Skip to content

feat: SCP/SFTP Access Control and File Transfer Logging and Expiry #1679

New issue
New issue
Open
#1681
Open
feat: SCP/SFTP Access Control and File Transfer Logging and Expiry#1679
#1681
@mrmm

Description

@mrmm
mrmm
opened on Jan 21, 2026

Background

We use Warpgate internally as our SSH bastion. As our team grew and compliance requirements increased, we faced challenges around file transfer control, audit trails, and temporary access management.

Problems

  • No way to restrict SCP/SFTP file transfers while allowing SSH access
  • No audit trail of file transfers for compliance
  • Manual tracking of temporary contractor access expiration
  • All-or-nothing permissions (no role defaults with per-target exceptions)

Solution

Flexible File Transfer Permissions

Role Defaults + Target Overrides:

  • Set upload/download permissions at role level (applies to all targets)
  • Override for specific targets when needed (inherit/allow/deny)
  • Optional constraints: allowed paths, blocked extensions, file size limits

Example: Developer role allows uploads everywhere, but production DB overrides to block uploads.

File Transfer Audit Trail

All SCP/SFTP operations logged with:

  • Who, what, where, when
  • File path, size, SHA256 hash
  • Success or denial with reason

Time-Limited Role Assignments

  • Assign roles with expiration timestamps
  • Expired roles automatically revoked
  • Quick presets in UI: 4h, 8h, 12h, 1d, 3d, 7d
  • Complete history of role changes

Example: Grant contractor 90-day production access, automatically revoked when contract ends.

Benefits

Security: Lock down production file transfers, block uploads to read-only systems

Compliance: Complete audit trail with file hashes, automatic access revocation, immutable history

Operations: No manual tracking, flexible permissions without role explosion

Real-World Example

Compliance required production databases be read-only for developers:

  • Developer role allows uploads (for staging)
  • Production DB target blocks uploads
  • All downloads logged with hashes
  • Contractors get 90-day auto-expiring access

Implementation

Features:

  • Admin UI with simple toggles and dropdowns
  • Terraform provider support
  • Full backward compatibility (no breaking changes)

API Endpoints:

  • GET/PUT /role/{id}/file-transfer
  • GET/PUT /targets/{id}/roles/{role_id}/file-transfer
  • POST/GET/PUT/DELETE /users/{id}/roles/{role_id}/expiry
  • GET /users/{id}/roles/{role_id}/history

Testing: E2E tests, protocol enforcement validation, audit trail verification

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions