Need
The goal is to provide a few guidelines to configure key-pair authentication for Snowflake data sources on Windows, specifically around private key encoding and driver properties used by xDM.
Summarized Solution
To configure key-pair authentication for Snowflake data source, the solution revolves around 2 pillars:
- The entire private key file content must be base64-encoded (no headers omitted) before being placed in private_key_base64.
- The private_key_pwd driver property is required if the private key is encrypted.
Detailed Solution
1- Generate the private key (unencrypted or encrypted)
Unencrypted:
openssl genrsa 2048 | openssl pkcs8 -topk8 -inform PEM -out rsa_key.p8 -nocrypt
Encrypted (recommended):
openssl genrsa 2048 | openssl pkcs8 -topk8 -v2 des3 -inform PEM -out rsa_key.p8
2- Generate the public key
openssl rsa -in rsa_key.p8 -pubout -out rsa_key.pub
3- Base64-encode the full private key file
The entire content (including BEGIN/END lines) must be encoded and used as the private_key_base64 value:
openssl base64 -A -in rsa_key.p8
4- Configure data source driver properties
In Semarchy, in the configuration module, declare your data source as usual and had below properties:
| Property | Description |
| private_key_base64 | Full base64-encoded private key content (output of previous command). |
private_key_pwd | Passphrase for the key, if encrypted. |
| user | Snowflake user configured with the corresponding RSA_PUBLIC_KEY. |
5- Assign the public key to the Snowflake user
Back in Snowflake, run below command (exclude wrapper lines when setting it):
ALTER USER <username> SET RSA_PUBLIC_KEY='<public_key_without_headers>';
For any other information on key-pair authentication and key-pair rotation, here is Snowflake’s official guide.