Azure - SFTP-SSH API Connection for LogicApps

To automate tasks that create and manage files on a Secure File Transfer Protocol (SFTP) server using the Secure Shell (SSH) protocol, you can create automated integration workflows by using Azure Logic Apps and the SFTP-SSH connector. SFTP is a network protocol that provides file access, file transfer, and file management over any reliable data stream.

Here are some example tasks you can automate:

• Monitor when files are added or changed.
• Get, create, copy, rename, update, list, and delete files.
• Create folders.
• Get file content and metadata.
• Extract archives to folders.

Recently I started using SFTP-SSH connections in my LogicApps, however, we have seen issues while using SFTP-SSH in our logic apps as it doesn't recognize sftp UserID and Password.

This issue is mainly when you generate private keys using PuttyGen (.ppk)or RSA KeyGen.

Scenario1 :

1. I have created a new .ppk file using the putty keygen, so it will generate a new file something as mentioned below.

2. I have added this key in Key vault.

3. Let's modify our Template and Parameter file, below are the properties I have added.

Template.json: In the template.json file I have added all parameter references.

Parameter.json: I have added SFTP-Privatekey key vault connection reference URI and SecretKey.

3. Now let's create our LogicApp with SFTP-SSH Connection using AzureDevOps pipeline.

4. After Deployment Login to Azure Portal → Search for API Connections → search with the name of your API Connection “PrashanthTest”.

Here you can see it shows “Invalid Private Key file”.

5. In order to fix a temporary workaround → you can go to Edit API Connection → Add .ppk file context and Save.

Now you can see it doesn't show an Invalid file error.

However the main problem comes when you deploy code using CI/CD in your project and do frequent deployments onto your Live environments, In that case, based on the Downtime/Outage window you cant do these hacks manually. So how do I fix it permanently?

Scenario2

1. First Once you get your .ppk file → open https://www.base64encode.org/ → paste your file content and click on Encode option.

2. Now let's copy the output and add to our existing Key in AzureKeyVault.

3. Next we need to make changes in our Template.json file → modify line 83 as

“[base64ToString(parameters(‘sftpwithssh_1_sshPrivateKey’))]”,

 

4. Let's create a new Build and release.

5. On Azure Portal you can see our new API Connection is ready and let's check its overview.

Here you can see now no error, unlike the previous deployment.

6. Finally let's check our LogicApps to make sure it picks a new API Connection and executes the workflow without any error.

Also after our first run trigger, we can see the job is successful and step1 also returns as Status code 200.

Feel free to post your questions, like them, and provide your comments if there are any.