Snowflake key pair authentication is used to authenticate data and analytics tools into Snowflake securely. For third party applications, standard user + MFA is not plausible.
With changes in 2024 and pending deprecation of basic authentication without multi-factor authentication, you will need to implement key pair authentication or OAuth security for continuity.
This step by step article explains how to setup Public and Private Keys and set a public key in Snowflake.
Step 1: Windows (Using Git Bash and OpenSSL for Windows)
Install Git for Windows (includes OpenSSL)
- Download and install Git for Windows: https://git-scm.com/downloads
- This includes Git Bash, which has OpenSSL pre-installed.
Step 2: Generate the RSA Key Pair Using OpenSSL
1. Open GITBash on your computer. You can do so from the start menu.
2. Change the directory to the location were you would like to generate your key files. In the example below I created a new folder in my Documents folder called keypair.
Example changing directory.
cd "/c/Users/RyanGoodman/Documents/keypair"Generate a 2048-bit Private Key:
openssl genrsa -out private_key.pem 2048Extract the Public Key from the Private Key:
openssl rsa -in private_key.pem -pubout -out public_key.pem
If you want additional security, encrypt your private key with a passphrase. Our team at DataTools Pro always encrypt private keys with a passphrase.
- Create a passphrase.txt file locally where your public key is stored
- Enter a randomly generated passphrase
- Execute the following command
openssl rsa -in private_key.pem -aes256 -out private_key_encrypted.pem -passout file:passphrase.txt
rm -f passphrase.txt- Store your passphrase in a secured vault like Azure Key Vault, OnePassword, LastPass, etc.
- Deletepassphrase.txt permanently.
Step 3: Assign the Public Key to Your Snowflake User
The next step is to take the contents of your Public_Key file and register it in Snowflake.
2.1 Retrieve the Public Key
Open the public_key.pem file and copy its content.
3.2 Assign the Public Key to Your Snowflake User
Select the Snowflake user that you would like to grant access to use the key pair. If you are using server to server authentication, we recommend creating a SYSTEM_USER to assign and manage with proper role.
Log in to Snowflake with your user that has AccountAdmin or SecurityAdmin rights.
Run the following SQL command to associate the public key with your user:
ALTER USER YOUR_SNOWFLAKE_USER SET RSA_PUBLIC_KEY=
'-----BEGIN PUBLIC KEY----- your-public-key-here -----END PUBLIC KEY-----';To confirm the key was set:
SHOW PARAMETERS LIKE 'RSA_PUBLIC_KEY' FOR USER YOUR_SNOWFLAKE_USER;Use your Snowflake Key Pair Authentication with your Data and Analytics applications
Now you can use your private encrypted key and passphrase to integrate with data and analytics platforms.
