Set Up an SFTP Connection

Set up an SFTP connection to import data from disparate, siloed sources. Bring CSV data files from your SFTP server into Data Cloud using SSH to ensure that the data is encrypted in transit.

1. In Data Cloud, go to Data Cloud Setup.

2. Under External Integrations, select Other Connectors.

3. Click New.

4. Select Secure File Transfer (SFTP) and click Next.

5. Enter a connection name, connection API name, and enter the authentication details.

   Field	Description
   Authentication Method	Select SSH Private Key or SSH Private Key & Password.
   Username	The SFTP account used to authenticate the connection.
   Password	The password to authenticate the user.
   SSH Private Key	To secure access, create an SSH key pair consisting of a public key and a private key. The public key is associated with the user on your SFTP server, and the private key is submitted in the SFTP connection.
   Passphrase	Add an optional passphrase to protect your Private Key for additional security.
   Host Name	The SFTP server’s name or address.
   Port: 22 (default)	The port that the SFTP server is running on.
   Parent Directory	The base directory where your data stream subfolders reside, for example, doc/datacloud/sftp/

6. To review your configuration, click Test Connection.

7. Click Save.

After the connection details are accepted, the connection is ready to use and your Data Aware Specialist can create data streams.

If your SFTP server is behind a firewall, see IP addresses for the needed Data Cloud public proxy allowlist entries.

SSH keys consist of a public key and a private key and an optional passphrase. The public key is used on your SFTP server to encrypt the data before sending it to Data Cloud. The private key is entered in your SFTP connection details. Data Cloud uses it to decrypt your data. SSH key-pair generation can be done with multiple SSH key generator utilities. Multiple algorithms are available for key generation and the SFTP connector supports both OpenSSH and RSA up to 4096-bit encryption. For example, the command line entered in a terminal to create the key pair is <ssh-keygen -b 4096 -t rsa>.

You can use Salesforce Data Cloud to process your PGP data encrypted at rest on your SFTP server. PGP uses a key pair consisting of a public key and a private key. You use the public key to encrypt the data so that it’s secure at rest. Then the recipient uses their private key to decrypt the data.

To create the keys, you use a third-party key-generating software and then create a schema file so that Data Cloud can establish the metadata needed to build your data stream and associated data lake object.

1. Create the PGP keys.

   Multiple key generators are available. These suggested commands have been tested.

   1. Use gpg --full-generate-key to create the PGP private and public keys.

   2. Use gpg --output private.asc --armor --export-secret-key <key userid> to extract the private key in armor format.

2. Create a schema file to send metadata to Data Cloud.

   To create the file, you extract rows from an existing file to establish the schema. We recommend copying 1,000 rows, up to 20 MB.

   1. Using a data file that you intend to load into Data Cloud, copy 1,000 rows and save them in a file named schema.csv in the same directory as the data file.

   2. Initiate the PGP encryption process.

   3. During the encryption process, your schema.csv file is replaced with a schema.pgp file.

   4. Add the file to the Parent Directory.