Skip to main content
Tesouro encrypts and publishes regularly scheduled reports to dedicated, Tesouro-managed SFTP locations where partners can connect to and pull files. Tesouro does not push files from its SFTP server to other locations. During onboarding, Tesouro will set up your dedicated SFTP directory, and generate and provide you with the SSH key for access. This guide is to help walk you through the process and set proper expectations for accessing your reports.

Keys

Tesouro encrypts your files before they are published to the SFTP location. PGP Key
Used to encrypt the SFTP files. The PGP key must be generated using GPG with a version less than 2.4 and a recommended RSA key size of 4096. SSH Key
Used to verify your system’s ability to log in to the SFTP server. The SSH key can be RSA, EC25519, or ECDSA, and has the following requirements:
SSH keyRequirements
RSAMinimum length: 2048
Maximum length: 4096
Accepted algorithms: rsa-sha2-256 or rsa-sha2-512
ED25519Accepted algorithms: ssh-ed25519
ECDSAAccepted algorithms: ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, or ecdsa-sha2-nistp521
  • If you need help generating your keypair or understanding our requirements, please refer to the AWS documentation.
  • Securely store the private key and employ it for decrypting files received from Tesouro.
  • Please note that you would need to regenerate a new key pair before the current key pair expires to ensure that the communication between Tesouro’s servers and yours is always secure.

SFTP setup

  1. Confirm the reports you would like published to your SFTP directory.
  2. Email integration@tesouro.com with your technical contact information.
We rely on partners pulling files from the server when they are ready. We do not push files from our server in any automated way.

Protocol

Ensure keys are rotated on an annual basis, following the latest protocol.