--- title: "Connect Pigment with an SFTP server" slug: "connect-sftp-server" description: "Learn to connect an SFTP server to Pigment for seamless CSV file imports, ensuring secure access with SSH key authentication and proper file naming conventions." tags: ["Applications ", "blocks", "Importing Exporting Data", "SFTP Integration"] updated: 2026-02-13T14:05:14Z published: 2026-02-13T14:05:14Z --- > ## Documentation Index > Fetch the complete documentation index at: https://kb.pigment.com/llms.txt > Use this file to discover all available pages before exploring further. # Connect Pigment with an SFTP server ![](https://cdn.document360.io/e47cfe35-dc28-40c7-a083-6cf003073d8e/Images/Documentation/image(18).png) This article explains how to connect an SFTP server to Pigment to load CSV files stored on the server into a Pigment Block. ## Overview This process begins with configuring access to an SFTP server. You'll grant access to a user account and generate an SSH key pair to authenticate the SFTP user Pigment uses to connect to the server. On the Pigment side, you'll create a connection by adding the server configuration parameters and the user's private SSH key. Once set up, the SFTP connector allows you to choose between a fixed file or the most recent file. > [!WARNING] > **⚠️****Important** > > You must have read access to an SFTP server containing the data you want to load into Pigment. ## Setting up access ### SFTP Step 1 - Creating an SFTP account Pigment connects to the target server with a user account **identified by an SSH key pair**. For security reasons, we recommend that: - You create a dedicated account for Pigment imports, ensuring it only contains data that Pigment should access. - This account should have read-only access, meaning the data is uploaded to the server by a separate user or system. > ℹ️ **Note** > > The process for creating the account depends on your specific case, including IT policies, the SFTP server implementation, and other factors. > > Please consult your provider or administrator for the specific setup details. ### SFTP Step 2 - Generating an SSH key pair For security reasons, we suggest that you [create an SSH key pair](https://www.ssh.com/academy/ssh/keygen) **specifically dedicated to authenticating this user**, and do not reuse these keys on other server locations. You will need to provide the SSH private key to Pigment in the following steps during the integration setup to allow the user account to authenticate. The SSH public key must be transferred to the server for authentication on that end. We support the following encryptions algorithm and key format: - RSA (OpenSSL PEM and ssh.com format) - DSA (OpenSSL PEM and ssh.com format) - ECDSA 256/384/521 (OpenSSL PEM format) - ED25519 (OpenSSH format) > [!WARNING] > **⚠️ Important** > > - RSA keys in on OpenSSH format are not supported > - Keys must have**No Passphrase** Here an example of how to create an**RSA 4096bits key pair in OpenSSL PEM format**which we support: `ssh-keygen -t rsa -b 4096 -m pem` Alternatively if openSSH format is required, then you can use the ED25519 encryption and generate the keys with this command: `ssh-keygen -t ed25519 -noencrypt` > [!WARNING] > ⚠️ **Important** > > After generating your SSH key pair, copy the public key to your SFTP server and ensure it’s added to the correct user’s ~/.ssh/authorized_keys file. > > Skipping this step will cause authentication to fail. You can use ssh-copy-id to do this easily. For more information, see [Copying the Public Key to the Server](https://www.ssh.com/academy/ssh/keygen#copying-the-public-key-to-the-server). ### SFTP Step 3 - Get the server SSH host key fingerprint To secure the connection and prevent man-in-the-middle attacks, you need to provide Pigment with the SSH host key fingerprint of the target server during the integration configuration. This fingerprint can be obtained on the server side, by using the `ssh-keygen` command. Example: `ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key` It could also be obtained on the client side, by combining `ssh-keyscan` and `ssh-keygen` `ssh-keyscan -p $port $host | ssh-keygen -lf -` The expected format is SHA256-base64. Example: `SHA256:AVf87SpGS622J6Iqv6F79U/y7LMTkSE5N37bRzPw2ek` ## Establishing connection in Pigment To establish a connection in Pigment: 1. In your Workspace, go to **Settings**then select **Integrations.** 2. Select **+ Add** next to the SFTP integration and fill out the form with the information below. You will need to establish a connection for each individual SFTP location. | **Name**: give a name to your connection **Application access**: Select the applications which will be allowed to use this connection **Host name or address**: name, or IP address, of the SFTP server **Port**: the TCP port on which the server listens to SFTP connections **User login**: the username that Pigment will use to connect to the server > [!WARNING] > ⚠️**Important** > > Usernames used for SFTP connections must follow standard UNIX conventions: > > > > - Only use letters (a–z), digits (0–9), underscores (_), or hyphens (-) > - The name must not begin with a digit or a hyphen > - Avoid spaces and special characters **User private key**: Copy and paste here the whole content of your private key file **Server fingerprint**: the fingerprint of the server, in SHA256-base64 format Key creation (Step 3) **Use PGP encryption**: check this box to if you want to Pigment to read PGP encrypted file. | ![](https://cdn.document360.io/e47cfe35-dc28-40c7-a083-6cf003073d8e/Images/Documentation/3f527fe2-52f4-4d65-8346-f32625ac770b.png) | | --- | --- | > ℹ️ **Note** > > **PGP encryption** > > If you activate PGP encryption on the connector, Pigment will generate a PGP encryption key, and all files retrieved through this SFTP connection should be encrypted. > > To retrieve the PGP encryption key, select **Edit Connection** after creating the connection, then copy the PGP public key using the **Copy** icon. ## Use the connection in Pigment After configuring the SFTP connection, open an Application where the connection is available and select **Import Data** in the Block where you want to import data. For example, to import data into a Transactions List: 1. Open the List, select **Import data**, and then choose **Import**. 2. Instead of **Upload File**, select the **Integration** option 3. Choose your SFTP connection. ![](https://cdn.document360.io/e47cfe35-dc28-40c7-a083-6cf003073d8e/Images/Documentation/12a1541d-878c-4362-bd21-f1ccc33eeadb.png) Select the **Import mode**you want. You can choose between **Fixed file** and **Most recent file.** ### Fixed file This import mode will choose one individual file name. Input the file name and location (ex: `folder1/folder2/file.csv`) and select **Import**. The file should load into Pigment within a few seconds. If this configuration is saved, it will only upload this file name. ### Most recent file This import mode allows you to define the path and Pigment will upload the most recent file depending on a defined naming convention that must contain a [ISO-8601](https://en.wikipedia.org/wiki/ISO_8601)-compatible date format. #### File naming convention When naming your files on the SFTP server, your file name must follow a consistent naming convention with the date included. Here are some examples of [ISO-8601](https://en.wikipedia.org/wiki/ISO_8601)-compatible date formats using a file named **rev.csv.** | [ISO-8601](https://en.wikipedia.org/wiki/ISO_8601) compatible date formats | Example of file structure {{date}}-rev.csv naming convention | | --- | --- | | `yyyy-MM-dd` | 2022-09-30-rev.csv | | `yyyy-MM-ddThh:mm:ss` | 2022-09-30T00:00:00-rev.csv | | `yyyy-MM-ddThh:mm:ssZ` | 2022-09-30T00:00:00Z-rev.csv | #### File path format Define the folder path first (for example, `folder1/folder2/`), then insert `{{date}}` in the file name or path. The path is case-sensitive. Plaintext ```plaintext folder1/folder2/prefix{{date}}suffix.csv folder1/prefix{{date}}suffix/file.csv ``` #### Path and result examples **Example 1** **Path:** `folderA/{{date}}-salaries.csv` **Imports:** `/folderA/2025-10-15-salaries.csv` Selects the most recent matching file in `folderA`. **Example 2** **Path:** `folderB/{{date}}-salaries.csv` **Imports:******`/folderB/2025-11-15-salaries.csv` Selects the most recent matching file in `folderB`. **Example 3** **Path:******/{{date}}-salaries.csv **Imports:** No file Folder location is missing. ### IP allowlisting Pigment does not assign a domain name to the IP addresses of outbound NAT gateways in its private infrastructure. The IP addresses of the outbound gateways are: - `35.242.251.111` - `34.145.54.113` - `34.163.209.119` - `35.202.142.12` These are the IPs you need to allowlist if you want to allow incoming SFTP traffic from Pigment’s infrastructure.