Unknown Actions in Power Automate Day 3: SFTP‑SSH Actions for Secure File Automation

Power Automate’s SFTP‑SSH connector is a powerful tool to automate file operations securely over SSH. Whether you need to upload logs, download reports, archive data, or trigger workflows based on file events, this connector puts essential capabilities at your fingertips. With native support for password and SSH key authentication, chunked transfers, and file system commands, it enables robust enterprise-grade automation. 

In this article, we explore every action offered by the SFTP‑SSH connector, explain how to configure and use them, highlight key features like chunking and authentication modes, and walk through real-world use cases and best practices. By the end, you’ll understand how to leverage the entire action set to build secure, efficient, and reliable automations. 

Understanding the Connector and Key Concepts 

The SFTP‑SSH connector allows communication with a remote SFTP server over a secure SSH channel. The connector supports both simple username/password and SSH key authentication, with preference often given to key-based methods for stronger security. It uses chunked transfers for large files — up to 1 GB — and adaptive chunking lets Power Automate optimize performance around network conditions. Some operations, like listing or renaming files, can't use chunking and are limited to smaller file sizes. 

Behind the scenes, the connector employs the SSH.NET library, enabling reliable SSH functionality. It works across standard Power Automate cloud flows and Azure Logic Apps managed workflows. However, it doesn’t support some managed SFTP servers (e.g., Globalscape or AWS SFTP), and performance can vary depending on the connector’s shared service model. 

Connection Setup: Authentication, Host, Port 

Before you can perform any actions, you need to create a connection in Power Automate: 

• Provide the SFTP server’s hostname or IP, and port (default 22). 
• Choose authentication method: 
• Optionally add passphrase for key if supported; otherwise, unencrypted keys are more reliable. 
• Optionally disable host key validation (use with caution). 

Once saved, test the connection — common failures stem from invalid key format, encrypted keys without passphrase, or network restrictions. Ensure your server allows the key algorithm you use. 

Triggers: Event‑Driven Flows 

When a file is added or modified (properties only) 

This trigger fires when files in the specified folder are created or updated. It only retrieves metadata, not file content. It's designed to handle batch events and emits data as arrays unless “Split On” is disabled — use loops to process each file individually. 

It ignores content updates within the same file if not touched in metadata, so it’s best for new file arrivals rather than changes in existing files. 

When a file is added or modified (properties only) V2 

A newer version with improved reliability and consistency. It behaves like V1 but with better handling of batch events and metadata arrays. You can filter on created vs. modified timestamps. 

These triggers are ideal for event-driven automation: detect new data, initiate processing flows, and follow up with file-handling actions. 

Core File Actions 

List files in folder 

Retrieves a list of files within a specified remote directory. It returns file attributes: Name, Path, Size, and Last Modified timestamps — useful for discovering newly arrived files or enumerating remote content. Since this action doesn’t support chunking, it’s best for control-level operations and directory scans. 

Get file content 

Fetches the binary content of a file via path or file ID using chunking if needed (files up to 1 GB). This is how you pull a file down into your flow to forward it, analyze it, or store it elsewhere. 

Get file content using path 

Same as Get file content, but explicitly uses the remote path string — use whichever fits your logic. Both use chunking with adaptive behavior unless overridden. 

Get file metadata 

Fetches metadata (size, creation date, last modified) using a file object reference or path. Provides context before fetching full content or deciding to act on the file. 

Get file metadata using path 

Identical to the above but based on path. Use this if you only know the path or name and haven’t listed files ahead of time. 

Create file 

Uploads a file from your flow (binary content) into a specified remote path. Supports chunking too — essential for large file uploads without hitting size limits. You define the folder path, file name, and file content variable. 

Update file 

Replaces the content of an existing file. Unlike Create file, which fails if the file exists, Update file targets an existing path. It does not support chunking, so its practical file size limit is around 50 MB. Better for smaller updates. 

Copy file 

Duplicates files from one remote path to another on the same server. Handy for archiving, staging, or reorganizing files. Efficient since it operates server-side without downloading. 

Rename file 

Changes the name or moves a file to a new path. Use this to mark files as processed or apply naming conventions without transferring data. 

Delete file 

Removes a file from the remote system — necessary for clean‑up or post‑processing workflows. Use caution, especially in automated delete scenarios. 

Create folder 

Adds a new directory at the specified path. Use this to structure remote folders before uploads or to prepare archive hierarchies. 

Extract archive to folder 

Unpacks compressed archives (ZIP or TAR) stored remotely into a target folder. Particularly useful for file processing pipelines that receive zipped data. Note this action doesn't support chunking; advisable for smaller archives. 

Special Considerations: Chunking and Transfer Limits 

Chunking is a core feature enabling uploads and downloads of files up to 1 GB. Chunk-supported actions include Create file, Get file content, and Create folder technically irrelevant. By default Power Automate adapts chunk size (5–50 MB) dynamically. You can also override this globally in the connection or specifically per action for predictable transfer sizes. 

Non‑chunked actions have a smaller cap (~50 MB), so plan accordingly when updating or copying files. 

Triggers, however, don’t support chunking and will only detect files ≤ 15 MB. For larger files, combine a properties-only trigger with a subsequent Get file content action to handle chunked transfer. 

Building a Sample Workflow: Process and Archive Sales Reports 

Imagine you receive hourly sales reports as CSVs via SFTP. You need to collect them, import data into a database, archive the files, and notify a team. 

1. Use When a file is added or modified (properties only) to detect new files in /incoming/sales. 
2. Add a Get file metadata using path to fetch size and modified info. 
3. Use Get file content using path to download the CSV (supports chunking). 
4. Parse CSV content and insert rows into your database. 
5. Use Create folder to ensure /archive/sales/yyyy-MM-dd exists. 
6. Use Copy file to move the original into the date‑specific archive folder. 
7. Use Delete file in the original folder to clear the staging area. 
8. Post a message via Teams or send an email notifying the team that files have been processed. 

This flow relies on a mix of chunked and metadata actions, demonstrating real‑world use of the full action set. 

Authentication Best Practices 

• Favor SSH key pairs over passwords. 
• Ensure keys are PEM‑formatted (not PuTTY PPK). 
• If passphrases are required, test that Power Automate prompts for it; otherwise remove the passphrase. 
• Convert private keys using ssh-keygen -m pem as needed. 
• Disable host key validation only if absolutely necessary — this bypasses MITM protection. 
• Maintain separate test environments to verify ciphers are supported, especially on Linux servers using newer key types like Ed25519. 

Handling Edge Cases and Limitations 

• Chunking limits : Plan large transfers with chunk size overrides in high-latency environments. 
• Trigger limits : Larger files won’t trigger auto events; handle with metadata triggers and manual downloads. 
• Connection limits : Shared connector instances may restrict simultaneous sessions — monitor your SFTP server’s connection policies. 
• Unsupported servers : Some managed SFTP servers (like Globalscape, AWS SFTP) aren’t supported. 
• Retries and exceptions : Add retry logic to handle transient network issues or partial transfers. 
• Atomic operations : Use rename patterning to mark files as processing or processed (e.g., add .processing suffix during work, then rename to .done). 

Security and Governance 

• Store credentials and SSH private keys securely using Power Platform environments or Azure Key Vault. 
• Use environment variables for flexible configuration. 
• Enforce Data Loss Prevention (DLP) policies on SFTP connectors. 
• Log each action’s success/failure and record processing metadata. 
• Implement access controls on both SFTP server and Power Platform environment. 

Monitoring and Troubleshooting 

• Enable connector-level file logging in your environment. 
• Review flow runs in Power Automate for failures during chunked transfers. 
• Use Get file metadata to confirm remote file presence and size before downloading. 
• Capture network errors and implement conditional retries. 
• Monitor server logs for SSH key exchange issues or cipher incompatibility. 

When to Use Alternatives 

• For extremely large files (> 1 GB), consider Azure Logic Apps Standard with built-in SFTP connector or use Azure Blob storage as intermediary. 
• For unsupported server types or when connection limits are tight, host your own connector using an Azure VM or self-hosted gateway. 
• If you need advanced parallelism or high throughput, consider Azure Data Factory or custom scripts. 

Final Thoughts 

Power Automate’s SFTP‑SSH connector offers a comprehensive set of actions to securely automate file-based workflows. You can monitor changes, transfer content, archive, rename, extract, and clean up remote files — all within a low-code environment. Key strengths include chunked transfers, flexible authentication, and trigger-based processing. Strategic use of metadata-only triggers, robust error handling, and clear separation of environments empowers resilient and scalable automations. 

By mastering each action — from listing and downloading to copying and deleting — you can build highly effective workflows that integrate with CRMs, databases, notifications systems, and beyond. Secure key management, connection settings, and chunking configuration are essential for reliable performance. 

Whether you're automating daily backups, batch imports, or ad-hoc file processing, understanding the full breadth of the SFTP‑SSH action set will elevate your Power Automate solutions to enterprise-grade security, efficiency, and maintainability. Let this guide be your blueprint to mastering secure file automation. 

Source: Unknown Actions in Power Automate Day 3: SFTP‑SSH Actions for Secure File Automation