Secure Cloud SFTP Integration & Host Key Rotation Readiness (Azure Blob Storage)
This project focused on the discovery, assessment, and risk mitigation of a production Azure Blob Storage account used as a centralized SFTP integration hub for multiple external systems. The work ensured operational continuity during a scheduled Azure SSH host key rotation by identifying affected integrations and coordinating client-side readiness.
Problem Statement
Microsoft announced a planned SSH host key rotation for Azure Blob Storage SFTP endpoints, with the existing host key expiring on April 30, 2026. While no Azure-side configuration changes were required, automated SFTP integrations performing strict host key validation would fail without proactive coordination. The challenge was identifying which integrations were at risk and ensuring a zero-downtime transition.
Architecture Overview
Key Actions Taken
- Performed full configuration and dependency discovery of the Azure SFTP storage account
- Mapped SFTP users to human access vs automated SaaS and vendor integrations
- Identified integrations at risk from SSH host key rotation due to strict validation
- Coordinated client-side ownership and remediation planning with integration owners
- Documented a repeatable approach for future infrastructure-level security changes
Outcome
The project resulted in a fully documented, risk-classified SFTP integration environment with clear ownership and zero expected disruption during Azure’s host key rotation. Automated integrations were proactively addressed, eliminating a class of silent failures and strengthening long-term cloud integration governance.
Technologies & Concepts
- Microsoft Azure Blob Storage & Data Lake Storage Gen2
- Azure SFTP (SSH)
- SSH Host Key Management
- Cloud Integration Architecture
- Operational Risk & Change Readiness
- Azure IAM, Monitoring, and Security Baselines