SnowFlake Integration

Requirements:

  1. Username
  2. Account Identifier 
  3. Database Name 
  4. Schema Name 
  5. Table Name 
  6. Warehouse Name
  7. RSA Password : We need to obtain it from the client, but this approach is less secure
  8. P8 File to be uploaded for indexing : If the client chooses this option, we will need the .p8 file (RSA key) and the RSA passphrase from the client.


Note : We can proceed with either Option 7 or Option 8.

---------------------------------------------------------------------------------------------

The SQL API is available at https://account_identifier.snowflakecomputing.com/api, where account_identifier is your account identifier

https://docs.snowflake.com/en/user-guide/admin-account-identifier#finding-the-organization-and-account-name-for-an-account


Introduction 

Snowflake supports using key pair authentication for enhanced authentication security as an alternative to basic authentication, such as username and password.

 

Procedure to generate RSA Key

 

  1. Generate a private Key : You can generate either an encrypted version of the private key or an unencrypted version of the private key. >> Generally, it is safer to generate encrypted keys.



openssl genrsa 2048 | openssl pkcs8 -topk8 -v2 des3 -inform PEM -out rsa_key.p8

  1. Passphrase for that key :  Snowflake recommends using a passphrase that complies with PCI DSS standards to protect the locally generated private key.

  2. Generate a public key : From the command line, generate the public key by referencing the 



private key. openssl rsa -in rsa_key.p8 -pubout -out rsa_key.pub

  1. Store the private and public keys securely : Copy the public and private key files to a local directory for storage. Record the path to the files.

  2. Grant the privilege to assign a public key to a Snowflake user : To assign a public key to a user, you must have one of the following roles or privileges.

    1. The MODIFY PROGRAMMATIC AUTHENTICATION METHODS or OWNERSHIP privilege on the user.

    2. The SECURITYADMIN role or higher.


    3. ALTER USER example_user SET RSA_PUBLIC_KEY='MIIBIjANBgkqh...';

  3. Verify the user’s public key fingerprint : 

    1. Execute the following command to retrieve the user’s public key fingerprint:

      DESC USER example_user   ->> SELECT SUBSTR(         (SELECT "value" FROM $1            WHERE "property" = 'RSA_PUBLIC_KEY_FP'),         LEN('SHA256:') + 1) AS key; 

      Output:

      Azk1Pq... 

    2. Copy the output.

    3. Run the following command on the command line:

      openssl rsa -pubin -in rsa_key.pub -outform DER | openssl dgst -sha256 -binary | openssl enc -base64 

      Output:

      writing RSA key Azk1Pq... 

    4. Compare both outputs. If both outputs match, the user correctly configured their public key.

 

Key-pair authentication and key-pair rotation | Snowflake Documentation 

Using key pair authentication and key rotation

we are using JDBC to connect with their database.

Configuring the JDBC Driver | Snowflake Documentation 

privateKey property in connection properties

Configuring the JDBC Driver | Snowflake Documentation 

We need :

  1. PRIVATE_KEY_FILE

  2. private_key_passphrase

  3. private_key_file_pwd (if they setup)

Note : We are currently using password of reader account when they set-up RSA key we can use RSA key as authentication instead of password.

 

 



Was this article helpful?