Password authentication

Password authentication is supported as an alternative to SSH key authentication. Use this method only when key authentication isn’t feasible on your SFTP server or within your security controls.

Caution

RSA key authentication is strongly preferred for new integrations. Passwords are easier to leak and harder to rotate. If you’re setting up a new integration, please consider key auth first.

Setup

1. Create a dedicated SFTP user on your server — typically named conflixis. This user should have access only to the folder Conflixis will read from, and no interactive shell.
2. Set a strong password. Use a randomly generated value of at least 20 characters. Do not reuse a password from another system.
3. Send the credentials to Conflixis via the secure channel your contact has provided. Share:
   • The username.
   • The password.

Conflixis stores the password in a managed secrets vault. It’s retrieved at runtime for each scheduled connection and is not written to disk or logged.

Rotation

Password-authenticated integrations should be rotated on a fixed cadence — we recommend at least every 90 days, and immediately whenever:

• A member of your team with access to the password leaves.
• You suspect the password may have been exposed.

To rotate:

1. Coordinate a short maintenance window with your Conflixis contact.
2. Set the new password on your SFTP server.
3. Send the new password to Conflixis via your secure channel.
4. Conflixis updates the stored credential; the next scheduled run uses it.

When to prefer password auth

Password auth may be the right choice if:

• Your SFTP server is a managed service that doesn’t expose public-key configuration on a per-user basis.
• Your security policy explicitly requires password-based access with rotation.
• You’re running a short-lived pilot where key provisioning adds more operational overhead than it saves.

For every other case, prefer RSA key authentication.

Related

• RSA key authentication
• Troubleshooting