> ## Documentation Index
> Fetch the complete documentation index at: https://docs.maia.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Data Transfer

export const filetypes_1 = "Attachment or Document"

export const filetypes_0 = "File or Paper"

export const ComponentMetadata = ({warehouses, unsupportedWarehouses = [], componentType, connectionInputs, connectionOutputs}) => {
  const allWarehouses = [...warehouses.map(w => ({
    name: w,
    supported: true
  })), ...unsupportedWarehouses.map(w => ({
    name: w,
    supported: false
  }))];
  return <div style={{
    background: 'var(--colors-background-light, #f9fafb)',
    border: '1px solid var(--colors-border-default, #e5e7eb)',
    borderRadius: '12px',
    padding: '20px 28px',
    marginBottom: '28px',
    boxShadow: '0 1px 4px rgba(0,0,0,0.10)'
  }}>
      <table style={{
    width: '100%',
    borderCollapse: 'collapse'
  }}>
        <tbody>
          <tr>
            <td style={{
    fontWeight: '600',
    paddingRight: '32px',
    paddingBottom: '14px',
    whiteSpace: 'nowrap',
    verticalAlign: 'middle',
    width: '180px'
  }}>Project Availability</td>
            <td style={{
    paddingBottom: '14px',
    verticalAlign: 'middle'
  }}>
              <div style={{
    display: 'flex',
    flexWrap: 'wrap',
    gap: '8px'
  }}>
                {allWarehouses.map((w, i) => <span key={i} style={{
    background: w.supported ? '#dcfce7' : '#fee2e2',
    color: w.supported ? '#15803d' : '#b91c1c',
    border: `1px solid ${w.supported ? '#bbf7d0' : '#fca5a5'}`,
    borderRadius: '9999px',
    padding: '3px 12px',
    fontSize: '0.85rem',
    fontWeight: '500',
    whiteSpace: 'nowrap'
  }}>
                    {w.name} {w.supported ? '✅' : '❌'}
                  </span>)}
              </div>
            </td>
          </tr>
          <tr>
            <td style={{
    fontWeight: '600',
    paddingRight: '32px',
    paddingBottom: '14px',
    whiteSpace: 'nowrap',
    verticalAlign: 'middle'
  }}>Component Type</td>
            <td style={{
    paddingBottom: '14px',
    verticalAlign: 'middle'
  }}>{componentType}</td>
          </tr>
          <tr>
            <td style={{
    fontWeight: '600',
    paddingRight: '32px',
    paddingBottom: '14px',
    whiteSpace: 'nowrap',
    verticalAlign: 'middle'
  }}>Connection Inputs</td>
            <td style={{
    paddingBottom: '14px',
    verticalAlign: 'middle'
  }}>{connectionInputs}</td>
          </tr>
          <tr>
            <td style={{
    fontWeight: '600',
    paddingRight: '32px',
    whiteSpace: 'nowrap',
    verticalAlign: 'middle'
  }}>Connection Outputs</td>
            <td style={{
    verticalAlign: 'middle'
  }}>{connectionOutputs}</td>
          </tr>
        </tbody>
      </table>
    </div>;
};

<ComponentMetadata warehouses={["Snowflake", "Databricks", "Amazon Redshift", "Google BigQuery"]} componentType="Connector, Orchestration" connectionInputs="One" connectionOutputs="Unlimited" />

Data Transfer is an orchestration component that enables users to transfer files from a chosen source to a chosen target.

This component can use a number of common network protocols to transfer data to a variety of sources and supports transferring files of any type. This component copies, not moves, the target file. Setting up this component requires selecting a source type and a target type. The component's other properties will change to reflect those choices.

Currently supported data sources include Azure Blob Storage, Box, Dropbox, FTP, Google Cloud Storage, HTTP, HTTPS, Microsoft Exchange, Microsoft SharePoint, S3, SFTP, and Windows Fileshare.

Currently supported targets include Azure Blob Storage, Google Cloud Storage, S3, SFTP, and Windows Fileshare.

<Note>
  To ensure that instance credentials access is managed correctly at all times, we always advise that customers limit scopes (permissions) where applicable.
</Note>

If the component requires access to a cloud provider (AWS, Azure, or Google Cloud), it will use credentials as follows:

* If using [Matillion Full SaaS](/docs/guides/runner-overview#matillion-full-saas): The component will use the [cloud credentials](/docs/guides/cloud-credentials) associated with your environment to access resources.
* If using [Hybrid SaaS](/docs/guides/runner-overview#hybrid-saas): By default the component will inherit the agent's execution role (service account role). However, if there are [cloud credentials](/docs/guides/cloud-credentials) associated with your environment, these will overwrite the role.

### Including credentials in URLs

Some sources and targets require you to configure a `Source URL` or `Target URL` to transfer data from or to the specified location. These URLs *can* contain your source or target username and password, as shown in the examples below, but this requires you to enter your password in plain text.

Instead, we recommend using the `Source username`, `Source password`, `Target username` and `Target password` properties to provide your credentials, because this allows you to provide your password as a [secret definition](/docs/guides/secrets-and-secret-definitions) stored in a secure location.

For example, if your source type is **HTTP**, we don't recommend including your username and password in the `Source URL`, e.g. `http://user:password@www.example.com/products/list`. Instead, use `https://www.example.com/products/list` as the source URL, then enter your username, and select a secret definition that represents your connection password.

***

## Properties

<ResponseField name="Name" type="string" required>
  A human-readable name for the component.
</ResponseField>

### Connect

<ResponseField name="Source type" type="drop-down" required>
  Select the data source that contains the files you want to transfer. Use the tabs below to see the properties to configure for each source type.
</ResponseField>

<Tabs>
  <Tab title="Azure Blob Storage">
    <Note>
      The service principal or identity that you use to connect to Azure must have the following permissions:

      * `Storage Account Contributor` at storage account level
      * `Storage Blob Data Contributor` at storage account or container level

      No SAS tokens are required to connect to Azure Blob Storage. For more information, read [Azure Blob Storage permissions](/docs/security/third-party-roles-and-permissions#azure-blob-storage).
    </Note>

    {/* <!-- param-start:[blobLocation1] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

    <ResponseField name="Blob location" type="file explorer" required>
      Enter the URL that points to the source file you want to transfer.

      Either use the file explorer to navigate to the file, or enter the URL into the path field at the top of the dialog. This is particularly useful if you want to use variables in the URL. Special characters used in this field must be URL-safe.

      The URL should be in the following format:

      ```
      AZURE://<account>/<container>/<path>
      ```

      Example with variables:

      ```
      AZURE://${jv_blobStorageAccount}/${jv_containerName}
      ```
    </ResponseField>

    {/* <!-- param-end:[blobLocation1] --> */}
  </Tab>

  <Tab title="Box">
    {/* <!-- param-start:[authentication] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

    <ResponseField name="Authentication" type="drop-down" required>
      Choose your OAuth connection from the drop-down menu.

      Click **Manage** to navigate to the **OAuth connections** list to review and add OAuth connections. Read [OAuth](/docs/guides/oauth) to learn how to create an OAuth connection.
    </ResponseField>

    {/* <!-- param-end:[authentication] --> */}

    <ResponseField name="File ID" type="string" required>
      Enter the ID of the file you want to transfer.
    </ResponseField>
  </Tab>

  <Tab title="Dropbox">
    {/* <!-- param-start:[authentication] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

    <ResponseField name="Authentication" type="drop-down" required>
      Choose your OAuth connection from the drop-down menu.

      Click **Manage** to navigate to the **OAuth connections** list to review and add OAuth connections. Read [OAuth](/docs/guides/oauth) to learn how to create an OAuth connection.
    </ResponseField>

    {/* <!-- param-end:[authentication] --> */}

    {/* <!-- param-start:[fileType] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

    <ResponseField name="File type" type="drop-down" required>
      Select the type of file you want to transfer: {filetypes_0}.
    </ResponseField>

    {/* <!-- param-end:[fileType] --> */}

    <ResponseField name="Path" type="string" required>
      Enter the file path of the file you want to transfer.
    </ResponseField>

    <ResponseField name="Download as ZIP" type="boolean" required>
      Only visible if `File type` is **File**.

      Select whether to download the file to transfer as a ZIP file. Default is **No**.
    </ResponseField>

    <ResponseField name="Download format" type="drop-down" required>
      Only visible if `File type` is **Paper**.

      Select the format you want to download the file to transfer in. Default is **HTML**.
    </ResponseField>
  </Tab>

  <Tab title="FTP">
    {/* <!-- param-start:[sourceUrl, sourceUrl3, sourceUrl4, sourceUrl6] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

    <ResponseField name="Source URL" type="string" required>
      Enter the URL, including full path and file name, that points to the source file. Special characters used in this field must be URL-safe.

      We recommend using the `Source username` and `Source password` properties to provide credentials. For more information, see [Including credentials in URLs](/docs/components/data-transfer#including-credentials-in-urls).

      The source URL should be in the following format:

      ```
      ftp://[username[:password]@]hostname[:port][path]
      ```

      Example:

      ```
      ftp://johndoe@example.com/home/johndoe/documents/report.txt
      ```
    </ResponseField>

    {/* <!-- param-end:[sourceUrl, sourceUrl3, sourceUrl4, sourceUrl6] --> */}

    {/* <!-- param-start:[setHomeDirectoryAsRoot, setHomeDirectoryAsRoot1, setHomeDirectoryAsRoot2] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

    <ResponseField name="Set home directory as root" type="boolean" required>
      * **Yes:** URLs are relative to the user's home directory.
      * **No:** (Default) URLs are relative to the server root.
    </ResponseField>

    {/* <!-- param-end:[setHomeDirectoryAsRoot, setHomeDirectoryAsRoot1, setHomeDirectoryAsRoot2] --> */}

    {/* <!-- param-start:[sourceUsername, sourceUsername1, sourceUsername2, sourceUsername3, sourceUsername4] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

    <ResponseField name="Source username" type="string">
      Enter your URL connection username for the source. This property is optional—your username will only be used if the data source requests it.
    </ResponseField>

    {/* <!-- param-end:[sourceUsername, sourceUsername1, sourceUsername2, sourceUsername3, sourceUsername4] --> */}

    {/* <!-- param-start:[sourcePassword, sourcePassword1, sourcePassword2, sourcePassword3, sourcePassword4] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

    <ResponseField name="Source password" type="drop-down">
      Select the secret definition that represents your credentials for your chosen source.

      Click **Manage** to navigate to the **Secret definitions** list to review and add secret definitions. Read [Secrets and secret definitions](/docs/guides/secrets-and-secret-definitions) to learn how to create a secret definition.

      This property is optional—your password will only be used if the data source requests it.
    </ResponseField>

    {/* <!-- param-end:[sourcePassword, sourcePassword1, sourcePassword2, sourcePassword3, sourcePassword4] --> */}
  </Tab>

  <Tab title="Google Cloud Storage">
    {/* <!-- param-start:[sourceUrl7, sourceUrl2] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

    <ResponseField name="Source URL" type="file explorer" required>
      Enter the URL that points to the source file.

      Either use the file explorer to navigate to the file you want to transfer, or enter the URL into the path field at the top of the dialog. This is particularly useful if you want to use variables in the URL. Special characters used in this field must be URL-safe.

      The source URL should be in the following format:

      ```
      GS://<bucket>/<folder-path>
      ```

      Example with variables:

      ```
      GS://${jv_gcsAccount}/${jv_folderName}
      ```
    </ResponseField>

    {/* <!-- param-end:[sourceUrl7, sourceUrl2] --> */}
  </Tab>

  <Tab title="HTTP">
    {/* <!-- param-start:[sourceUrl, sourceUrl3, sourceUrl4, sourceUrl6] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

    <ResponseField name="Source URL" type="string" required>
      Enter the URL, including full path and file name, that points to the source file. Special characters used in this field must be URL-safe.

      We recommend using the `Source username` and `Source password` properties to provide credentials. For more information, see [Including credentials in URLs](/docs/components/data-transfer#including-credentials-in-urls).

      The source URL should be in the following format:

      ```
      http://[username[:password]@]hostname[:port][absolute-path]
      ```

      Example:

      ```
      http://user:password@www.example.com/products/list
      ```
    </ResponseField>

    {/* <!-- param-end:[sourceUrl, sourceUrl3, sourceUrl4, sourceUrl6] --> */}

    {/* <!-- param-start:[sourceUsername, sourceUsername1, sourceUsername2, sourceUsername3, sourceUsername4] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

    <ResponseField name="Source username" type="string">
      Enter your URL connection username for the source. This property is optional—your username will only be used if the data source requests it.
    </ResponseField>

    {/* <!-- param-end:[sourceUsername, sourceUsername1, sourceUsername2, sourceUsername3, sourceUsername4] --> */}

    {/* <!-- param-start:[sourcePassword, sourcePassword1, sourcePassword2, sourcePassword3, sourcePassword4] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

    <ResponseField name="Source password" type="drop-down">
      Select the secret definition that represents your credentials for your chosen source.

      Click **Manage** to navigate to the **Secret definitions** list to review and add secret definitions. Read [Secrets and secret definitions](/docs/guides/secrets-and-secret-definitions) to learn how to create a secret definition.

      This property is optional—your password will only be used if the data source requests it.
    </ResponseField>

    {/* <!-- param-end:[sourcePassword, sourcePassword1, sourcePassword2, sourcePassword3, sourcePassword4] --> */}
  </Tab>

  <Tab title="HTTPS">
    {/* <!-- param-start:[sourceUrl, sourceUrl3, sourceUrl4, sourceUrl6] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

    <ResponseField name="Source URL" type="string" required>
      Enter the URL, including full path and file name, that points to the source file. Special characters used in this field must be URL-safe.

      We recommend using the `Source username` and `Source password` properties to provide credentials. For more information, see [Including credentials in URLs](/docs/components/data-transfer#including-credentials-in-urls).

      The source URL should be in the following format:

      ```
      https://[username[:password]@]hostname[:port][absolute-path]
      ```

      Example:

      ```
      https://user:password@www.example.com/products/list
      ```
    </ResponseField>

    {/* <!-- param-end:[sourceUrl, sourceUrl3, sourceUrl4, sourceUrl6] --> */}

    {/* <!-- param-start:[performCertificateValidation] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

    <ResponseField name="Perform certificate validation" type="drop-down" required>
      Select whether to check that the SSL certificate for the host is valid before fetching your file. Default is **No**.
    </ResponseField>

    {/* <!-- param-end:[performCertificateValidation] --> */}

    {/* <!-- param-start:[sourceUsername, sourceUsername1, sourceUsername2, sourceUsername3, sourceUsername4] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

    <ResponseField name="Source username" type="string">
      Enter your URL connection username for the source. This property is optional—your username will only be used if the data source requests it.
    </ResponseField>

    {/* <!-- param-end:[sourceUsername, sourceUsername1, sourceUsername2, sourceUsername3, sourceUsername4] --> */}

    {/* <!-- param-start:[sourcePassword, sourcePassword1, sourcePassword2, sourcePassword3, sourcePassword4] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

    <ResponseField name="Source password" type="drop-down">
      Select the secret definition that represents your credentials for your chosen source.

      Click **Manage** to navigate to the **Secret definitions** list to review and add secret definitions. Read [Secrets and secret definitions](/docs/guides/secrets-and-secret-definitions) to learn how to create a secret definition.

      This property is optional—your password will only be used if the data source requests it.
    </ResponseField>

    {/* <!-- param-end:[sourcePassword, sourcePassword1, sourcePassword2, sourcePassword3, sourcePassword4] --> */}
  </Tab>

  <Tab title="Microsoft Exchange">
    {/* <!-- param-start:[authentication] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

    <ResponseField name="Authentication" type="drop-down" required>
      Choose your OAuth connection from the drop-down menu.

      Click **Manage** to navigate to the **OAuth connections** list to review and add OAuth connections. Read [OAuth](/docs/guides/oauth) to learn how to create an OAuth connection.
    </ResponseField>

    {/* <!-- param-end:[authentication] --> */}

    {/* <!-- param-start:[attachmentSource] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

    <ResponseField name="Attachment source" type="drop-down" required>
      Select the type of Exchange item to retrieve attachments from:

      * **Message**: Retrieves attachments from an email message.
      * **Event**: Retrieves attachments from a calendar event.
    </ResponseField>

    {/* <!-- param-end:[attachmentSource] --> */}

    {/* <!-- param-start:[sourceId] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

    <ResponseField name="Source ID" type="string" required>
      Enter the ID of the Exchange item to retrieve attachments from:

      * If `Attachment source` is **Message**, enter a valid email message ID.
      * If `Attachment source` is **Event**, enter a valid calendar event ID.
    </ResponseField>

    {/* <!-- param-end:[sourceId] --> */}

    {/* <!-- param-start:[attachmentId] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

    <ResponseField name="Attachment ID" type="string" required>
      Enter the ID of the attachment to retrieve from the email message or calendar event identified in `Source ID`.
    </ResponseField>

    {/* <!-- param-end:[attachmentId] --> */}
  </Tab>

  <Tab title="Microsoft SharePoint">
    <Warning>
      Microsoft removed NTLM authentication support on **January 31, 2026** and Basic authentication support on **May 1, 2026** for SharePoint Online. If you're connecting to SharePoint Online via SOAP, you must switch to REST with Azure AD OAuth immediately. SOAP authentication remains supported for SharePoint On-Premise. For more information, see the [CData driver changelog](https://cdn.cdata.com/help/RSM/jdbc/pg_changelog.htm).
    </Warning>

    {/* <!-- param-start:[serviceType] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

    <ResponseField name="Service type" type="drop-down" required>
      Select **REST** to connect to Microsoft SharePoint using the REST API.
    </ResponseField>

    {/* <!-- param-end:[serviceType] --> */}

    {/* <!-- param-start:[authentication] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

    <ResponseField name="Authentication" type="drop-down" required>
      Choose your OAuth connection from the drop-down menu.

      Click **Manage** to navigate to the **OAuth connections** list to review and add OAuth connections. Read [OAuth](/docs/guides/oauth) to learn how to create an OAuth connection.
    </ResponseField>

    {/* <!-- param-end:[authentication] --> */}

    {/* <!-- param-start:[connectionOptions] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

    <ResponseField name="Connection options" type="column editor">
      * **Parameter:** A JDBC parameter supported by the database driver. The available parameters are explained in the data model. Manual setup isn't usually required, since sensible defaults are assumed.
      * **Value:** A value for the given parameter.

      <Note>
        To transfer files from subsites, in the `Connection Options` property, enter `URL` as a parameter, with your site URL as the value. This must be the full URL, e.g. `https://companyname.sharepoint.com/sitename` (for classic/root sites) or `https://companyname.sharepoint.com/sites/sitename` (for modern site collections).
      </Note>
    </ResponseField>

    {/* <!-- param-end:[connectionOptions] --> */}

    {/* <!-- param-start:[fileType] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

    <ResponseField name="File type" type="drop-down" required>
      Select the type of file you want to transfer: {filetypes_1}.
    </ResponseField>

    {/* <!-- param-end:[fileType] --> */}

    {/* <!-- param-start:[library] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

    <ResponseField name="Library" type="drop-down" required>
      Only visible if `File type` is **Document**.

      Select the SharePoint library that contains the file you want to transfer. The drop-down lists libraries in your SharePoint instance.

      For more information, read [Introduction to libraries](https://support.microsoft.com/en-us/office/introduction-to-libraries-7d4221d9-8fb9-40d5-8441-2374c84b5e26?ui=en-us\&rs=en-us\&ad=us).
    </ResponseField>

    {/* <!-- param-end:[library] --> */}

    {/* <!-- param-start:[fileUrl] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

    <ResponseField name="File URL" type="string" required>
      Enter the URL that points to the file you want to transfer. This must be the **full DNS** name and path for the file, e.g. `https://companyname.sharepoint.com/sitename/path/to/file/file.ext` or `https://companyname.sharepoint.com/sites/sitename/path/to/file/file.ext`.
    </ResponseField>

    {/* <!-- param-end:[fileUrl] --> */}
  </Tab>

  <Tab title="S3">
    {/* <!-- param-start:[sourceUrl7, sourceUrl2] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

    <ResponseField name="Source URL" type="file explorer" required>
      Enter the URL that points to the source file.

      Either use the file explorer to navigate to the file you want to transfer, or enter the URL into the path field at the top of the dialog. This is particularly useful if you want to use variables in the URL. Special characters used in this field must be URL-safe.

      The source URL should be in the following format:

      ```
      S3://<bucket>/<folder-path>/<file>
      ```

      Example with variables:

      ```
      S3://${jv_bucketName}/${jv_folderName}/report.txt
      ```
    </ResponseField>

    {/* <!-- param-end:[sourceUrl7, sourceUrl2] --> */}
  </Tab>

  <Tab title="SFTP">
    {/* <!-- param-start:[sourceUrl, sourceUrl3, sourceUrl4, sourceUrl6] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

    <ResponseField name="Source URL" type="string" required>
      Enter the URL, including full path and file name, that points to the source file. Special characters used in this field must be URL-safe.

      We recommend using the `Source username` and `Source password` properties to provide credentials. For more information, see [Including credentials in URLs](/docs/components/data-transfer#including-credentials-in-urls).

      The source URL should be in the following format:

      ```
      sftp://[username[:password]@]hostname[:port][path]
      ```

      Example:

      ```
      sftp://johndoe@example.com/home/johndoe/documents/report.txt
      ```
    </ResponseField>

    {/* <!-- param-end:[sourceUrl, sourceUrl3, sourceUrl4, sourceUrl6] --> */}

    {/* <!-- param-start:[setHomeDirectoryAsRoot, setHomeDirectoryAsRoot1, setHomeDirectoryAsRoot2] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

    <ResponseField name="Set home directory as root" type="boolean" required>
      * **Yes:** URLs are relative to the user's home directory.
      * **No:** (Default) URLs are relative to the server root.
    </ResponseField>

    {/* <!-- param-end:[setHomeDirectoryAsRoot, setHomeDirectoryAsRoot1, setHomeDirectoryAsRoot2] --> */}

    {/* <!-- param-start:[sourceUsername, sourceUsername1, sourceUsername2, sourceUsername3, sourceUsername4] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

    <ResponseField name="Source username" type="string">
      Enter your URL connection username for the source. This property is optional—your username will only be used if the data source requests it.
    </ResponseField>

    {/* <!-- param-end:[sourceUsername, sourceUsername1, sourceUsername2, sourceUsername3, sourceUsername4] --> */}

    {/* <!-- param-start:[sourcePassword, sourcePassword1, sourcePassword2, sourcePassword3, sourcePassword4] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

    <ResponseField name="Source password" type="drop-down">
      Select the secret definition that represents your credentials for your chosen source.

      Click **Manage** to navigate to the **Secret definitions** list to review and add secret definitions. Read [Secrets and secret definitions](/docs/guides/secrets-and-secret-definitions) to learn how to create a secret definition.

      This property is optional—your password will only be used if the data source requests it.
    </ResponseField>

    {/* <!-- param-end:[sourcePassword, sourcePassword1, sourcePassword2, sourcePassword3, sourcePassword4] --> */}

    {/* <!-- param-start:[sourceSftpKey] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

    <ResponseField name="Source SFTP key" type="drop-down">
      Select the secret definition that represents your SFTP private key.

      Click **Manage** to navigate to the **Secret definitions** list to review and add secret definitions. Read [Secrets and secret definitions](/docs/guides/secrets-and-secret-definitions) to learn how to create a secret definition.

      This property is optional—your SFTP private key will only be used if the data source requests it.

      <Note>
        Your secret must contain the complete private key, beginning with "-----BEGIN RSA PRIVATE KEY-----" and conforming to the same structure as an RSA private key.

        Your private key must be in one of the following formats: `DSA`, `RSA`, `ECDSA`, or `Ed25519`.

        Your private key must be encrypted using one of the following encryption algorithms: `ssh-ed25519`, `ecdsa-sha2-nistp256`, `ecdsa-sha2-nistp384`, `ecdsa-sha2-nistp521`, `rsa-sha2-512`, or `rsa-sha2-256`.

        In a [Hybrid SaaS](/docs/guides/runner-overview#matillion-fully-managed-vs-hybrid-cloud) configuration, you need to manually convert the private key into a format that allows it to be stored in your AWS Secrets Manager. You can do this with the following command:

        ```bash theme={null}
        ssh-keygen -p -f YOUR_PRIVATE_KEY -m pem
        ```
      </Note>
    </ResponseField>

    {/* <!-- param-end:[sourceSftpKey] --> */}

    {/* <!-- param-start:[sourceSftpConfig] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

    <ResponseField name="Source SFTP config" type="text editor">
      Specify custom SFTP configurations using key/value pairs. Enter each key/value pair on a new line. These configurations override standard SFTP behavior, enabling greater compatibility with different server security policies. These configurations only apply to the currently selected Data Transfer component. If you have multiple Data Transfer components in your pipeline, you must configure each one individually.

      For a list of all available keys, read the list of properties [here](https://github.com/mwiede/jsch).

      When using the `kex` key to define the key exchange algorithms to use, the only supported encryption algorithms are `ssh-ed25519`, `ecdsa-sha2-nistp256`, `ecdsa-sha2-nistp384`, `ecdsa-sha2-nistp521`, `rsa-sha2-512`, and `rsa-sha2-256`.

      To use variables in this field, type the name of the variable prefixed by the dollar symbol and surrounded by \{ } brackets, as follows: `${variable}`. Once you type `${`, a drop-down list of autocompleted suggested variables will appear. This list updates as you type; for example, if you type `${date`, functions and variables containing `date` will be listed.
    </ResponseField>

    {/* <!-- param-end:[sourceSftpConfig] --> */}
  </Tab>

  <Tab title="Windows Fileshare">
    <Note>
      When `Source type` is **Windows Fileshare**:

      * The Data Transfer component uses the SMB2 protocol exclusively. SMB1 is not supported.
      * The Data Transfer component uses TCP port `445` by default if no port is explicitly specified.
      * Source credentials (domain, username, and password) are optional. The domain, username, and password must be provided as separate fields—do not use the `domain\username` format in the username field.
    </Note>

    {/* <!-- param-start:[sourceUrl1] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

    <ResponseField name="Source URL" type="string" required>
      Enter the URL, including full path and file name, that points to the source file. Special characters used in this field must be URL-safe.

      We recommend using the `Source username` and `Source password` properties to provide credentials. For more information, see [Including credentials in URLs](#including-credentials-in-urls).

      The source URL should be in the following format if possible:

      ```
      smb://[[authdomain;]user@]host[:port][/share[/dirpath][/name]][?context]
      ```

      This source also accepts other methods such as HTTP and HTTPS.

      Examples:

      ```
      smb://mydomain;jdoe@fileserver01/documents/projects/mydata
      ```

      ```
      http://11.22.3.4/share5/mydata.txt
      ```
    </ResponseField>

    {/* <!-- param-end:[sourceUrl1] --> */}

    {/* <!-- param-start:[sourceDomain] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

    <ResponseField name="Source domain" type="string">
      Enter the domain that the file to transfer is located on.
    </ResponseField>

    {/* <!-- param-end:[sourceDomain] --> */}

    {/* <!-- param-start:[sourceUsername, sourceUsername1, sourceUsername2, sourceUsername3, sourceUsername4] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

    <ResponseField name="Source username" type="string">
      Enter your URL connection username for the source. This property is optional—your username will only be used if the data source requests it.
    </ResponseField>

    {/* <!-- param-end:[sourceUsername, sourceUsername1, sourceUsername2, sourceUsername3, sourceUsername4] --> */}

    {/* <!-- param-start:[sourcePassword, sourcePassword1, sourcePassword2, sourcePassword3, sourcePassword4] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

    <ResponseField name="Source password" type="drop-down">
      Select the secret definition that represents your credentials for your chosen source.

      Click **Manage** to navigate to the **Secret definitions** list to review and add secret definitions. Read [Secrets and secret definitions](/docs/guides/secrets-and-secret-definitions) to learn how to create a secret definition.

      This property is optional—your password will only be used if the data source requests it.
    </ResponseField>

    {/* <!-- param-end:[sourcePassword, sourcePassword1, sourcePassword2, sourcePassword3, sourcePassword4] --> */}
  </Tab>
</Tabs>

### Configure

<ResponseField name="Unpack ZIP file" type="boolean" required>
  Select **Yes** if the source data is a ZIP file that you want to unpack before being transferred. Default is **No**.
</ResponseField>

{/* <!-- param-start:[gzipData] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

<ResponseField name="Gzip data" type="boolean" required>
  Select **Yes** to gzip the transferred data when it arrives at the target. Default is **No**.
</ResponseField>

{/* <!-- param-start:[targetObjectName] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

<ResponseField name="Target object name" type="string" required>
  Enter a name for the new file when it is transferred to your target location.
</ResponseField>

### Destination

<ResponseField name="Target type" type="drop-down" required>
  Select the target location to transfer your files to. Use the tabs below to see the properties to configure for each target type.
</ResponseField>

<Tabs>
  <Tab title="Azure Blob Storage">
    <Note>
      The service principal or identity that you use to connect to Azure must have the following permissions:

      * `Storage Account Contributor` at storage account level
      * `Storage Blob Data Contributor` at storage account or container level

      No SAS tokens are required to connect to Azure Blob Storage. For more information, read [Azure Blob Storage permissions](/docs/security/third-party-roles-and-permissions#azure-blob-storage).
    </Note>

    {/* <!-- param-start:[blobLocation] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

    <ResponseField name="Blob location" type="file explorer" required>
      Enter the URL that points to the location you want to transfer the file to.

      Either use the file explorer to navigate to the location for the file, or enter the URL into the path field at the top of the dialog. This is particularly useful if you want to use variables in the URL. Special characters used in this field must be URL-safe.

      The URL should be in the following format:

      ```
      AZURE://<account>/<container>/<path>
      ```

      Example with variables:

      ```
      AZURE://${jv_blobStorageAccount}/${jv_containerName}
      ```
    </ResponseField>

    {/* <!-- param-end:[blobLocation] --> */}
  </Tab>

  <Tab title="Google Cloud Storage">
    {/* <!-- param-start:[targetUrl, targetUrl2] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

    <ResponseField name="Target URL" type="file explorer" required>
      Enter the URL that points to the location to transfer your file to.

      Either use the file explorer to navigate to the location to transfer the file to, or enter the URL into the path field at the top of the dialog. This is particularly useful if you want to use variables in the URL. Special characters used in this field must be URL-safe.

      The target URL should be in the following format:

      ```
      GS://<bucket>/<folder-path>
      ```

      Example with variables:

      ```
      GS://${jv_gcsAccount}/${jv_folderName}
      ```
    </ResponseField>

    {/* <!-- param-end:[targetUrl, targetUrl2] --> */}
  </Tab>

  <Tab title="S3">
    {/* <!-- param-start:[targetUrl, targetUrl2] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

    <ResponseField name="Target URL" type="file explorer" required>
      Enter the URL that points to the location to transfer your file to.

      Either use the file explorer to navigate to the location to transfer the file to, or enter the URL into the path field at the top of the dialog. This is particularly useful if you want to use variables in the URL. Special characters used in this field must be URL-safe.

      The target URL should be in the following format:

      ```
      S3://<bucket>/<folder-path>
      ```

      Example with variables:

      ```
      S3://${jv_bucketName}/${jv_folderName}
      ```
    </ResponseField>

    {/* <!-- param-end:[targetUrl, targetUrl2] --> */}

    {/* <!-- param-start:[accessControlListOptions] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

    <ResponseField name="Access control list options" type="drop-down">
      If required, select ACL settings to apply to the transferred file. If you do not select any ACL settings, any ACL settings you currently have applied will be left unchanged. For more information about the available options, read the [Amazon S3 canned ACLs list](https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl).
    </ResponseField>

    {/* <!-- param-end:[accessControlListOptions] --> */}

    {/* <!-- param-start:[encryption] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

    <ResponseField name="Encryption" type="drop-down" required>
      Select how to encrypt the transferred file at the location specified in `Target URL`:

      * **None:** (Default) Do not encrypt the data.
      * **SSE KMS:** Encrypt the data according to a key stored on KMS. For more information, read [AWS Key Management Service](https://aws.amazon.com/kms/).
      * **SSE S3:** Encrypt the data according to a key stored on an S3 bucket. For more information, read [Using server-side encryption with Amazon S3-managed encryption keys \[SSE-S3\]](https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingServerSideEncryption.html).
    </ResponseField>

    {/* <!-- param-end:[encryption] --> */}

    {/* <!-- param-start:[kmsKeyId] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

    <ResponseField name="KMS key ID" type="drop-down" required>
      Only visible if `Encryption` is **SSE KMS**.

      Select the ID of the KMS encryption key you want to use to encrypt the data.
    </ResponseField>

    {/* <!-- param-end:[kmsKeyId] --> */}
  </Tab>

  <Tab title="SFTP">
    {/* <!-- param-start:[targetUrl3] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

    <ResponseField name="Target URL" type="string" required>
      Enter the URL that points to the folder to transfer your file to. Special characters used in this field must be URL-safe.

      We recommend using the `Target username` and `Target password` properties to provide credentials. For more information, see [Including credentials in URLs](/docs/components/data-transfer#including-credentials-in-urls).

      If the folders in your target path don't exist, the Data Transfer component creates them automatically.

      The target URL should be in the following format:

      ```
      sftp://[username[:password]@]hostname[:port][path]
      ```

      Example:

      ```
      sftp://johndoe@example.com/home/johndoe/documents/
      ```
    </ResponseField>

    {/* <!-- param-end:[targetUrl3] --> */}

    {/* <!-- param-start:[setHomeDirectoryAsRoot, setHomeDirectoryAsRoot1, setHomeDirectoryAsRoot2] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

    <ResponseField name="Set home directory as root" type="boolean" required>
      * **Yes:** URLs are relative to the user's home directory.
      * **No:** (Default) URLs are relative to the server root.
    </ResponseField>

    {/* <!-- param-end:[setHomeDirectoryAsRoot, setHomeDirectoryAsRoot1, setHomeDirectoryAsRoot2] --> */}

    {/* <!-- param-start:[targetUsername, targetUsername1] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

    <ResponseField name="Target username" type="string">
      Enter your URL connection username for the target. This property is optional—your username will only be used if the target requests it.
    </ResponseField>

    {/* <!-- param-end:[targetUsername, targetUsername1] --> */}

    {/* <!-- param-start:[targetPassword, targetPassword1] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

    <ResponseField name="Target password" type="drop-down">
      Select the secret definition that represents your credentials for your chosen target.

      Click **Manage** to navigate to the **Secret definitions** list to review and add secret definitions. Read [Secrets and secret definitions](/docs/guides/secrets-and-secret-definitions) to learn how to create a secret definition.

      This property is optional—your password will only be used if the target requests it.
    </ResponseField>

    {/* <!-- param-end:[targetPassword, targetPassword1] --> */}

    {/* <!-- param-start:[targetSftpKey] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

    <ResponseField name="Target SFTP key" type="drop-down">
      Select the secret definition that represents your SFTP private key.

      Click **Manage** to navigate to the **Secret definitions** list to review and add secret definitions. Read [Secrets and secret definitions](/docs/guides/secrets-and-secret-definitions) to learn how to create a secret definition.

      This property is optional—your SFTP private key will only be used if the data source requests it.

      <Note>
        Your secret must contain the complete private key, beginning with "-----BEGIN RSA PRIVATE KEY-----" and conforming to the same structure as an RSA private key.

        Your private key must be in one of the following formats: `DSA`, `RSA`, `ECDSA`, or `Ed25519`.

        Your private key must be encrypted using one of the following encryption algorithms: `ssh-ed25519`, `ecdsa-sha2-nistp256`, `ecdsa-sha2-nistp384`, `ecdsa-sha2-nistp521`, `rsa-sha2-512`, or `rsa-sha2-256`.

        In a [Hybrid SaaS](/docs/guides/runner-overview#matillion-fully-managed-vs-hybrid-cloud) configuration, you need to manually convert the private key into a format that allows it to be stored in your AWS Secrets Manager. You can do this with the following command:

        ```bash theme={null}
        ssh-keygen -p -f YOUR_PRIVATE_KEY -m pem
        ```
      </Note>
    </ResponseField>

    {/* <!-- param-end:[targetSftpKey] --> */}

    {/* <!-- param-start:[targetSftpConfig] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

    <ResponseField name="Target SFTP config" type="text editor">
      Specify custom SFTP configurations using key/value pairs. Enter each key/value pair on a new line. These configurations override standard SFTP behavior, enabling greater compatibility with different server security policies. These configurations only apply to the currently selected Data Transfer component. If you have multiple Data Transfer components in your pipeline, you must configure each one individually.

      For a list of all available keys, read the list of properties [here](https://github.com/mwiede/jsch).

      When using the `kex` key to define the key exchange algorithms to use, the only supported encryption algorithms are `ssh-ed25519`, `ecdsa-sha2-nistp256`, `ecdsa-sha2-nistp384`, `ecdsa-sha2-nistp521`, `rsa-sha2-512`, and `rsa-sha2-256`.

      To use variables in this field, type the name of the variable prefixed by the dollar symbol and surrounded by \{ } brackets, as follows: `${variable}`. Once you type `${`, a drop-down list of autocompleted suggested variables will appear. This list updates as you type; for example, if you type `${date`, functions and variables containing `date` will be listed.
    </ResponseField>

    {/* <!-- param-end:[targetSftpConfig] --> */}
  </Tab>

  <Tab title="Windows Fileshare">
    <Note>
      When `Target type` is **Windows Fileshare**:

      * The Data Transfer component uses the SMB2 protocol exclusively. SMB1 is not supported.
      * The Data Transfer component uses TCP port `445` by default if no port is explicitly specified.
      * A target username is required when authenticating; the target domain and target password remain optional. The domain, username, and password must be provided as separate fields—do not use the `domain\username` format in the username field.
    </Note>

    {/* <!-- param-start:[targetUrl1] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

    <ResponseField name="Target URL" type="string" required>
      Enter the URL that points to the folder to transfer your file to. Special characters used in this field must be URL-safe.

      We recommend using the `Target username` and `Target password` properties to provide credentials. For more information, see [Including credentials in URLs](/docs/components/data-transfer#including-credentials-in-urls).

      If the folders in your target path don't exist, the Data Transfer component creates them automatically.

      The target URL should be in the following format if possible:

      ```
      smb://[[authdomain;]user@]host[:port][/share[/dirpath]][?context]
      ```

      This target also accepts other methods, such as HTTP and HTTPS. Examples:

      ```
      smb://mydomain;jdoe@fileserver01/documents/projects/
      ```

      ```
      http://11.22.3.4/share5/
      ```
    </ResponseField>

    {/* <!-- param-end:[targetUrl1] --> */}

    {/* <!-- param-start:[targetDomain] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

    <ResponseField name="Target domain" type="string">
      Enter the domain that you want the transferred file to be located on.
    </ResponseField>

    {/* <!-- param-end:[targetDomain] --> */}

    {/* <!-- param-start:[targetUsername, targetUsername1] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

    <ResponseField name="Target username" type="string">
      Enter your URL connection username for the target. This property is optional—your username will only be used if the target requests it.
    </ResponseField>

    {/* <!-- param-end:[targetUsername, targetUsername1] --> */}

    {/* <!-- param-start:[targetPassword, targetPassword1] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

    <ResponseField name="Target password" type="drop-down">
      Select the secret definition that represents your credentials for your chosen target.

      Click **Manage** to navigate to the **Secret definitions** list to review and add secret definitions. Read [Secrets and secret definitions](/docs/guides/secrets-and-secret-definitions) to learn how to create a secret definition.

      This property is optional—your password will only be used if the target requests it.
    </ResponseField>

    {/* <!-- param-end:[targetPassword, targetPassword1] --> */}
  </Tab>
</Tabs>
