diff --git a/hosts/by-name/servo/services/export/sftpgo_external_auth_hook b/hosts/by-name/servo/services/export/sftpgo_external_auth_hook
index 6b181a51c..d1f7790bd 100755
--- a/hosts/by-name/servo/services/export/sftpgo_external_auth_hook
+++ b/hosts/by-name/servo/services/export/sftpgo_external_auth_hook
@@ -124,13 +124,12 @@ def getAuthResponse(ip: str, username: str, password: str) -> dict:
   return a sftpgo auth response either denying the user or approving them
   with a set of permissions.
   """
-  # TODO: allow external access only after i enable FTPS/ssl
-  # if isTrustedCred(password) and username != "colin":
-  #   # allow r/w access from those with a special token
-  #   return mkAuthOk(username, permissions = {
-  #     "/": PERM_RW,
-  #     "/playground": PERM_RW,
-  #   })
+  if isTrustedCred(password) and username != "colin":
+    # allow r/w access from those with a special token
+    return mkAuthOk(username, permissions = {
+      "/": PERM_RW,
+      "/playground": PERM_RW,
+    })
   if isWireguard(ip):
     # allow any user from wireguard
     return mkAuthOk(username, permissions = {