Azure - SFTP-SSH API Connection for LogicApps
To automate tasks that create and manage files on a Secure File Transfer Protocol (SFTP) server using the Secure Shell (SSH) protocol, you can create automated integration workflows by using Azure Logic Apps and the SFTP-SSH connector. SFTP is a network protocol that provides file access, file transfer, and file management over any reliable data stream.
Here are some example tasks you can automate:
- Monitor when files are added or changed.
- Get, create, copy, rename, update, list, and delete files.
- Create folders.
- Get file content and metadata.
- Extract archives to folders.
Recently I started using SFTP-SSH connections in my LogicApps, however we have seen issue while using SFTP-SSH in our logicapps as it doesnt recognise sftp UserID and Password.
This issue is mainly when you generate private keys using PuttyGen (.ppk)or RSA KeyGen.
Scenario1 :
- I have created a new .ppk file using putty keygen, so it will generate a new file something as mentioned below.
2. I have added this key in Keyvault.
3. Lets modify our Template and Parameter file, below are the properties I have added.
Template.json : In template.json file i have added all parameter references.
Parameter.json: I have added SFTP-Privatekey keyvault connection reference URI and SecretKey.
3. Now Lets create our LogicApp with SFTP-SSH Connection using AzureDevOps pipeline.
4. After Deployment Login to Azure Portal → Search for API Connections → search with the name of your API Connection “PrashanthTest”.
Here you can see it shows “Invalid Private Key file”.
5. In order to fix as temporary workaround → you can go to Edit API Connection → Add .ppk file context and Save.
Now you can see it doesnt show Invalid file error.
However the main problem comes when you deploy code using CI/CD in your project and do frequent deployments onto your Live environments, In that case based on Downtime/Outage window you cant do these hacks manually. So how do I fix it permanently.
Scenario2
- First Once you get your .ppk file → open https://www.base64encode.org/ → paste your file content and click on Encode option.
2. Now lets copy the output and add onto our existing Key in AzureKeyVault.
3. Next we need to make changes in our Template.json file → modify line 83 as
“[base64ToString(parameters(‘sftpwithssh_1_sshPrivateKey’))]”,
4. Lets create a new Build and release.
5. On Azure Portal you can see our new API Connection is ready and lets check its overview.
Here you can see now no error unlike previous deployment.
6. Finally lets check our LogicApps to make sure it picks new API Connection and executes the workflow without any error.
Also after our first run trigger we can see job is successful and step1 also returns as Status code 200.
Feel free to post your questions, like it and provide your comments if there are any.