How to Generate a JWT Key for Snowflake on Windows

administrator   18 May 2024



In this tutorial, we will walk you through the steps to generate a JWT (JSON Web Token) key for Snowflake on a Windows system. JWT keys are essential for secure authentication, and Snowflake supports JWT for service-based authentication. This guide covers the prerequisites and step-by-step instructions to generate and use JWT keys for Snowflake.

Prerequisites

Before we start, ensure you have the following tools installed on your Windows system:
  1. Snowsql: Snowflake’s command-line tool.
  2. OpenSSL: A robust toolkit for SSL/TLS.

Step 1: Generate RSA Keys
First, open your command prompt and generate RSA keys using OpenSSL. This involves creating a private key and a corresponding public key.

Run the following commands to generate the keys:
openssl genrsa 2048 | openssl pkcs8 -topk8 -inform PEM -out rsa_key.pem -nocrypt

openssl rsa -in rsa_key.pem -pubout -out rsa_key.pub
Explanation:
  • The first command generates a 2048-bit RSA private key and converts it to PKCS#8 format, saving it to rsa_key.pem.
  • The second command extracts the public key from the private key and saves it to rsa_key.pub.
  • Enter the RSA password, and save this password.

Step 2: Copy the Public Key
Next, open the rsa_key.pub file you generated in Step 1 and copy its contents. This public key will be used to set up the user in Snowflake.

Step 3: Configure the User in Snowflake
Now, log in to your Snowflake account with a user that has ACCOUNTADMIN privileges and run the following queries to set the public key for the user:
ALTER USER <USERNAME> SET RSA_PUBLIC_KEY = '<PASTE_PUBLIC_KEY_HERE>';

DESCRIBE USER <USERNAME>;
Example:
ALTER USER DOROTHY SET RSA_PUBLIC_KEY = 'MIIBIjA......DAQ';

DESCRIBE USER DOROTHY;
Replace <USERNAME> with the actual username and <PASTE_PUBLIC_KEY_HERE> with the content of your public key.

Step 4: Generate the JWT Token
Finally, generate the JWT token using Snowsql. This token will be used for authentication.

Run the following command in your command prompt:
snowsql --generate-jwt -a <ACCOUNT_ID>.eu-central-1 -u <USERNAME> --private-key-path rsa_key.pem

Example:
snowsql --generate-jwt -a abc12de.eu-central-1 -u DOROTHY --private-key-path rsa_key.pem

Replace <ACCOUNT_ID> with your Snowflake account identifier and <USERNAME> with the actual username.

Conclusion

By following these steps, you have successfully generated and configured a JWT key for Snowflake on a Windows system. This setup enhances the security of your Snowflake authentication by leveraging RSA keys and JWT. If you encounter any issues or have questions, feel free to leave a comment below. Happy querying!