Snowflake key pair Authentication and rotation

Last updated on October 4, 2023

Overview

Key Pair Authentication enhances the security of Snowflake connector by allowing secure access to your Snowflake data warehouse without exposing user passwords.

This section outlines how to generate and retrieve a key pair from the Data Connector service and then implement key pair authentication within your Snowflake user account.

Generate key pair

The Snowflake connector service automatically generates a public-private key pair when creating a Snowflake connector configuration. The public key is provided in the API response upon successful configuration creation. The private key is stored securely on the Data Connector service.

Implement key pair authentication

  1. Create roles, users, and databases. Ensure that you grant the necessary privileges to users. See Configure Snowflake permission setup to learn how.

  2. Retrieve the public key from the API response of the Snowflake connector configuration creation.

  3. Implement the public key to the Snowflake user.

Key pair rotation

To ensure the continued security of your Snowflake connector, consider periodically rotating key pairs using the following steps:

  1. Use the API endpoint [PUT]/analytics-connector/v1/admin/tools/snowflake/keypairs/{id} to initiate the key pair rotation.

  2. The API response will provide a new public key.

  3. Update the Snowflake user's authentication method to use the new public key.

Last updated on

On this page