Explaining Private Key Authentication in Snowflake

The aim of this page📝 is to explain the process of setting up private key authentication in Snowflake based on the particular example of using SnowSQL.

• Among the various authentication mechanisms Snowflake offers, there are two: password and private key.
• Password authentication is simple but less secure.
• Private key authentication provides enhanced security.
• Private key authentication uses a public-private key pair.
• The public key is assigned to the Snowflake user.
• The private key is used to connect and authenticate to Snowflake.
• Various Snowflake clients support private key authentication.
• To set up private key authentication, you first generate a 2048-bit RSA key pair.
• You then generate the public key from the private key.
• The public key is assigned to the Snowflake user via an SQL command in Snowflake’s web interface.
• You can then connect to Snowflake using a client like SnowSQL with the private key.

CODE

Here is a particular example I have experienced:

# Generate a 2048-bit RSA key pair
openssl genrsa 2048 | openssl pkcs8 -topk8 -inform PEM -out rsa_key.p8

# Generate the public key from the private key
openssl rsa -pubout -in rsa_key.p8 -out rsa_key.pub

# SQL command to assign the public key to the Snowflake user
ALTER USER my_user SET RSA_PUBLIC_KEY='PUBLIC_KEY_CONTENT';

# Connect to Snowflake using SnowSQL with the private key
snowsql -a account -u user --private-key-path private_key_path

Remember to replace user, account, PUBLIC_KEY_CONTENT, and private_key_path with your actual details.

LINKS

• https://docs.snowflake.com/en/user-guide/key-pair-auth.html
• https://tools.ietf.org/html/rfc7617