here.
$ heroku addons:create sftptogo
-----> Adding sftptogo to sharp-mountain-4005... done, v18 (free)
After you provision SFTP To Go, the SFTPTOGO_URL config var is available in your app’s configuration. It contains the URL to your provisioned SFTP service, including the root username, password, and host. You can confirm this via the heroku config:get command:
$ heroku config:get SFTPTOGO_URL
sftp://user:pass@server.sftptogo.com
The root user has read/write access to your entire SFTP service.
Once you provision the SFTP To Go add-on, there is nothing to set up. You and your application can immediately access your SFTP service.
Local setup
Environment setup
After you provision the add-on, it’s necessary to locally replicate its config vars so your development environment can operate against the service.
Use the Heroku Local command-line tool to configure, run and manage process types specified in your app’s Procfile. Heroku Local reads configuration variables from a .env file. To view all of your app’s config vars, type heroku config. Use the following command for each value that you want to add to your .env file:
$ heroku config:get SFTPTOGO_URL -s >> .env
Credentials and other sensitive configuration values should not be committed to source-control. In Git exclude the .env file with: echo .env >> .gitignore.
For more information, see the Heroku Local article.
Using with Linux/Mac command line interface
Start an interactive SFTP session using the following command:
$ sftp user@host
You will then be prompted to enter your password.
Some of the simple commands you can use with SFTP:
| Command | Description |
|---|---|
cd path |
change the remote working directory to path. |
ls [path] |
display remote path listing of path, or of current remote directory if path is excluded. |
get [-r] remote-path [local-path] |
retrieve remote-path and store on local machine (at either local-path, or in the current local working directory with the same filename as on the remote server). If the -r flag is specified, then remote-path will be copied recursively. |
put [-r] local-path [remote-path] |
upload local-path and store on remote server. If remote-path is omitted, the file is given the same filename as on your local machine, and is stored in the current remote working directory. If the -r flag is specified, then local-path will be copied recursively. |
bye |
quit sftp session. |
Using with graphical client tools
There are many available SFTP GUI clients, such as Cyberduck, WinSCP, FileZilla, and CloudBerry.
To use Cyberduck with SFTP To Go, copy the value of your SFTPTOGO_URL config var to CyberDuck and click Quick Connect.
Using with Ruby
Ruby applications need to add the following entry into their Gemfile specifying the Net-SFTP client library:
gem 'net-sftp'
Update application dependencies with bundler:
$ bundle install
To download a file:
require 'net/sftp'
require 'uri'
sftptogo_url = ENV['SFTPTOGO_URL']
uri = URI.parse(sftptogo_url)
Net::SFTP.start(uri.host, uri.user, :password => uri.password) do |sftp|
# download a file or directory from the remote host
sftp.download!("/path/to/remote", "/path/to/local")
end
Using with other languages
To use SFTP To Go with other languages, use language-specific SFTP SDKs (e.g., Python, Node.js, Java)
Dashboard
Use The SFTP To Go dashboard to:
- Access your SFTP server’s information (host, user name, and password),
- Rotate your password. This generates a new password and changes the URI in the
SFTPTOGO_URLconfig var. - Get storage and bandwidth metrics to monitor your add-on usage.
- Add/remove/modify credentials (see below).
You can access the dashboard via the CLI:
$ heroku addons:open sftptogo
Opening sftptogo for sharp-mountain-4005
or by visiting the Heroku Dashboard and selecting the application in question. Select SFTP To Go from the Add-ons menu.
Credentials and permissions
You can create more credentials to use within the same add-on instance using the UI:
- Click Add credential
- Optionally choose a nickname for the credential. This only shows in the UI.
- Select the level of permissions for the new user. By default the user has read-only access to her home directory. Read and write gives the user full access to her home directory. Use None to remove all permissions for the user (but keep the user intact).
- Click Add credential. The user will be given a random user name and password.
You may also import public ssh keys to use with the user name instead of password:
- Click Import SSH key.
- Generate a new key pair or copy an existing public key (usually ends with
.pub). You can generate a new key pair usingssh-keygen -t rsaon Linux/Mac or using PuTTYgen on Windows. Make sure you generate a new RSA key. - Paste the public key. Make sure it begins with
ssh-rsa. - Click Import SSH key
Migrating between plans
Application owners should carefully manage the migration timing to ensure proper application function during the migration process.
Use the heroku addons:upgrade command to migrate to a new plan.
$ heroku addons:upgrade sftptogo:newplan
-----> Upgrading sftptogo:[[newplan]] to sharp-mountain-4005... done, v18 ($50/mo)
Your plan has been updated to: sftptogo:newplan
Removing the add-on
You can remove SFTP To Go via the CLI:
This will destroy all associated data and cannot be undone!
$ heroku addons:destroy sftptogo
-----> Removing sftptogo from sharp-mountain-4005... done, v20 (free)
Before removing SFTP To Go, you can download your data using your favorite sftp client.
Support
All SFTP To Go support and runtime issues should be submitted via one of the Heroku Support channels. Any non-support related issues or product feedback is welcome at hello@crazyantlabs.com.