Skip to content

Using Snowflake key-pair authentication

When creating an environment for a Snowflake data warehouse, you can choose to use key-pair authentication. To use this authentication method, the Snowflake private key must be stored as a secret, as described in this document.

Prerequisites

Generate a private and public key in Snowflake and configure your Snowflake user, following the procedure given in the Snowflake documentation.

Storing the private key

You can store the private key locally, in an AWS Secrets Manager, or an Azure Key Vault. For more information about using an AWS Secrets Manager or an Azure Key Vault, read Integrating Matillion ETL with secret managers.

When copying the private key as part of creating your Environment, copy the full content of the Snowflake private key file you generated, including the header and footer lines.

An encrypted private key, including the header and footer, should look like this:

-----BEGIN ENCRYPTED PRIVATE KEY-----

[Key value]

-----END ENCRYPTED PRIVATE KEY-----

An unencrypted private key, including the header and footer, should look like this:

-----BEGIN PRIVATE KEY-----

[Key value]

-----END PRIVATE KEY-----

Note

If the key has been shared, the format may have been altered. To correct this, run the following command to validate and convert the key to the correct format:

openssl rsa -in key.pem -check
© Copyright 2024 Matillion Ltd | Legal | Privacy Policy | Disclaimer | Modern Slavery Statement