HelpDesk
sign in

Setting up Key Pair Authentication for Snowflake

Creation date: 13/08/2025 09:53    Updated: 13/08/2025 10:37   authentication qlik replicate snowflake
Print...
In Q3 of 2025, Snowflake will force users to log in using Multi Factor Authentication which means that using a username and password to connect Replicate to Snowflake will no longer be supported. One of the other 2 Authentication methods available in the Snowflake endpoint must be used; Key-Pair or OAuth. This article goes through how the Key-Pair method can be set up

  1. In a BASH command line (Linux based command prompt), run the following command: 
    openssl genrsa -out rsa_key.pem 2048
    This generates the private key file, which should be a file with the extension .pem. This creates a private key file without a password. If you'd like to create a private key file which includes a password, follow the steps provided here.

  2. Then run the command:
    openssl rsa -in rsa_key.pem -pubout -out rsa_key.pub
    This creates the public key file.

  3. Copy the private and public key to somewhere secure and also onto the Replicate server to a location which Replicate will be able to read from

  4. Open the public key file (*.pub), and copy all the lines except for the "-----BEGIN PUBLIC KEY-----" and "-----END PUBLIC KEY-----" lines

  5. Login to Snowflake, open a worksheet and run the following query:
    ALTER USER <Snowflake user used with Replicate> SET RSA_PUBLIC_KEY='<Contents of public key file copied in Step 4>'
    It should look like this:

    If you see permission issues when running the above query then it's likely that the role being used to run the command doesn't have the right privileges. You will need to run the command with an account that has ownership of that user, 'ALTER USER' privileges for that user, or the roles SECURITYADMIN or USERADMIN.

  6. Still in the Snowflake worksheet, run the describe query to check that the key is set. There should be a property called RSA_PUBLIC_KEY
    DESC USER NRAMAMURTHI101;

  7. In Replicate, in the General tab of the Snowflake endpoint, fill out the following:
    1. Set the "Authentication" setting to 'Key Pair'
    2. For the "Username" field, enter the user which you set the key for in Snowflake
    3. For the "Private key file" field, enter the full path to the private key file on the Replicate server.
    4. The "Private key passphrase" field can be left empty if no password was set for the private key file in Step 1

  8. Run a Test Connection to verify the connection to Snowflake works

The Key-Pair Authentication method is only supported in Replicate versions May 2024 and onwards. Therefore any Replicate customers using Snowflake with the Username & Password authentication should upgrade to Replicate May 2024 or newer since the username and password authentication will no longer work after November 2025.

References
DataImage96.png
Get help for this page