SFTP Private Key storage

Hi there!

For anyone using ssh2-sftp library in Workflows, how are you securely storing/using private key? I'm building a lite ETL automation but the destination is an sftp server in amazon and not an s3 bucket.


Hi @jocen! I'm actually not too sure, but happy to look into this for you. Do you have anything currently set up? If so, a screenshot (with any secrets redacted) would be super helpful!

Hi @victoria, I'm in talks with Lauren as well in chat but adding context here.

Here's the basic config that I have (I can't run this as Lauren confirm that the current ssh2 lib is broken). The privateKey option, much like password, is stored in this code block as a static string. Is there a different way for getting keys here from a private source? My concern is that anyone accessing the workflow would be able to read the private key. I am not sure as well what's the best practice for this one with workflows. Thanks!

Just wanted to close the loop here for any lurking friends :eyes: Here's a snippet from the chat with Lauren:

This is unfortunately not currently possible, but it does look like a great use case for a feature currently getting worked on -- Environment Config Vars. I went ahead and tied the project to this thread so that I can let you know when it is shipped :rocket:

The other option would be setting permissions. On Business plans, you can set permissions for Workflows (as well as apps/resources) so that no one can edit the Workflow that you don't want to.

And feel free to continue posting here with any further questions!

Exciting news! We'll be shipping config vars/secrets accessible in code soon :eyes: It's been updated in our end, we just need to wait for some thumbs up and a cloud deploy. Thank you all for your requests here :pray:

1 Like