Skip to content

Use Certificate for Authentication in Snowflake Connector

You can use a certificate to authenticate the service user in Snowflake. This document outlines the steps to configure the Snowflake connector with Privacera using a certificate for authentication.

Prerequisites

  • Snowflake User: You need a Snowflake user with the necessary privileges to manage the access policies in Snowflake.
  • Key Pair: You need a key pair to authenticate the service user in Snowflake. You can use either a self-signed certificate or a certificate signed by a certificate authority (CA). Please refer Configure key-pair authentication on Snowflake for further details.

Setup

Property Description
Private key An RSA private key generated for key-pair authentication with Snowflake.
Private key Password Mandatory if the private key is encrypted. Here, add the passphrase used to encrypt the private key

  1. Navigate to SettingsApplications in the Self-Managed Portal.

  2. From the list of Connected Applications, select Snowflake.

  3. Click on the application name or the icon to edit. Then, go to the Access Management tab and select the BASIC tab.

  4. Enable the following option to use key pair authentication:

    • Use Key Pair Authentication

  5. Provide the following details:

    • Snowflake JDBC private key: Enter the private key of the JDBC user.
    • Snowflake JDBC private key password: Enter the corresponding password for the private key.

  6. Click SAVE to apply the changes.

  1. SSH to the instance where Privacera Manager is installed.

    Note

    If you have multiple connectors, then replace instance1 with the appropriate connector instance name.

  2. Run the following command to open the .yml file to be edited.

    Bash
    1
    vi ~/privacera/privacera-manager/config/custom-vars/connectors/snowflake/instance1/vars.connector.snowflake.yml

  3. Add the following properties to the vars.connector.snowflake.yml file:

    YAML
    1
2
3
4
    CONNECTOR_SNOWFLAKE_USE_KEY_PAIR_AUTHENTICATION: "true"
CONNECTOR_SNOWFLAKE_JDBC_PRIVATE_KEY_FILE_NAME: "<private-key-file-name>"
# if private-key is encrypted with a password add
CONNECTOR_SNOWFLAKE_JDBC_PRIVATE_KEY_PASSWORD: "<private-key-password>"

    Note

    You don't need to set the CONNECTOR_SNOWFLAKE_JDBC_PASSWORD property when using key-pair authentication.

  4. Copy the private key file to the directory where the vars.connector.snowflake.yml file is located. Make sure the file name matches with the value provided in the .yml file.

  1. In PrivaceraCloud, navigate to Settings -> Applications.
  2. On the Connected Applications screen, select Snowflake.
  3. Click the edit icon, click on Access Management -> ADVANCED tab.
  4. Enable the following toggle Use Key Pair Authentication.
  5. Enter the private key string in the Snowflake JDBC private key field.
  6. If the private key is encrypted with a password, enter the password in the Snowflake JDBC private key password field.
  7. Click on Save to save the configuration.

Comments