Skip to content

Snowflake Keypair Authentication

Portal supports Snowflake keypair authentication for data sources. Keypair authentication uses a public/private key pair instead of a password, and is recommended for production environments.

Prerequisites

  • A Snowflake account with keypair authentication enabled for the user
  • A private key file in PEM format
  • The corresponding public key registered with the Snowflake user account

Step 1: Generate a Keypair (if needed)

If you do not already have a keypair, generate one:

# Generate private key
openssl genrsa 2048 > private_key.pem

# Extract public key
openssl rsa -in private_key.pem -pubout > public_key.pem

Register the public key with your Snowflake user account. See Snowflake's Key Pair Authentication documentation for details.

Step 2: Create a Named Credential

  1. Navigate to Admin Console > Named Credentials.
  2. Click New Credentials.
  3. Select SSL Private Key as the credential type.
  4. Enter a name (e.g., "Snowflake Prod Private Key").
  5. Paste your private key content, including the -----BEGIN PRIVATE KEY----- and -----END PRIVATE KEY----- lines.
  6. Click Save.

Step 3: Create a Data Source

  1. Create a new Data Source in the Portal.
  2. In the Database Connection field, select your Snowflake named credential.
  3. The connection string format for Snowflake is:
snowflake://<username>@<account_identifier>/<database>/<schema>?warehouse=<warehouse_name>
Parameter Description
username Your Snowflake username
account_identifier Your Snowflake account identifier (e.g., xy12345.us-east-1)
database The database name
schema The default schema
warehouse_name The warehouse to use for queries

Example: 

snowflake://analyst@xy12345.us-east-1/analytics/public?warehouse=compute_wh

  1. Write your SQL query.
  2. Click Test to verify the connection.
  3. Save the data source.