Introduction
Azure Blob Storage now supports the SFTP protocol, making it easier to interact with blobs using standard tools like curl. This blog guides you through performing simple upload, download, delete, and list operations using curl over SFTP with Azure Blob Storage.
Pre-requisites
- Azure Blob Storage with SFTP enabled (Storage Account must have hierarchical namespace enabled)
- Enable SFTP
- Local user created in Azure Storage Account with SSH Key Pair as Authentication method and appropriate container permissions.
- Private key (.pem file) for SFTP authentication.
- Curl tool installed (version 7.55.0+ for SFTP support)
Please note that the following tests are inclined towards Curl on Windows.
The same can be performed with other OS with appropriate format changes.
Authentication Support
When using curl with Azure Blob SFTP, authentication is done via SSH key-based authentication. The user must be associated with a valid public key.
Make sure your .pem file is the private key corresponding to the public key added to the Azure Storage local user.
Note: In this example, we created a local user in the Azure portal and provided SSH key authentication with access to only container1. Since the user is scoped to container1, the curl SFTP connection automatically lands inside that container. That’s why we don’t need to specify container1 in the SFTP URL path.
CURL Version Check
To ensure SFTP is supported, verify your curl version:
curl --versionLook for Protocols: ... sftp in the output.
SFTP Operations using CURL
- Uploading a File to Blob Storage
curl -T <File Path on Local> --key <Key path on local Machine> --user <username>: <SFTP Endpoint>/<file-name>Example:
To view detailed logs of the upload or any operation for debugging purposes, you can enable verbose logging by passing the ‘-v’ option in the command.
- Downloading a File from Blob Storage
curl -o <File Path on Local> --key <Key path on local Machine> --user <username>: <SFTP Endpoint>/<file-name>Example:
- Deleting a File from Blob Storage
To delete a file, use curl's --quote option with the rm command:
curl --quote "rm <Path to a file within a container in the storage account>" --key <Key path on local Machine> --user <username>: <SFTP Endpoint>/Example:
The output showed a list of remaining files/blobs, and text.txt is no longer present.
If your blob is inside a subdirectory like test, and the file is named text.txt, then:
curl --quote "rm <subdirectory within a container in the Storage account>/<file>" --key <Key path on local Machine> --user <username>: <SFTP Endpoint>/
- Listing Files in a Container
curl --list-only –key “<Key path on local Machine>" --user "<username>:" "<SFTP Endpoint>/"Example:
This will return a list of blobs inside container1, because the user is scoped to that container.
Common Errors and Fixes
Error: Upload failed: No such file or directory (2/-31)
Cause: Target directory (container) doesn’t exist or is not included in user permissions.
Example:
Fix: Ensure the container exists and your SFTP user has access to it.
Error: Authentication failed
Cause: Wrong key file or missing user setup.
Example:
Fix: Ensure the .pem file matches the public key added to the local user.
Note: Authentication failures may also be caused by networking restrictions at the account level. For more details, please check Reference links section.
Error: Protocol sftp not supported or disabled in libcurl
Cause: CURL version does not support SFTP.
Fix: Upgrade to curl 7.55.0 or above.
Conclusion
Using CURL with SFTP is a simple and secure way to interact with Azure Blob Storage. With just a few commands, you can upload, download, delete, or list files programmatically.
This makes CURL a powerful tool for DevOps tasks, automation scripts, and integration workflows!
Reference Links
Updated Apr 08, 2025
Version 1.0
Lavani_Katepaga
Microsoft
Microsoft