PortablePortable Logo

Using Key Pair Authentication for Snowflake in Portable

Denis
Staff Software Engineer

Portable now supports Key Pair Authentication for Snowflake destinations, allowing users to securely connect to their Snowflake account using an encrypted or unencrypted key pair. This method enhances security by replacing passwords with cryptographic authentication. In this guide, we'll walk through setting up Key Pair Authentication, generating your keys, configuring Snowflake, and adding credentials in Portable.

Why Use Key Pair Authentication?

Key Pair Authentication provides a more secure way to authenticate with Snowflake by eliminating the need for passwords in API requests. Instead, it uses an asymmetric cryptographic key pair:

  • Private Key: Stored securely in Portable and used to authenticate requests.
  • Public Key: Registered with your Snowflake user account.

If the private key is encrypted, you'll need to provide a passphrase. Otherwise, it can be left blank in Portable.

Step 1: Generate a Key Pair

To use Key Pair Authentication, you first need to generate an RSA key pair. Run the following commands in your terminal:

Generate a Private Key
Unencrypted
openssl genrsa 2048 | openssl pkcs8 -topk8 -inform PEM -out rsa_key.p8 -nocrypt
Encrypted
openssl genrsa 2048 | openssl pkcs8 -topk8 -v2 des3 -inform PEM -out rsa_key.p8

The ouput result will be a private key in PEM format e.g.

-----BEGIN ENCRYPTED PRIVATE KEY-----
...
-----END ENCRYPTED PRIVATE KEY-----
Extract the Public Key
openssl rsa -in rsa_key.p8 -pubout -out rsa_key.pub

The ouput result will be a public key in PEM format e.g.

-----BEGIN PUBLIC KEY-----
...
-----END PUBLIC KEY-----

Step 2: Register the Public Key in Snowflake

Once you've generated your public key, register it with your Snowflake user account by executing the following SQL statement in Snowflake. __It is important in this stept that when you set your public key you only use the encoded content of your key, do not keep the header and footer__e.g:

-----BEGIN PUBLIC KEY-----
T32T...
-----END PUBLIC KEY-----

ALTER USER MY_SNOWFLAKE_USER SET RSA_PUBLIC_KEY = 'T32T...';

You can check your user information using this statement

DESC USER MY_SNOWFLAKE_USER;

Step 3: Configure Key Pair Authentication in Portable

Now that your Snowflake account is configured, you need to add the private key in Portable.

  1. Create a New Snowflake Destination
    • Navigate to Destinations in Portable.
    • Select Snowflake and click Create.
  2. Set Up Authentication
    • In the Authentication Method dropdown, select Key Pair.
    • Paste all contents of your private key including header and footer.
    • (Optional) If you used an encrypted private key, enter the passphrase.
    • Save the configuration.

If you used an encrypted private key, enter the passphrase.

Save the configuration.

Visual guide

Step 4: Validate the Connection

Once the setup is complete, Portable will attempt to connect to Snowflake using the private key. If everything is set up correctly, you'll see a success messages:

  • ✅ Configuration Valid
  • ✅ Connected to Database

If there are any missing required fields, Portable will highlight them for you to update.