In this tutorial, we will walk you through the steps to generate a JWT (JSON Web Token) key for Snowflake on a Windows system. JWT keys are essential for secure authentication, and Snowflake supports JWT for service-based authentication. This guide covers the prerequisites and step-by-step instructions to generate and use JWT keys for Snowflake.
Prerequisites
Before we start, ensure you have the following tools installed on your Windows system:
- Snowsql: Snowflake’s command-line tool.
- OpenSSL: A robust toolkit for SSL/TLS.
Step 1: Generate RSA Keys
First, open your command prompt and generate RSA keys using OpenSSL. This involves creating a private key and a corresponding public key.
Run the following commands to generate the keys:
openssl genrsa 2048 | openssl pkcs8 -topk8 -inform PEM -out rsa_key.pem -nocrypt
openssl rsa -in rsa_key.pem -pubout -out rsa_key.pub
Explanation:
- The first command generates a 2048-bit RSA private key and converts it to PKCS#8 format, saving it to rsa_key.pem.
- The second command extracts the public key from the private key and saves it to rsa_key.pub.
- Enter the RSA password, and save this password.
Step 2: Copy the Public Key
Next, open the
rsa_key.pub file you generated in Step 1 and copy its contents. This public key will be used to set up the user in Snowflake.
Step 3: Configure the User in Snowflake
Now, log in to your Snowflake account with a user that has ACCOUNTADMIN privileges and run the following queries to set the public key for the user:
ALTER USER <USERNAME> SET RSA_PUBLIC_KEY = '<PASTE_PUBLIC_KEY_HERE>';
DESCRIBE USER <USERNAME>;
Example:
ALTER USER DOROTHY SET RSA_PUBLIC_KEY = 'MIIBIjA......DAQ';
DESCRIBE USER DOROTHY;
Replace
<USERNAME> with the actual username and
<PASTE_PUBLIC_KEY_HERE> with the content of your public key.
Step 4: Generate the JWT Token
Finally, generate the JWT token using Snowsql. This token will be used for authentication.
Run the following command in your command prompt:
snowsql --generate-jwt -a <ACCOUNT_ID>.eu-central-1 -u <USERNAME> --private-key-path rsa_key.pem
Example:
snowsql --generate-jwt -a abc12de.eu-central-1 -u DOROTHY --private-key-path rsa_key.pem
Replace
<ACCOUNT_ID> with your Snowflake account identifier and
<USERNAME> with the actual username.
Conclusion
By following these steps, you have successfully generated and configured a JWT key for Snowflake on a Windows system. This setup enhances the security of your Snowflake authentication by leveraging RSA keys and JWT. If you encounter any issues or have questions, feel free to leave a comment below. Happy querying!