Prepare Snowflake credentials

In order to retrieve required credentials, please follow the below steps

Oauth method

  1. Sign in to Snowflake

  2. Perform below step detail to connect Snowflake to Anduin:

    • a. Create new worksheet , then run the code below. You can rename the INTEGRATION_DEMO to what you want. The pre_authorized_roles_list specifies which role can be used for this integration. You can read our detailed guide on role & permission to decide which values to enter here.
      create security integration INTEGRATION_DEMO
          type = oauth
          oauth_client = custom
          oauth_client_type = 'public'
          oauth_redirect_uri = 'https://oauth2.integration-platform.anduin.app/callback'
          enabled = true
          pre_authorized_roles_list = ( 'USERADMIN','SYSADMIN')
          oauth_issue_refresh_tokens = true
          oauth_refresh_token_validity = 864000
      
    • b. Then run below and use Authorize URL, Token URL and Client ID for the config
      DESCRIBE INTEGRATION INTEGRATION_DEMO
      
    • c. Run this code to get Client Secret to finish the config
      SELECT SYSTEM$SHOW_OAUTH_CLIENT_SECRETS('INTEGRATION_DEMO')
      
    • d. Get Snowflake Identifier URL by the code below **and replace the result to <identifier-result> **to finish url https://<identifier-result>.snowflakecomputing.com
    SELECT CURRENT_ORGANIZATION_NAME() || '-' || CURRENT_ACCOUNT_NAME();
    
    • e. Get Snowflake Account Locator, using the prefix from Authorize URL

  3. Create warehouse, database

    • a. Create warehouse SQL
      CREATE WAREHOUSE ANDUIN_WH
        WITH WAREHOUSE_SIZE = 'X-SMALL'
        AUTO_SUSPEND = 300
        AUTO_RESUME = TRUE
        INITIALLY_SUSPENDED = TRUE;
      
    • b. Create database SQL
      CREATE DATABASE IDM_DB;
      
    • c. Input ANDUIN_WH to Warehouse and IDM_DB to Database in the configuration wizard

Key pair authentication method

  1. Generate a private–public key pair using your Terminal.

    • a. Open your Terminal and run below commands
    openssl genrsa 2048 | openssl pkcs8 -topk8 -inform PEM -out rsa_key.p8 -nocrypt
    
    openssl genrsa 2048 | openssl pkcs8 -topk8 -v2 des3 -inform PEM -out rsa_key.p8
    
    • b. Input Passphrase to generate the private key. Store Passphrase to user it later
    • c. Run this command to view the private key, copy all the key to use later
    cat rsa_key.p8 //
    
    
    You will observe the private key shows up in the following format
    -----BEGIN ENCRYPTED PRIVATE KEY-----
    MIIFJD...
    -----END ENCRYPTED PRIVATE KEY-----
    
    • d. Generate public key
    openssl rsa -in rsa_key.p8 -pubout -out rsa_key.pub
    
    • e. Run this command to view the public key, copy the key to use later
    cat rsa_key.pub //
    
    
    You will observe the public key shows up in the following format
    -----BEGIN PUBLIC KEY-----
    MIIBIjANB...
    -----END PUBLIC KEY-----
    


  2. Register the public key and associate it with a user in Snowflake.

    • a. Assign the public key to a user, RSA_PUBLIC_KEY will input the public key above but remove the header and footer -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- . Replace example_user with the username you want to assign the key to
    ALTER USER example_user
      SET RSA_PUBLIC_KEY='MIIBIjANB...';
    
    • b. Execute the following command to retrieve the user’s public key fingerprint
    DESC USER example_user;
    SELECT SUBSTR((SELECT "value" FROM TABLE(RESULT_SCAN(LAST_QUERY_ID()))
      WHERE "property" = 'RSA_PUBLIC_KEY_FP'), LEN('SHA256:') + 1); 
    
    • c. Observe the output
    • d. Open terminal again and run this command to to retrieve the user’s public key fingerprint
    openssl rsa -pubin -in rsa_key.pub -outform DER | openssl dgst -sha256 -binary | openssl enc -base64
    
    • e. Observe the output

    • f. Compare both outputs. If both outputs match, the user correctly configured their public key.


  3. Note down private key and other Snowflake info for integration configuration

    • Note your private and public key

    • Obtain other Snowflake credential data

      • Snowflake username: User that you assign the key to

      • Account Identifier and Account Locator

        • Open your Snowflake
        • Select avatar icon in the left-bottom corner to open the Account details table
      • Passphrase (in step 1b above)