Data Transfer is an orchestration component that enables users to transfer files from a chosen source to a chosen target.
This component can use a number of common network protocols to transfer data to a variety of sources and supports transferring files of any type. This component copies, not moves, the target file. Setting up this component requires selecting a source type and a target type. The component’s other properties will change to reflect those choices.
Currently supported data sources include Azure Blob Storage, Box, Dropbox, FTP, Google Cloud Storage, HTTP, HTTPS, Microsoft Exchange, Microsoft SharePoint, S3, SFTP, and Windows Fileshare.
Currently supported targets include Azure Blob Storage, Google Cloud Storage, S3, SFTP, and Windows Fileshare.
To ensure that instance credentials access is managed correctly at all times, we always advise that customers limit scopes (permissions) where applicable.
If the component requires access to a cloud provider (AWS, Azure, or Google Cloud), it will use credentials as follows:
- If using Matillion Full SaaS: The component will use the cloud credentials associated with your environment to access resources.
- If using Hybrid SaaS: By default the component will inherit the agent’s execution role (service account role). However, if there are cloud credentials associated with your environment, these will overwrite the role.
Including credentials in URLs
Some sources and targets require you to configure a Source URL or Target URL to transfer data from or to the specified location. These URLs can contain your source or target username and password, as shown in the examples below, but this requires you to enter your password in plain text.
Instead, we recommend using the Source username, Source password, Target username and Target password properties to provide your credentials, because this allows you to provide your password as a secret definition stored in a secure location.
For example, if your source type is HTTP, we don’t recommend including your username and password in the Source URL, e.g. http://user:password@www.example.com/products/list. Instead, use https://www.example.com/products/list as the source URL, then enter your username, and select a secret definition that represents your connection password.
Properties
A human-readable name for the component.
Connect
Select the data source that contains the files you want to transfer. Use the tabs below to see the properties to configure for each source type.
Azure Blob Storage
Box
Dropbox
FTP
Google Cloud Storage
HTTP
HTTPS
Microsoft Exchange
Microsoft SharePoint
S3
SFTP
Windows Fileshare
The service principal or identity that you use to connect to Azure must have the following permissions:
Storage Account Contributor at storage account level
Storage Blob Data Contributor at storage account or container level
No SAS tokens are required to connect to Azure Blob Storage. For more information, read Azure Blob Storage permissions. Enter the URL that points to the source file you want to transfer.Either use the file explorer to navigate to the file, or enter the URL into the path field at the top of the dialog. This is particularly useful if you want to use variables in the URL. Special characters used in this field must be URL-safe.The URL should be in the following format:Example with variables: Choose your OAuth connection from the drop-down menu.Click Manage to navigate to the OAuth connections list to review and add OAuth connections. Read OAuth to learn how to create an OAuth connection. Enter the ID of the file you want to transfer.
Choose your OAuth connection from the drop-down menu.Click Manage to navigate to the OAuth connections list to review and add OAuth connections. Read OAuth to learn how to create an OAuth connection. Select the type of file you want to transfer: .
Enter the file path of the file you want to transfer.
Only visible if File type is File.Select whether to download the file to transfer as a ZIP file. Default is No.
Only visible if File type is Paper.Select the format you want to download the file to transfer in. Default is HTML.
Enter the URL, including full path and file name, that points to the source file. Special characters used in this field must be URL-safe.We recommend using the Source username and Source password properties to provide credentials. For more information, see Including credentials in URLs.The source URL should be in the following format:Example: Set home directory as root
- Yes: URLs are relative to the user’s home directory.
- No: (Default) URLs are relative to the server root.
Enter your URL connection username for the source. This property is optional—your username will only be used if the data source requests it.
Select the secret definition that represents your credentials for your chosen source.Click Manage to navigate to the Secret definitions list to review and add secret definitions. Read Secrets and secret definitions to learn how to create a secret definition.This property is optional—your password will only be used if the data source requests it. Enter the URL that points to the source file.Either use the file explorer to navigate to the file you want to transfer, or enter the URL into the path field at the top of the dialog. This is particularly useful if you want to use variables in the URL. Special characters used in this field must be URL-safe.The source URL should be in the following format:Example with variables: Enter the URL, including full path and file name, that points to the source file. Special characters used in this field must be URL-safe.We recommend using the Source username and Source password properties to provide credentials. For more information, see Including credentials in URLs.The source URL should be in the following format:Example: Enter your URL connection username for the source. This property is optional—your username will only be used if the data source requests it.
Select the secret definition that represents your credentials for your chosen source.Click Manage to navigate to the Secret definitions list to review and add secret definitions. Read Secrets and secret definitions to learn how to create a secret definition.This property is optional—your password will only be used if the data source requests it. Enter the URL, including full path and file name, that points to the source file. Special characters used in this field must be URL-safe.We recommend using the Source username and Source password properties to provide credentials. For more information, see Including credentials in URLs.The source URL should be in the following format:Example: Perform certificate validation
Select whether to check that the SSL certificate for the host is valid before fetching your file. Default is No.
Enter your URL connection username for the source. This property is optional—your username will only be used if the data source requests it.
Select the secret definition that represents your credentials for your chosen source.Click Manage to navigate to the Secret definitions list to review and add secret definitions. Read Secrets and secret definitions to learn how to create a secret definition.This property is optional—your password will only be used if the data source requests it. Choose your OAuth connection from the drop-down menu.Click Manage to navigate to the OAuth connections list to review and add OAuth connections. Read OAuth to learn how to create an OAuth connection. Select the type of Exchange item to retrieve attachments from:
- Message: Retrieves attachments from an email message.
- Event: Retrieves attachments from a calendar event.
Enter the ID of the Exchange item to retrieve attachments from:
- If
Attachment source is Message, enter a valid email message ID.
- If
Attachment source is Event, enter a valid calendar event ID.
Enter the ID of the attachment to retrieve from the email message or calendar event identified in Source ID.
Microsoft removed NTLM authentication support on January 31, 2026 and Basic authentication support on May 1, 2026 for SharePoint Online. If you’re connecting to SharePoint Online via SOAP, you must switch to REST with Azure AD OAuth immediately. SOAP authentication remains supported for SharePoint On-Premise. For more information, see the CData driver changelog. Select REST to connect to Microsoft SharePoint using the REST API.
Choose your OAuth connection from the drop-down menu.Click Manage to navigate to the OAuth connections list to review and add OAuth connections. Read OAuth to learn how to create an OAuth connection.
- Parameter: A JDBC parameter supported by the database driver. The available parameters are explained in the data model. Manual setup isn’t usually required, since sensible defaults are assumed.
- Value: A value for the given parameter.
To transfer files from subsites, in the Connection Options property, enter URL as a parameter, with your site URL as the value. This must be the full URL, e.g. https://companyname.sharepoint.com/sitename (for classic/root sites) or https://companyname.sharepoint.com/sites/sitename (for modern site collections).
Select the type of file you want to transfer: .
Only visible if File type is Document.Select the SharePoint library that contains the file you want to transfer. The drop-down lists libraries in your SharePoint instance.For more information, read Introduction to libraries. Enter the URL that points to the file you want to transfer. This must be the full DNS name and path for the file, e.g. https://companyname.sharepoint.com/sitename/path/to/file/file.ext or https://companyname.sharepoint.com/sites/sitename/path/to/file/file.ext.
Enter the URL that points to the source file.Either use the file explorer to navigate to the file you want to transfer, or enter the URL into the path field at the top of the dialog. This is particularly useful if you want to use variables in the URL. Special characters used in this field must be URL-safe.The source URL should be in the following format:Example with variables: Enter the URL, including full path and file name, that points to the source file. Special characters used in this field must be URL-safe.We recommend using the Source username and Source password properties to provide credentials. For more information, see Including credentials in URLs.The source URL should be in the following format:Example: Set home directory as root
- Yes: URLs are relative to the user’s home directory.
- No: (Default) URLs are relative to the server root.
Enter your URL connection username for the source. This property is optional—your username will only be used if the data source requests it.
Select the secret definition that represents your credentials for your chosen source.Click Manage to navigate to the Secret definitions list to review and add secret definitions. Read Secrets and secret definitions to learn how to create a secret definition.This property is optional—your password will only be used if the data source requests it. Select the secret definition that represents your SFTP private key.Click Manage to navigate to the Secret definitions list to review and add secret definitions. Read Secrets and secret definitions to learn how to create a secret definition.This property is optional—your SFTP private key will only be used if the data source requests it.Your secret must contain the complete private key, beginning with “-----BEGIN RSA PRIVATE KEY-----” and conforming to the same structure as an RSA private key.Your private key must be in one of the following formats: DSA, RSA, ECDSA, or Ed25519.Your private key must be encrypted using one of the following encryption algorithms: ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, rsa-sha2-512, or rsa-sha2-256.In a Hybrid SaaS configuration, you need to manually convert the private key into a format that allows it to be stored in your AWS Secrets Manager. You can do this with the following command: Specify custom SFTP configurations using key/value pairs. Enter each key/value pair on a new line. These configurations override standard SFTP behavior, enabling greater compatibility with different server security policies. These configurations only apply to the currently selected Data Transfer component. If you have multiple Data Transfer components in your pipeline, you must configure each one individually.For a list of all available keys, read the list of properties here.When using the kex key to define the key exchange algorithms to use, the only supported encryption algorithms are ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, rsa-sha2-512, and rsa-sha2-256.To use variables in this field, type the name of the variable prefixed by the dollar symbol and surrounded by { } brackets, as follows: ${variable}. Once you type ${, a drop-down list of autocompleted suggested variables will appear. This list updates as you type; for example, if you type ${date, functions and variables containing date will be listed. When Source type is Windows Fileshare:
- The Data Transfer component uses the SMB2 protocol exclusively. SMB1 is not supported.
- The Data Transfer component uses TCP port
445 by default if no port is explicitly specified.
- Source credentials (domain, username, and password) are optional. The domain, username, and password must be provided as separate fields—do not use the
domain\username format in the username field.
Enter the URL, including full path and file name, that points to the source file. Special characters used in this field must be URL-safe.We recommend using the Source username and Source password properties to provide credentials. For more information, see Including credentials in URLs.The source URL should be in the following format if possible:This source also accepts other methods such as HTTP and HTTPS.Examples: Enter the domain that the file to transfer is located on.
Enter your URL connection username for the source. This property is optional—your username will only be used if the data source requests it.
Select the secret definition that represents your credentials for your chosen source.Click Manage to navigate to the Secret definitions list to review and add secret definitions. Read Secrets and secret definitions to learn how to create a secret definition.This property is optional—your password will only be used if the data source requests it.
Select Yes if the source data is a ZIP file that you want to unpack before being transferred. Default is No.
Select Yes to gzip the transferred data when it arrives at the target. Default is No.
Enter a name for the new file when it is transferred to your target location.
Destination
Select the target location to transfer your files to. Use the tabs below to see the properties to configure for each target type.
Azure Blob Storage
Google Cloud Storage
S3
SFTP
Windows Fileshare
The service principal or identity that you use to connect to Azure must have the following permissions:
Storage Account Contributor at storage account level
Storage Blob Data Contributor at storage account or container level
No SAS tokens are required to connect to Azure Blob Storage. For more information, read Azure Blob Storage permissions. Enter the URL that points to the location you want to transfer the file to.Either use the file explorer to navigate to the location for the file, or enter the URL into the path field at the top of the dialog. This is particularly useful if you want to use variables in the URL. Special characters used in this field must be URL-safe.The URL should be in the following format:Example with variables: Enter the URL that points to the location to transfer your file to.Either use the file explorer to navigate to the location to transfer the file to, or enter the URL into the path field at the top of the dialog. This is particularly useful if you want to use variables in the URL. Special characters used in this field must be URL-safe.The target URL should be in the following format:Example with variables: Enter the URL that points to the location to transfer your file to.Either use the file explorer to navigate to the location to transfer the file to, or enter the URL into the path field at the top of the dialog. This is particularly useful if you want to use variables in the URL. Special characters used in this field must be URL-safe.The target URL should be in the following format:Example with variables: Access control list options
If required, select ACL settings to apply to the transferred file. If you do not select any ACL settings, any ACL settings you currently have applied will be left unchanged. For more information about the available options, read the Amazon S3 canned ACLs list. Select how to encrypt the transferred file at the location specified in Target URL: Only visible if Encryption is SSE KMS.Select the ID of the KMS encryption key you want to use to encrypt the data.
Enter the URL that points to the folder to transfer your file to. Special characters used in this field must be URL-safe.We recommend using the Target username and Target password properties to provide credentials. For more information, see Including credentials in URLs.If the folders in your target path don’t exist, the Data Transfer component creates them automatically.The target URL should be in the following format:Example: Set home directory as root
- Yes: URLs are relative to the user’s home directory.
- No: (Default) URLs are relative to the server root.
Enter your URL connection username for the target. This property is optional—your username will only be used if the target requests it.
Select the secret definition that represents your credentials for your chosen target.Click Manage to navigate to the Secret definitions list to review and add secret definitions. Read Secrets and secret definitions to learn how to create a secret definition.This property is optional—your password will only be used if the target requests it. Select the secret definition that represents your SFTP private key.Click Manage to navigate to the Secret definitions list to review and add secret definitions. Read Secrets and secret definitions to learn how to create a secret definition.This property is optional—your SFTP private key will only be used if the data source requests it.Your secret must contain the complete private key, beginning with “-----BEGIN RSA PRIVATE KEY-----” and conforming to the same structure as an RSA private key.Your private key must be in one of the following formats: DSA, RSA, ECDSA, or Ed25519.Your private key must be encrypted using one of the following encryption algorithms: ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, rsa-sha2-512, or rsa-sha2-256.In a Hybrid SaaS configuration, you need to manually convert the private key into a format that allows it to be stored in your AWS Secrets Manager. You can do this with the following command: Specify custom SFTP configurations using key/value pairs. Enter each key/value pair on a new line. These configurations override standard SFTP behavior, enabling greater compatibility with different server security policies. These configurations only apply to the currently selected Data Transfer component. If you have multiple Data Transfer components in your pipeline, you must configure each one individually.For a list of all available keys, read the list of properties here.When using the kex key to define the key exchange algorithms to use, the only supported encryption algorithms are ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, rsa-sha2-512, and rsa-sha2-256.To use variables in this field, type the name of the variable prefixed by the dollar symbol and surrounded by { } brackets, as follows: ${variable}. Once you type ${, a drop-down list of autocompleted suggested variables will appear. This list updates as you type; for example, if you type ${date, functions and variables containing date will be listed. When Target type is Windows Fileshare:
- The Data Transfer component uses the SMB2 protocol exclusively. SMB1 is not supported.
- The Data Transfer component uses TCP port
445 by default if no port is explicitly specified.
- A target username is required when authenticating; the target domain and target password remain optional. The domain, username, and password must be provided as separate fields—do not use the
domain\username format in the username field.
Enter the URL that points to the folder to transfer your file to. Special characters used in this field must be URL-safe.We recommend using the Target username and Target password properties to provide credentials. For more information, see Including credentials in URLs.If the folders in your target path don’t exist, the Data Transfer component creates them automatically.The target URL should be in the following format if possible:This target also accepts other methods, such as HTTP and HTTPS. Examples: Enter the domain that you want the transferred file to be located on.
Enter your URL connection username for the target. This property is optional—your username will only be used if the target requests it.
Select the secret definition that represents your credentials for your chosen target.Click Manage to navigate to the Secret definitions list to review and add secret definitions. Read Secrets and secret definitions to learn how to create a secret definition.This property is optional—your password will only be used if the target requests it.