Skip to main content

Using Snowflake key-pair authentication

You can connect Modelbit to your Snowflake warehouse using a Snowflake key-pair instead of a password.

Here are the steps to generate a new key pair for the modelbit_user you created earlier.

Generate new public and private keys

First, create a new RSA public/private key pair for modelbit_user.

This command will save the private key as rsa_key.p8.

openssl genrsa 2048 | openssl pkcs8 -topk8 -inform PEM -out rsa_key.p8 -nocrypt

Then run this command to generate a public key from the private key. The public key will be stored in the file rsa_key.pub:

openssl rsa -in rsa_key.p8 -pubout -out rsa_key.pub

You now have a pair of public and private keys. The public key will be given to the modelbit_user in Snowflake. And the private key will be used by Modelbit to connect to Snowflake.

Assign the public key to modelbit_user

In your Snowflake warehouse, assign the public key to the modelbit_user. Open rsa_key.pub, copy the text between header and footer, and run the following SQL command:

ALTER USER modelbit_user SET RSA_PUBLIC_KEY='<your-public-key>';

For example:

ALTER USER modelbit_user SET RSA_PUBLIC_KEY='
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApMdBzweZ71Z30Kr13nzk
...
...
...
EwIDAQAB
';

Make sure you don't include the -----BEGIN/END PUBLIC KEY----- parts. If you do, Snowflake will return an Invalid public key error.

Use the private key to connect from Modelbit

In the Snowflake connection wizard, choose the Key-pair authentication method and upload the rsa_key.p8 private key.

The connection wizard will check the connection, and you'll be ready to create datasets or call deployments from Snowflake!