> ## Documentation Index
> Fetch the complete documentation index at: https://docs.maia.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Bash Pushdown

export const designer = "Designer";

export const ComponentMetadata = ({warehouses, unsupportedWarehouses = [], componentType, connectionInputs, connectionOutputs}) => {
  const allWarehouses = [...warehouses.map(w => ({
    name: w,
    supported: true
  })), ...unsupportedWarehouses.map(w => ({
    name: w,
    supported: false
  }))];
  return <div style={{
    background: 'var(--colors-background-light, #f9fafb)',
    border: '1px solid var(--colors-border-default, #e5e7eb)',
    borderRadius: '12px',
    padding: '20px 28px',
    marginBottom: '28px',
    boxShadow: '0 1px 4px rgba(0,0,0,0.10)'
  }}>
      <table style={{
    width: '100%',
    borderCollapse: 'collapse'
  }}>
        <tbody>
          <tr>
            <td style={{
    fontWeight: '600',
    paddingRight: '32px',
    paddingBottom: '14px',
    whiteSpace: 'nowrap',
    verticalAlign: 'middle',
    width: '180px'
  }}>Project Availability</td>
            <td style={{
    paddingBottom: '14px',
    verticalAlign: 'middle'
  }}>
              <div style={{
    display: 'flex',
    flexWrap: 'wrap',
    gap: '8px'
  }}>
                {allWarehouses.map((w, i) => <span key={i} style={{
    background: w.supported ? '#dcfce7' : '#fee2e2',
    color: w.supported ? '#15803d' : '#b91c1c',
    border: `1px solid ${w.supported ? '#bbf7d0' : '#fca5a5'}`,
    borderRadius: '9999px',
    padding: '3px 12px',
    fontSize: '0.85rem',
    fontWeight: '500',
    whiteSpace: 'nowrap'
  }}>
                    {w.name} {w.supported ? '✅' : '❌'}
                  </span>)}
              </div>
            </td>
          </tr>
          <tr>
            <td style={{
    fontWeight: '600',
    paddingRight: '32px',
    paddingBottom: '14px',
    whiteSpace: 'nowrap',
    verticalAlign: 'middle'
  }}>Component Type</td>
            <td style={{
    paddingBottom: '14px',
    verticalAlign: 'middle'
  }}>{componentType}</td>
          </tr>
          <tr>
            <td style={{
    fontWeight: '600',
    paddingRight: '32px',
    paddingBottom: '14px',
    whiteSpace: 'nowrap',
    verticalAlign: 'middle'
  }}>Connection Inputs</td>
            <td style={{
    paddingBottom: '14px',
    verticalAlign: 'middle'
  }}>{connectionInputs}</td>
          </tr>
          <tr>
            <td style={{
    fontWeight: '600',
    paddingRight: '32px',
    whiteSpace: 'nowrap',
    verticalAlign: 'middle'
  }}>Connection Outputs</td>
            <td style={{
    verticalAlign: 'middle'
  }}>{connectionOutputs}</td>
          </tr>
        </tbody>
      </table>
    </div>;
};

<ComponentMetadata warehouses={["Snowflake", "Databricks", "Amazon Redshift", "Google BigQuery"]} componentType="Orchestration" connectionInputs="One" connectionOutputs="Unlimited" />

Bash Pushdown is an orchestration component that enables you to use SSH connections to run your Bash scripts in your own instances. Any output from your Bash scripts is displayed in task messages. If you cancel a pipeline task while a Bash script is running, then the script terminates.

Any command line tools or credentials that you wish to use must be installed and set up on the instance you're using.

Refer to the [Bash Reference Manual](https://www.gnu.org/software/bash/manual/bash.html) where appropriate.

<Note>
  Bash Pushdown can be used in both [Full SaaS and Hybrid SaaS](/docs/guides/runner-overview#matillion-full-saas-vs-hybrid-saas) deployment models.
</Note>

***

## Cloud credentials

To ensure that cloud credentials access is managed correctly at all times, we always advise that customers limit scopes (permissions) where applicable.

***

## Properties

Reference material is provided below for the Connection, Authentication, and Execution details properties.

<ResponseField name="Name" type="string" required>
  A human-readable name for the component.
</ResponseField>

### Connection

<ResponseField name="Host" type="string" required>
  Your SSH host.
</ResponseField>

{/* <!-- param-start:[connectionDetails.sshUser] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

<ResponseField name="Username" type="string" required>
  Your SSH username.

  Run `echo "$USER"` to prompt your shell for your username.
</ResponseField>

{/* <!-- param-start:[connectionDetails.connectionTimeout] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

<ResponseField name="Connection timeout (ms)" type="integer" required>
  Length of time in milliseconds before the connection will timeout. The default is `3000`. The purpose of the timeout is to ensure scripts will never run forever even if they enter an infinite loop or are blocked by an external resource.
</ResponseField>

{/* <!-- param-start:[connectionDetails.sshPort] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

<ResponseField name="Port" type="integer" required>
  Enter your port number. The default is set to port `22`.
</ResponseField>

### Authentication

<ResponseField name="Authentication Type" type="drop-down" required>
  Choose whether to use a basic password or a key pair to authenticate. The default is key pair.
</ResponseField>

{/* <!-- param-start:[bashPushdownAuthenticationProvider.basicPasswordAuth.password] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

<ResponseField name="Password" type="drop-down" required>
  Available when **Authentication Type** is set to **Basic Password**.

  Use the drop-down menu to select the corresponding secret definition that denotes the value of your password.

  Read [Secrets and secret definitions](/docs/guides/secrets-and-secret-definitions) to learn how to create a new secret definition.
</ResponseField>

{/* <!-- param-start:[bashPushdownAuthenticationProvider.keyPairAuth.sshPrivateKey] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

<ResponseField name="Private Key" type="drop-down" required>
  Available when **Authentication Type** is set to **Key Pair**.

  Use the drop-down menu to select the corresponding secret definition that denotes the value of your private key.

  Read [Secrets and secret definitions](/docs/guides/secrets-and-secret-definitions) to learn how to create a new secret definition.

  <Note>
    The key/value JSON pattern shown in the warning below (with `\n` for newlines) is specific to key/value formatted secrets used by this component. Read [AWS Secrets Manager](/docs/administration/aws-secrets-manager) for general guidance on storing secrets in AWS.
  </Note>

  <Warning>
    For AWS users:

    If you're storing a multi-line secret in AWS Secrets Manager:

    1. Add your key and value to the **Key/value** tab of the **Secret value** section when storing your secret.
    2. Click the **Plaintext** tab.
    3. Replace any whitespace characters before and after `-----` with `\n`. Do not remove whitespace characters in the `BEGIN/END RSA PRIVATE KEY` parts.

    Example: `{"dwh-bash-private-key":"-----BEGIN RSA PRIVATE KEY-----\nline1\nline2\nline3\n-----END RSA PRIVATE KEY-----"}`

    Alternatively, you can run the following code in your terminal, replacing values where appropriate:

    ```
    PEM_CONTENT=$(awk '{printf "%s\\n", $0}' /path/to/your/file.pem)

    aws secretsmanager create-secret \
      --name "MyKeyValueSecretWithPem" \
      --description "Secret with PEM file content" \
      --secret-string "{\"pem\":\"$PEM_CONTENT\"}"
    ```
  </Warning>

  <Warning>
    For Azure users:

    Do not store multi-line secrets via the Azure Key Vault GUI, as newlines may be stripped. Instead, use the Azure CLI depending on your use case. Read [Store a multi-line secret in Azure Key Vault](https://learn.microsoft.com/en-us/azure/key-vault/secrets/multiline-secrets) to work around this issue.

    The following CLI command will maintain newlines:

    ```
    az keyvault secret set --vault-name <vault-name> --name <secet-name> --file <key-file-name>
    ```
  </Warning>
</ResponseField>

{/* <!-- param-start:[bashPushdownAuthenticationProvider.keyPairAuth.requiresPassphrase] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

<ResponseField name="Require Passphrase" type="boolean" required>
  Choose whether to require a passphrase as part of using key pair authentication. Default is **No**.
</ResponseField>

{/* <!-- param-start:[bashPushdownAuthenticationProvider.keyPairAuth.passphrase] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

<ResponseField name="Passphrase" type="drop-down" required>
  Use the drop-down menu to select the corresponding secret definition that denotes the value of your passphrase.

  Read [Secrets and secret definitions](/docs/guides/secrets-and-secret-definitions) to learn how to create a new secret definition.
</ResponseField>

### Execution details

<ResponseField name="Allow inline variable replacement" type="boolean">
  Choose whether to enable variable resolution in the script. When set to **Yes**, {designer} variables can be referenced in the script. Default is **No**.
</ResponseField>

{/* <!-- param-start:[script] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

<ResponseField name="Script" type="text editor" required>
  The Bash script to run.

  All the usual [project and pipeline variables](/docs/guides/variables) are made available in the bash environment and any changes made to such variables will never be visible outside of the current script execution.
</ResponseField>

{/* <!-- param-start:[exitScriptOnFailure] | warehouses: [snowflake, databricks, redshift, bigquery] --> */}

<ResponseField name="Exit script on failure" type="boolean" required>
  Choose whether to terminate the script if any command fails. Default is **Yes**.
</ResponseField>
