Getting Started

Features

Integrations

Reference

DriftOps polls an SFTP or FTP server on a schedule. New files matching your pattern are downloaded, compared against the linked contract, and drift events are created for any differences.

Prerequisites

  • An SFTP or FTP server reachable from the internet
  • A user account with read access to the directory you want to monitor
  • For SFTP: password authentication or an SSH private key in PEM format

SFTP setup

  1. Go to Cloud Connections and click New Connection.
  2. Select SFTP as the provider.
  3. Fill in the form:
    • Name: a label for this connection
    • Host: hostname or IP of the SFTP server
    • Port: default is 22
    • Username: the SFTP user
    • Password or Private Key: see Authentication options
    • Bucket Name: the remote directory path to watch (e.g. /data/incoming)
    • Prefix (optional): subdirectory under the bucket path
    • File Pattern: glob pattern, e.g. *.json or *.edi
    • Contract: the contract to compare against
    • Poll Interval: how often to check (minutes, default 60)
  4. Click Save.

Credentials are encrypted before storage. They are never returned by the API.

FTP setup

Same as SFTP but select FTP as the provider. FTP connections use:

  • Host: hostname or IP
  • Port: default is 21
  • Username and Password
  • Use TLS: enable FTPS (FTP over TLS). Recommended if your server supports it.

Note: plain FTP transmits credentials in the clear over the network. Use FTPS or SFTP instead when possible.

Authentication options

Password authentication: Provide the account password. Straightforward but the credentials must be rotated if the password changes.

SSH key authentication (SFTP only): Provide the private key in PEM format. The key should start with -----BEGIN RSA PRIVATE KEY----- or -----BEGIN OPENSSH PRIVATE KEY-----. Paste the full key including the header and footer lines.

Ensure the corresponding public key is in the ~/.ssh/authorized_keys file for the user on the remote server.

Key authentication is preferred because it does not transmit a password over the network, even over TLS.

Configuration options

bucket_name

Base remote directory path to watch.

Required
prefix

Subdirectory within the base path.

Default: none
file_pattern

Glob pattern matched against file names.

Default: *.json
poll_interval_minutes

How often to check for new files.

Default: 60

Troubleshooting

Connection refused

  • Verify the host and port are correct.
  • Check that the server is reachable from the internet. If it is behind a firewall or VPN, DriftOps cannot reach it.
  • For SFTP, confirm port 22 is open (or whatever custom port the server uses).

Authentication failed

  • For password auth: verify the username and password are correct.
  • For key auth: paste the complete PEM key. Missing the header or footer lines will cause the key to be rejected.
  • Confirm the public key is in authorized_keys on the server and that the permissions on ~/.ssh are correct (700 for the directory, 600 for authorized_keys).

No files processed

  • The file pattern is matched against file names only, not full paths. *.json will match any .json file in the watched directory.
  • Verify the base directory path is absolute (starts with /).
  • Check that the account has read permission on the directory and the files within it.

Credential rotation When credentials expire or are rotated, edit the connection and enter the new credentials. DriftOps records when credentials were last updated and can display a warning when they are approaching a configured expiry date.

Something wrong? Email sales@driftops.io