Skip to main content
All CollectionsDataSnowflake in Astrato
Using Snowflake Key-pair Authentication with Astrato (Using a Snowflake service account with Astrato)
Using Snowflake Key-pair Authentication with Astrato (Using a Snowflake service account with Astrato)
Piers Batchelor avatar
Written by Piers Batchelor
Updated over 4 months ago

Introduction

Key pairs are more secure because they use two keys (one public, one private), keep the private key secret, allow you to verify who sent a message, are easier to manage, and provide proof of sending messages.

1. Two Keys: A key pair uses two keys – a public key and a private key. The public key locks (encrypts) the data, and only the private key can unlock (decrypt) it. This means if someone gets the public key, they still can't read the data without the private key.

2. Private Key Stays Secret: The private key is kept secret and never shared. This means only you can unlock the locked data with your public key, making it very secure.

3. Verify Identity: Key pairs allow you to sign messages with your private key. The recipient uses your public key to verify the signature, ensuring the message is really from you and hasn't been tampered with.

4. Easier Management: Instead of sharing one key with everyone (like with a single password), each person has their own key pair. This makes it easier to manage and more secure because you don't have to share your private key with anyone.

5. Proof of Sending: When you sign a message with your private key, it proves you sent it. No one else could have signed it because no one else has your private key.

Creating a Key

The first step for creating the connection is to create a key pair.

We'll use open ssl in this example.

  • On the website select generate keys from the drop-down menu

  • Generate a private_key, and select RSA and 2048 as key length.
    Give the key file a name and click run.

  • In the next step, generate a public key, select the private key file from the previous step as input, and click run.


  • Select files from the drop-down menu. And download the two files created.

Snowflake- Assign The Key To A User.

  • Open a worksheet in the snowflake instance.

  • Note

    • Only owners of a user, or users with the SECURITYADMIN role or higher can alter a user. For more information, see Overview of Access Control and GRANT OWNERSHIP

    • Exclude the public key delimiters in the SQL statement.

  • Open the public key file and copy the content.
    (only the gray text )

  • In Snowflake, write this code. 

    ALTER USER DEMO_USER SET RSA_PUBLIC_KEY='MIIBI...';

Define a Data Connection in Astrato

  • Open a new Snowflake data connection in Astrato

  • Enter the Snowflake instance URL and the user name, and check the Use private key box.

  • Open the private key file and copy all the file content.

    -----BEGIN PRIVATE KEY-----
    MIIFN...
    -----END PRIVATE KEY-----


    Paste it in the password box.

  • Click test connection.

  • Select the database for the data connection, give the connection a name, and create it.

Related Articles
Passthrough Authentication - Snowflake
Astrato for Snowflake: Optimizing Snowflake warehouses for cost & performance
Identity Federation in Snowflake using External OAuth
Astrato for Snowflake: Managing authentication & security
Using Snowflake MFA with Astrato
Did this answer your question?