Contact Us 1-800-596-4880

SFTP Transport Reference

Mule Runtime Engine versions 3.5, 3.6, and 3.7 reached End of Life on or before January 25, 2020. For more information, contact your Customer Success Manager to determine how you can migrate to the latest Mule version.

The Secure Shell (SSH) File Transfer Protocol (SFTP) transport allows files to be read and written to and from directories over SFTP. Unlike the Virtual File System (VFS) transport, it can handle large files because it streams message payloads. The SFTP transport can be used as an inbound or an outbound endpoint. Files can be retrieved from an SFTP server and processed as Mule messages, or Mule messages can be uploaded as files to an SFTP server. Mule uses the JCraft library for SFTP SSH.

Notes:

  • Mule 3.7 and newer supports SFTP retries.

  • In code examples in this guide, spring-beans-current.xsd is a placeholder. To locate the correct version, see http://www.springframework.org/schema/beans/  — Mule 3.7 and newer supports Spring 4.1.6.

Transport checkmark icon

Doc

checkmark icon

Inbound

checkmark icon

Outbound

checkmark icon

Request

checkmark icon

Transactions

error icon

Streaming

checkmark icon

Retries

checkmark icon

MEPs

one-way, request-response

Default MEP

one-way

Maven Artifact

org.mule.transports:mule-transport-sftp

SFTP

JavaDoc SchemaDoc

Namespace and Syntax

This section lists namespace, schema, and connector syntax information.

XML Namespace

xmlns:sftp="http://www.mulesoft.org/schema/mule/sftp"

XML Schema Location

http://www.mulesoft.org/schema/mule/sftp http://www.mulesoft.org/schema/mule/sftp/3.7/mule-sftp.xsd

Schema

You can view the full schema for the SFTP transport here.

Connector Syntax

<sftp:connector name="sftp-default" archiveDir="" archiveTempReceivingDir="/tmp/get"
                archiveTempSendingDir="/tmp/send" autoDelete="true"
                duplicateHandling="throwException" fileAge="60000"
                identityFile="/home/test/.ssh/id_rsa" keepFileOnError="false"
                outputPattern="#[message.inboundProperties.originalFilename]" passphrase="passPhrase"
                pollingFrequency="10000" sizeCheckWaitTime="30000"
                tempDirInbound="/tmp/inbound" tempDirOutbound="/tmp/outbound"
                useTempFileTimestampSuffix="true" />

Endpoint Syntax

You can define your endpoints two different ways:

  1. Prefixed endpoint:

    <sftp:inbound-endpoint user="mule" password="test123" path="/tmp/sftp"
                           host="myhost.com"
                           pollingFrequency="500"
                           name="inboundEndpoint1"/>
    <sftp:outbound-endpoint user="mule" password="test123" path="/tmp/sftp"
                            host="myhost.com" name="outboundEndpoint2"
                            keepFileOnError="false"/>
  2. Non-prefixed URI:

<inbound-endpoint address="sftp://mule:test123@myhost.com/tmp/sftp"/>
<outbound-endpoint address="sftp://mule:test123@myhost.com/tmp/sftp"/>

Considerations

You can use the SFTP transport to download from or upload to a secured resource accessible via SFTP. This transport does not currently support transactions policies. Some uses for the SFTP transport are downloading data into a database and picking up files and uploading them via SFTP. You can use this transport to implement the file transfer Enterprise Integration Pattern. As explained in the EIP book, the file transfer pattern allows you to loosely couple two applications together, with delays in processing time. If your integration is time-sensitive, you may want to look at implementing the messaging pattern with the JMS transport which can give you closer to real-time processing.

You need to have the proper permissions for the folder and files that the connector points to. If not, an exception is raised and no more files are processed after the first failed attempt.

Using the SFTP transport allows you to optionally use streaming support for larger files and asynchronous and synchronously chain other endpoints with an SFTP endpoint. It also allows you to use Mule’s robust error handling in your Mule application.

The examples on this page show how to define SFTP inbound and outbound endpoints in your Mule application.

Features

  • Streaming support of resources

  • For inbound endpoints, poll the resource at a specified interval

  • For outbound endpoints, choices on how to handle duplicate files: throw and exception, overwrite, append a sequence number to the file name

Usage

To include the SFTP transport in your configuration:

  1. Define these namespaces:

    <?xml version="1.0" encoding="utf-8"?>
    <mule xmlns="http://www.mulesoft.org/schema/mule/core"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xmlns:sftp="http://www.mulesoft.org/schema/mule/sftp"
          xsi:schemaLocation="
            http://www.mulesoft.org/schema/mule/core
            http://www.mulesoft.org/schema/mule/core/current/mule.xsd
            http://www.mulesoft.org/schema/mule/sftp
            http://www.mulesoft.org/schema/mule/sftp/current/mule-sftp.xsd">
  2. Define a connector:

    <sftp:connector name="sftp-default"/>
  3. Define an inbound and/or outbound endpoint:

    • Use an inbound endpoint if you want new files found on the SFTP site to trigger a Mule flow

    • Use an outbound endpoint if you want to upload files to an SFTP site. These files typically start as Mule messages and are converted to files.

      <sftp:inbound-endpoint
                          name="inboundEndpoint1"
                          connector-ref="sftp"
                          address="sftp://user:password@host/~/data1"/>
      <sftp:outbound-endpoint
                          address="sftp://user:password@host/~/data"
                          outputPattern="#[function:count]-#[function:systime].dat"/>

Rules for Using the Transport

On the connector, you define the connection pool size, and your inbound and outbound temporary directories. The endpoint is where you define the authentication information, polling frequency, file name patterns, etc. See below for the full list of configuration options.

One-way and request-response exchange patterns are supported. If an exchange pattern is not defined, 'one-way' is the default.

This is a polling transport. The inbound endpoint for SFTP uses polling to look for new files. The default is to check every second, but it can be changed via the 'pollingFrequency' attribute on the inbound endpoint.

Streaming is supported by the SFTP transport and is enabled by default. Transactions are not currently supported.

Example Configurations

The following example saves any files found on a remote SFTP server to a local directory. This demonstrates using an SFTP inbound endpoint and a file outbound endpoint.

Important: Before running this example, create an SFTP properties file:

  1. Create the sftp.properties properties file in your Classpath or set your PATH variable to the file’s location. For information on specifying SFTP server access information for a username, password, host, and port, using Anypoint Studio, see SFTP Connector.

  2. Provide these parameters:

    sftp.user=user
    sftp.host=host
    sftp.port=port
    sftp.password=password

    Substitute each value to the right of the equal sign with SFTP access information. For example:

    sftp.user=memyselfandi
    sftp.host=localhost
    sftp.port=8081
    sftp.password=icannottellyou

Example SFTP-to-File Flow

Downloading files from SFTP using a Flow

<mule xmlns="http://www.mulesoft.org/schema/mule/core"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xmlns:sftp="http://www.mulesoft.org/schema/mule/sftp"
      xmlns:file="http://www.mulesoft.org/schema/mule/file"
      xmlns:spring="http://www.springframework.org/schema/beans"
      xsi:schemaLocation="
          http://www.springframework.org/schema/beans
          http://www.springframework.org/schema/beans/spring-beans-current.xsd
          http://www.mulesoft.org/schema/mule/sftp
          http://www.mulesoft.org/schema/mule/sftp/current/mule-sftp.xsd
          http://www.mulesoft.org/schema/mule/file
          http://www.mulesoft.org/schema/mule/file/current/mule-file.xsd
          http://www.mulesoft.org/schema/mule/core
          http://www.mulesoft.org/schema/mule/core/current/mule.xsd">

    <!-- This placeholder bean lets you import the properties from the sftp.properties file. -->
    <spring:bean id="property-placeholder"
      class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
        <spring:property name="location" value="classpath:sftp.properties"/> ❶
    </spring:bean>

    <flow name="sftp2file">
        <sftp:inbound-endpoint host="${sftp.host}" port="${sftp.port}"
        path="/home/test/sftp-files" user="${sftp.user}" password="${sftp.password}"> ❷
                    <file:filename-wildcard-filter pattern="*.txt,*.xml"/> ❸
                </sftp:inbound-endpoint>
        <file:outbound-endpoint path="/tmp/incoming"
        outputPattern="#[message.inboundProperties.originalFilename]"/> ❹
    </flow>
</mule>

A properties file which holds the SFTP server login credentials is defined on ❶. Next a SFTP inbound endpoint is declared on ❷ which checks the /home/test/sftp-files directory for new files every one second by default. ❸ defines a file filter which only sends files ending with .txt or .xml to the outbound endpoint. Any conforming files found on the inbound endpoint are then written to the /tmp/incoming local directory with the same file name it had on the sftp server ❹.

The following example uploads files found in a local directory to an SFTP server. This demonstrates using a file inbound endpoint and an SFTP outbound endpoint.

Uploading files via SFTP using a Flow

<mule xmlns="http://www.mulesoft.org/schema/mule/core"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xmlns:sftp="http://www.mulesoft.org/schema/mule/sftp"
      xmlns:file="http://www.mulesoft.org/schema/mule/file"
      xmlns:spring="http://www.springframework.org/schema/beans"
      xsi:schemaLocation="
          http://www.springframework.org/schema/beans
          http://www.springframework.org/schema/beans/spring-beans-current.xsd
          http://www.mulesoft.org/schema/mule/sftp
          http://www.mulesoft.org/schema/mule/sftp/current/mule-sftp.xsd
          http://www.mulesoft.org/schema/mule/file
          http://www.mulesoft.org/schema/mule/file/current/mule-file.xsd
          http://www.mulesoft.org/schema/mule/core
          http://www.mulesoft.org/schema/mule/core/current/mule.xsd">

    <!-- This placeholder bean lets you import the properties from the sftp.properties file. -->
    <spring:bean id="property-placeholder"
      class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
        <spring:property name="location" value="classpath:sftp.properties"/> ❶
    </spring:bean>

    <flow name="file2sftp">
        <file:inbound-endpoint path="/tmp/outgoing"> ❷
            <file:filename-wildcard-filter pattern="*.txt,*.xml"/> ❸
        </file:inbound-endpoint>
        <sftp:outbound-endpoint host="${sftp.host}" port="${sftp.port}"
        path="/home/test/sftp-files" user="${sftp.user}" password="${sftp.password}"/> ❹
    </flow>
</mule>

A properties file which holds the SFTP server login credentials is defined on ❶. Next a file inbound endpoint is declared on ❷ which checks the /tmp/outgoing directory for new files every one second by default. ❸ defines a file filter which only sends files ending with .txt or .xml to the outbound endpoint. Any conforming files found on the inbound endpoint are then written to the /home/test/sftp-files remote SFTP directory with the same file name it had on the local filesystem ❹.

Exchange Patterns and Features of the Transport

Configuration Reference

Connector

SFTP connectivity.

Attributes of the connector Element

Name Description

preferredAuthenticationMethods

Type: string. Required: no. Comma-separated list of authentication methods used by the SFTP client. Valid values are: gssapi-with-mic, publickey, keyboard-interactive and password.

maxConnectionPoolSize

Type: integer. Required: no. Default: disabled. If the number of active connections is specified, then a connection pool is used with active connections up to this number. Use a negative value for no limit. If the value is zero no connection pool is used.

pollingFrequency

Type: long. Required: no. Default: 1000 ms. The frequency in milliseconds that the read directory should be checked. Note that the read directory is specified by the endpoint of the listening component.

autoDelete

Type: boolean. Required: no. Default: true. Whether to delete the file after successfully reading it.

fileAge

Type: long. Required: no. Default: disabled. minimum age (in ms) for a file to be processed. This can be useful when consuming large files. It tells Mule to wait for a period of time before consuming the file, allowing the file to be completely written before the file is processed. WARNING: The fileAge attribute only works properly if the servers where Mule and the sftp-server runs have synchronized time. Note: See attribute sizeCheckWaitTime for an alternate method of determining if a incoming file is ready for processing.

sizeCheckWaitTime

Type: long. Required: no. Default: disabled. Wait time (in ms) between size-checks to determine if a file is ready to be processed. Disabled if not set or set to a negative value. This feature can be useful to avoid processing not yet completely written files (such as, consuming large files). It tells Mule to do two size checks waiting the specified time between the two size calls. If the two size calls return the same value Mule consider the file ready for processing. Note: See attribute fileAge for an alternate method of determining if a incoming file is ready for processing.

archiveDir

Type: string. Required: no. Default: disabled. Archives a copy of the file in the specified directory on the file system where mule is running. The archive folder must have been created before Mule is started and the user Mule runs under must have privileges to read and write to the folder.

archiveTempReceivingDir

Type: string. Required: no. Default: disabled. If specified then the file to be archived is received in this folder and then moved to the archiveTempSendingDir while sent further on to the outbound endpoint. This folder is created as a subfolder to the archiveDir. Note: Must be specified together with the archiveTempSendingDir and archiveDir attributes.

archiveTempSendingDir

Type: string. Required: no. Default: disabled. If specified then the file to be archived is sent to the outbound endpoint from this folder. This folder is created as a subfolder to the archiveDir. After the file is consumed by the outbound endpoint or the component itself (that is, when the underlying InputStream is closed) it is moved to the archive folder. Note: Must be specified together with the archiveTempReceivingDir and archiveDir attributes.

outputPattern

Type: string. Required: no. Default: the message ID, for example, ee241e68-c619-11de-986b-adeb3d6db038. The pattern to use when writing a file to disk. This can use the patterns supported by the filename-parser configured for this connector. By default the File Transport Reference is used. See this same document section for information on how to override the default parser.

keepFileOnError

Type: boolean. Required: no. Default: true. If true, the file on the inbound-endpoint is not deleted if an error occurs when writing to the outbound-endpoint. Note: This assumes that both the inbound and outbound endpoints are using the SFTP-Transport.

duplicateHandling

Type: duplicateHandlingType. Required: no. Default: throwException. Determines what to do if a file already exist on the outbound endpoint with the specified name. throwException: Throws an exception if a file already exists. overwrite: Overwrites an existing file. addSeqNo: Adds a sequence number to the target filename making the filename unique, starting with 1 and incrementing the number until a unique filename is found The default behavior is to throw an exception.

identityFile

Type: string. Required: no. Default: disabled. An identityFile location for a PKI private key.

passphrase

Type: string. Required: no. Default: disabled. The passphrase (password) for the identityFile if required.

tempDirInbound

Type: string. Required: no. Default: disabled. If specified then Mule tries to create the temp-directory in the endpoint folder if it doesn’t already exist. Ensure that the user Mule is configured to use to access the SFTP server has privileges to create a temp folder if required! For inbound endpoints: A temporary directory on the ftp-server from where the download takes place. The file is moved (locally on the sftp-server) to the tempDir, to mark that a download is taking place, before the download starts. Note: A file in the tempDir of an inbound endpoint is always correct (has only been moved locally on the sftp-server) and can therefore be used to restart a failing file transfer.

tempDirOutbound

Type: string. Required: no. Default: disabled. If specified, then Mule tries to create the temp-directory in the endpoint folder if it doesn’t already exist. Ensure that the user Mule configured to use to access the SFTP server has privileges to create a temp folder if required. For outbound endpoints: A temporary directory on the sftp-server to first upload the file to. When the file is fully uploaded the file is moved to its final destination. The tempDir is created as a sub directory to the endpoint. Note: A file in the tempDir of an outbound endpoint might not be correct (since the upload takes place to this folder) and can therefore NOT be used to restart a failing file transfer.

useTempFileTimestampSuffix

Type: boolean. Required: no. Default: disabled. Used together with the tempDir - attribute to give the files in the tempDir a guaranteed unique name based on the local time when the file was moved to the tempDir.

Child Element of connector

Element: file:abstract-filenameParser
Cardinality: 0..1

Inbound Endpoint

Attributes of the inbound-endpoint Element

Name Description

path

Type: string. Required: no. A file location.

user

Type: string. Required: no. A username.

password

Type: string. Required: no. A password.

host

Type: string. Required: no. An IP address (for example,www.mulesoft.com, localhost, 127.0.0.1).

port

Type: port number. Required: no. A port number.

pollingFrequency

Type: long. Required: no. Default: 1000 ms. The frequency in milliseconds that the read directory should be checked. Note that the read directory is specified by the endpoint of the listening component.

fileAge

Type: long. Required: no. Default: disabled. Age (in ms) for a file to be processed. This can be useful when consuming large files. It tells Mule to wait for a period of time before consuming the file, allowing the file to be completely written before the file is processed. WARNING: The fileAge attribute only works properly if the servers where Mule and the sftp-server runs have synchronized time. Note: See attribute sizeCheckWaitTime for an alternate method of determining if a incoming file is ready for processing.

sizeCheckWaitTime

Type: long. Required: no. Default: disabled. Wait time (in ms) between size-checks to determine if a file is ready to be processed. Disabled if not set or set to a negative value. This feature can be useful to avoid processing not yet completely written files (such as when consuming large files). It tells Mule to do two size checks waiting the specified time between the two size calls. If the two size calls return the same value Mule consider the file ready for processing. Note: See attribute fileAge for an alternate method of determining if a incoming file is ready for processing.

archiveDir

Type: string. Required: no. Default: disabled. Archives a copy of the file in the specified directory on the file system where mule is running. The archive folder must have been created before Mule is started and the user Mule runs under must have privileges to read and write to the folder.

archiveTempReceivingDir

Type: string. Required: no. Default: disabled. If specified then the file to be archived is received in this folder and then moved to the archiveTempSendingDir while sent further on to the outbound endpoint. This folder is created as a subfolder to the archiveDir. NOte: Must be specified together with the archiveTempSendingDir and archiveDir attributes.

archiveTempSendingDir

Type: string. Required: no. Default: disabled. If specified then the file to be archived is sent to the outbound endpoint from this folder. This folder is created as a subfolder to the archiveDir. After the file is consumed by the outbound endpoint or the component itself (that is, when the underlying InputStream is closed) it is moved to the archive folder. Note: Must be specified together with the archiveTempReceivingDir and archiveDir attributes.

identityFile

Type: string. Required: no. Default: disabled. An identityFile location for a PKI private key.

passphrase

Type: string. Required: no. Default: disabled. The passphrase (password) for the identityFile if required.

tempDir

Type: string. Required: no. Default: disabled. If specified then Mule tries to create the temp-directory in the endpoint folder if it doesn’t already exist. Ensure that the user Mule is configured to use to access the sftp server has privileges to create a temp folder if required! For inbound endpoints: A temporary directory on the sftp-server from where the download takes place. The file is moved (locally on the sftp-server) to the tempDir, to mark that a download is taking place, before the download starts. Note: A file in the tempDir of an inbound endpoint is always correct (has only been moved locally on the sftp-server) and can therefore be used to restart a failing file transfer. For outbound endpoints: A temporary directory on the sftp-server to first upload the file to. When the file is fully uploaded the file is moved to its final destination. The tempDir is created as a sub directory to the endpoint. Note: A file in the tempDir of an outbound endpoint might not be correct (since the upload takes place to this folder) and can therefore NOT be used to restart a failing file transfer.

useTempFileTimestampSuffix

Type: boolean. Required: no. Default: disabled. Used together with the tempDir - attribute to give the files in the tempDir a guaranteed unique name based on the local time when the file was moved to the tempDir.

No child elements for inbound-endpoint.

Outbound Endpoint

Attributes of outbound-endpoint

Name Description

path

Type: string. Required: no. A file location.

user

Type: string. Required: no. A username.

password

Type: string. Required: no. A password.

host

Type: string. Required: no. An IP address (for example, www.mulesoft.com, localhost, 127.0.0.1).

port

Type: port number. Required: no. A port number.

outputPattern

Type: string. Required: no. Default: the message ID, for example, ee241e68-c619-11de-986b-adeb3d6db038 The pattern to use when writing a file to disk. This can use the patterns supported by the filename-parser configured for this connector. By default the File Transport Reference is used. See this same document section for information on how to override the default parser.

keepFileOnError

Type: boolean. Required: no. Default: true. If true the file on the inbound-endpoint is not deleted if an error occurs when writing to the outbound-endpoint. Note: This assumes that both the inbound and outbound endpoints are using the SFTP-Transport.

duplicateHandling

Type: duplicateHandlingType. Required: no. Default: throwException. Determines what to do if a file already exist on the outbound endpoint with the specified name. throwException: Throws an exception if a file already exists. overwrite: Overwrites an existing file. addSeqNo: Adds a sequence number to the target filename making the filename unique, starting with 1 and incrementing the number until a unique filename is found The default behavior is to throw an exception.

identityFile

Type: string. Required: no. Default: disabled. An identityFile location for a PKI private key.

passphrase

Type: string. Required: no. Default: disabled. The passphrase (password) for the identityFile if required.

tempDir

Type: string. Required: no. Default: disabled. If specified then Mule tries to create the temp-directory in the endpoint folder if it doesn’t already exist. Ensure that the user Mule is configured to use to access the SFTP server has privileges to create a temp folder if required! For inbound endpoints: A temporary directory on the ftp-server from where the download takes place. The file is moved (locally on the sftp-server) to the tempDir, to mark that a download is taking place, before the download starts. Note: A file in the tempDir of an inbound endpoint is always correct (has only been moved locally on the sftp-server) and can therefore be used to restart a failing file transfer. For outbound endpoints: A temporary directory on the sftp-server to first upload the file to. When the file is fully uploaded the file is moved to its final destination. The tempDir is created as a sub directory to the endpoint. Note: A file in the tempDir of an outbound endpoint might not be correct (since the upload takes place to this folder) and can therefore NOT be used to restart a failing file transfer.

useTempFileTimestampSuffix

Type: boolean. Required: No. Default: disabled. Used together with the tempDir - attribute to give the files in the tempDir a guaranteed unique name based on the local time when the file was moved to the tempDir.

No child elements for outbound-endpoint.

Javadoc API Reference

Maven

This transport is part of the following Maven module:

<dependency>
  <groupId>org.mule.transports</groupId>
  <artifactId>mule-transport-sftp</artifactId>
</dependency>

Best Practices

Place your SFTP login credentials in a file and reference the file in the Mule configuration.