The driver supports key-pair authentication. Key-pair authentication allows you to authenticate to Snowflake using a pair of private and public keys. The keys used for authentication must be RSA keys that are at least 2048 bits long.

You can generate the private and public key files in Privacy Enhanced Mail (PEM) format using OpenSSL. While the public key must be assigned to your account on Snowflake, the private key can be specified using the driver. Note that only the users with the necessary privileges can assign public keys, such as users with the SECURITYADMIN role.

To learn how to generate private and public key files, refer to the Snowflake documentation.

To configure the driver to use key-pair authentication:

  • Configure the basic connection properties used to establish a connection:
    • Set the AccountName property to specify the full name of your account and the region where it is hosted. For example, account_name.us-east-1.
    • Set the DatabaseName property to specify the name of the database to which you are connecting.
    • Set the Schema property to specify the default schema to use for the specified database once connected. The specified schema should be an existing schema for which the specified default role has privileges.
    • Set the Warehouse property to specify the virtual warehouse to use once connected. The specified warehouse should be an existing warehouse for which the specified default role has privileges.
  • Set the AuthenticationMethod property to KeyPair.
  • Configure one of the following connection properties to specify the private key:
    • Set the PrivateKeyFile property to specify the absolute path to the private key file you want to use for authentication.
    • Set the PrivateKeyContent property to specify the content of the private key you want to use for authentication.
  • If you are using an encrypted private key or private key content, set the PrivateKeyPassphrase property to specify the password for decrypting the private key or private key content you are using.
Note:

If the encryption schema you are using to generate the encrypted private keys is not compatible with the native encryption libraries of your JRE, the JRE will return an error. To resolve this issue, either generate encrypted private keys using an encryption schema that is compatible with your JRE or add a third-party Java cryptography library to your application (for example, Bouncy Castle) that supports the encryption schema you are using. For example, to add Bouncy Castle to your application, add the following line to the java.security file: security.provider.n=org.bouncycastle.jce.provider.BouncyCastleProvider, and then add the Bouncy Castle jars to the classpath of your JRE.

The following examples demonstrate how to make a connection using key-pair authentication.

Connection URL:

Connection conn = DriverManager.getConnection 
("jdbc:datadirect:snowflake:AccountName=account_name.us-east-1;
  DatabaseName=payroll;Schema=xyz;Warehouse=accounting;AuthenticationMethod=KeyPair;
  PrivateKeyFile=C:\Program Files\privatekey.p8;PrivateKeyPassphrase=abc123);

Data Source:

SnowflakeDataSource mds = new SnowflakeDataSource();
mds.setDescription("My Snowflake Data Source");
mds.setAccountName("account_name.us-east-1");
mds.setDatabaseName("payroll");
mds.setSchema("xyz");
mds.setWarehouse("accounting");
mds.setAuthenticationMethod("KeyPair");
mds.setPrivateKeyFile("C:\Program Files\privatekey.p8");
mds.setPrivateKeyPassphrase("abc123");