Guide

SFTP for Wasabi: a complete setup guide

How to put SFTP in front of Wasabi hot cloud storage, why its flat, no-egress pricing suits predictable transfer, how to create access keys, and how to connect a managed gateway.

Wasabi sells “hot” object storage at a flat per-TB price with no egress fees and no API request charges, a deliberately simple model aimed at predictable, high-volume storage. It’s S3-compatible, so it slots in anywhere the S3 API is spoken, including in front of an SFTP gateway. Wasabi doesn’t offer SFTP itself, so you add a translation layer.

Here’s how to give a partner a normal SFTP login backed by your own Wasabi bucket.

Why Wasabi specifically

  • Flat pricing, no egress, no request fees. You pay for stored capacity, full stop. For an SFTP workload with unpredictable read/write patterns, that removes the two charges (egress and per-operation) that usually make object-storage bills hard to forecast.
  • S3-compatible. Standard access keys + a regional endpoint, so any SFTP-to-S3 gateway connects cleanly.

Step 1: create a Wasabi bucket

In the Wasabi console: Buckets → Create Bucket. Choose a region (it determines your endpoint) and keep the bucket private.

Step 2: create an access key

  1. Access Keys → Create New Access Key (ideally for a sub-user scoped via a policy to just this bucket, rather than a root key).
  2. Save the Access Key and Secret Key, the secret is shown once.

Your endpoint is regional:

https://s3.<region>.wasabisys.com        e.g. https://s3.eu-central-1.wasabisys.com

Step 3: connect Wasabi to a managed gateway

With Firepipe, add Wasabi as an S3-compatible backend:

  1. Choose S3-compatible when adding a connection.
  2. Enter the Wasabi regional endpoint, Access Key, and Secret Key. The key is stored encrypted and scoped to your bucket, least-privilege access you can rotate or revoke.
  3. Create per-user SFTP credentials, each path-jailed to its own prefix.

Partners connect over SFTP and their files stream straight into your Wasabi bucket. The gateway custodies nothing; you keep Wasabi’s flat-rate economics.

Step 4: per-user access and audit

Issue one credential per partner (SSH key or password), each jailed to its own path, with a full exportable audit trail. Revoking a credential ends any live session, and you can pin a credential to specific source IPs.

A note on Wasabi’s storage policies

Wasabi’s flat pricing comes with policies worth knowing before you commit: historically a minimum storage duration (you’re billed a minimum retention period per object) and a minimum monthly storage floor. These don’t affect how the SFTP gateway works, but they shape whether Wasabi is the cheapest home for your data pattern, check the current Wasabi pricing terms. Your Wasabi usage is billed by Wasabi directly; the gateway meters only throughput, with no per-operation fees.

Summary

Wasabi + SFTP is a good match when you want predictable storage cost and an SFTP workload whose egress and request volume would otherwise be hard to budget. Create a private bucket, scope an access key to it, and point a managed gateway at the regional endpoint, files stay in your Wasabi bucket, with per-user, revocable access. Spanning more than one cloud? See the multi-cloud options.

Try it on your own bucket

Connect a bucket you already own, Amazon S3, Azure Blob, Google Cloud Storage, or an S3-compatible store, and hand out a clean SFTP endpoint in minutes. Your files stay in your cloud.

Start free

← All guides