Overview
When integrating NetSuite with external systems over SFTP (Secure File Transfer Protocol), it is often necessary to store or retrieve authentication credentials such as GUIDs (Globally Unique Identifiers) and Host Keys. These credentials are essential for NetSuite’s SFTP connection objects to validate secure transfers.
In this article, we’ll walk through a Suitelet script that helps administrators or integrators dynamically generate or retrieve an SFTP GUID and Host Key for later use in connection setup or scripted file transfers.
Key Concepts
- GUID: In NetSuite, a GUID is automatically created when you generate an SFTP credential record. You can retrieve it using SuiteScript.
- Host Key Fingerprint: The fingerprint of the SFTP server’s public key, which NetSuite uses to validate the server’s identity.
Script Use Case
This Suitelet:
- Displays a form where the user can input the SFTP host and port
- On submission, connects to the SFTP server using NetSuite’s
httpsmodule to retrieve the host key fingerprint - Retrieves or generates the GUID (could be stored in a custom record or generated manually)
- Displays both values for use in integration setup
Sample Suitelet Script:
/**
*@NApiVersion 2.1
*@NScriptType Suitelet
*@NModuleScope Public
*/
/**********************************************************************************************************************************************
* Balaji Trading, Inc-USA-NS
*
* BTIN-2432: Generate SFTP Credentials.
*
*
***********************************************************************************************************************************************
*
* Author: Jobin & Jismi
*
* Date Created : 04-06-2025
*
* COPYRIGHT © 2024 Jobin & Jismi IT Services LLP. All rights reserved.This script is a proprietary product of Jobin & Jismi IT Services LLP and is protected by copyright law and international treaties.
Unauthorized reproduction or distribution of this script, or any portion of it, may result in severe civil and criminal penalties and will be prosecuted to the maximum extent possible under law.
*
* Description : Generate SFTP Credentials.
*
* REVISION HISTORY
*
* @version 1.0 BTIN-2432 : 07-07-2022 : Created the initial build
*
************************************************************************************************************************************************/
define(["N/https", "N/ui/serverWidget", "N/search"], function (https, serverWidget, search) {
let HOST_KEY_TOOL_URL = 'https://ursuscode.com/tools/sshkeyscan.php?url=';
function getFormTemplate() {
try {
let form = serverWidget.createForm({
title: 'JJ SFTP Helper Tool'
});
form.addSubmitButton({
label: 'Submit'
});
return form;
}
catch (e) {
log.error("Error @ getFormTemplate", e);
return;
}
}
function addSelectorFields(form) {
try {
let select = form.addField({
id: 'selectaction',
type: serverWidget.FieldType.SELECT,
label: 'Select Action'
});
select.addSelectOption({
value: 'getpasswordguid',
text: 'Get Password GUID',
});
select.addSelectOption({
value: 'gethostkey',
text: 'Get Host Key'
});
return form;
}
catch (e) {
log.error("Error @ addSelectorFields", e);
return;
}
}
function addPasswordGUID1Fields(form) {
try {
form.addField({
id: 'restricttoscriptids',
type: serverWidget.FieldType.TEXT,
label: 'Restrict To Script Ids',
}).isMandatory = true;
form.addField({
id: 'restricttodomains',
type: serverWidget.FieldType.TEXT,
label: 'Restrict To Domains',
}).isMandatory = true;
return form;
}
catch (e) {
log.error("Error @ addSelectorFields", e);
return;
}
}
function addPasswordGUID2Fields(form, restrictToScriptIds, restrictToDomains) {
try {
form.addCredentialField({
id: 'password',
label: 'Password',
restrictToScriptIds: restrictToScriptIds.replace(' ', '').split(','),
restrictToDomains: restrictToDomains.replace(' ', '').split(','),
});
return form;
}
catch (e) {
log.error("Error @ addPasswordGUID2Fields", e);
return;
}
}
function addHostKeyFields(form) {
try {
form.addField({
id: 'url',
type: serverWidget.FieldType.TEXT,
label: 'URL (Required)',
});
form.addField({
id: 'port',
type: serverWidget.FieldType.INTEGER,
label: 'Port (Optional)',
});
form.addField({
id: 'hostkeytype',
type: serverWidget.FieldType.TEXT,
label: 'Type (Optional)',
});
return form;
}
catch (e) {
log.error("Error @ addHostKeyFields", e);
return;
}
}
function onRequest(context) {
try {
let method = context.request.method;
let form = getFormTemplate(method);
if (method == 'GET') {
form = addSelectorFields(form);
}
if (method == 'POST') {
let selectaction = context.request.parameters.selectaction;
if (selectaction == 'getpasswordguid') {
form = addPasswordGUID1Fields(form);
} else if (selectaction == 'gethostkey') {
form = addHostKeyFields(form);
}
else {
let password = context.request.parameters.password;
let url = context.request.parameters.url;
let hostKeyType = context.request.parameters.hostkeytype;
let port = context.request.parameters.port;
let restricttoscriptids = context.request.parameters.restricttoscriptids;
let restricttodomains = context.request.parameters.restricttodomains;
if (restricttoscriptids && restricttodomains) {
form = addPasswordGUID2Fields(form, restricttoscriptids, restricttodomains);
}
if (password) {
form.addField({
id: 'passwordguidresponse',
type: serverWidget.FieldType.LONGTEXT,
label: 'PasswordGUID Response',
displayType: serverWidget.FieldDisplayType.INLINE
}).defaultValue = password;
}
else if (url) {
let myUrl = HOST_KEY_TOOL_URL + url + "&port=" + port + "&type=" + hostKeyType;
let theResponse = https.get({ url: myUrl }).body;
form.addField({
id: 'hostkeyresponse',
type: serverWidget.FieldType.LONGTEXT,
label: 'Host Key Response',
displayType: serverWidget.FieldDisplayType.INLINE
}).defaultValue = theResponse;
}
}
}
context.response.writePage(form);
}
catch (e) {
log.error("Error @ onRequest", e);
}
}
return {
onRequest: onRequest
};
});
Alternatives
If direct retrieval of the host key is not feasible due to firewall/security issues:
- Manually SSH into the SFTP server and run:
ssh-keyscan -t rsa sftp.yourserver.com
- Then hash the result using:
ssh-keygen -lf <(ssh-keyscan -t rsa sftp.yourserver.com)
Next Steps
Once you have the GUID and Host Key:
- Go to Setup > Company > SFTP Connections
- Create a new connection using the generated values
- Test your integration or SuiteScript (e.g., Map/Reduce or Scheduled Script)
Conclusion
Using a Suitelet to simplify the SFTP setup process makes credential management much easier, especially during integration rollout or environment refresh. Automating GUID generation and host key retrieval reduces manual errors and accelerates deployment.