Skip to main content

Snowflake Key Pair Authentication

Coalesce supports Snowflake’s key pair authentication for connecting Development Workspaces and Environments to Snowflake instances. Both encrypted and un-encrypted private keys are supported. Encrypted keys have a corresponding passphrase that is required to use them, while un-encrypted keys can be used directly. While keys are allowed to be encrypted with an empty passphrase by Snowflake, this is not supported in Coalesce and will result in an error.

Before you begin, go through Snowflake’s key pair authentication steps to generate your keys and assign the public key to your Snowflake user.

Snowflake Key Pair New Workspace

  1. Select the Project you want to create the Workspace in.

  2. Click Create Workspace. You'll be taken to the Workspace creator.

  3. Give your Workspace a Name and Description(optional).

    Step 1 of 5 workspace creation interface for Coalesce, showing fields for workspace name and description, with explanation that workspaces allow development of data transformations without impacting team members
  4. Enter your Snowflake Account URL.

    Snowflake connection setup page showing URL input field with https:// prefix and .snowflakecomputing.com suffix, OAuth toggle currently disabled, and Previous/Next navigation buttons. Link provided for finding Snowflake Account URL.
    1. Obtain your Snowflake URL, by opening the account selector in Snowflake.

      Add your Snowflake credentials in the build settings
  5. Change the Authentication Type to Key Pair.

  6. Enter your Snowflake Username , Private Key, Private Key Passphrase (if applicable), Role and Warehouse into their respective fields and Save. Click Test Connection to ensure this works as expected.

    Adding Your Private Key

    When entering your private key, make sure it's formatted properly. It must include the full private key including the lines BEGIN ENCRYPTED PRIVATE KEY and END ENCRYPTED PRIVATE KEY.

    -----BEGIN ENCRYPTED PRIVATE KEY-----
    ...
    -----END ENCRYPTED PRIVATE KEY-----
    Snowflake credentials input form: Step 3 of 5 workspace setup page. Form fields include Authentication Type (defaulted to Key Pair), Username, Private Key, Private Key Passphrase, Role, and Warehouse. Required fields marked with asterisks. Optional Role and Warehouse fields note 'Leave empty to use the Snowflake default.' A 'Test Connection' button appears at the bottom. Page header explains credentials authenticate user access and remain private within the workspace.
  7. You'll connect a repo to this Workspace. Your repository was connected during Project setup. Workspaces let you work on a branch. You will need to select a branch and commit to make a new branch. For example, if you want to create a branch off main, select main, then select the commit in main to create your branch from.

  8. Next, add Storage Locations and Storage Mappings to your Workspace. If you have any existing Storage Locations and Storage Mappings from Git, they will be listed here.

    Storage Locations and Mappings configuration interface showing two locations (WORK and EDW), with EDW expanded to display database mapping to EDW_APAC and schema mapping to DEV_EDW. Interface includes toggle for manual mapping and option to set WORK as default storage location.
  9. Click Create Workspace. You've just created your Workspace. Get started by adding some data.

Snowflake Key Pair Existing Workspace

  1. Navigate to Build Settings > Environments/Development Workspaces.
  2. Select Edit, , on the Environment or Workspace that you want to connect to Snowflake using Key Pair Auth.
  3. In Edit Environment or Workspace > User Credentials, select Authentication Type as Key Pair .
  4. Enter your Snowflake Username , Private Key, Private Key Passphrase (if applicable), Role and Warehouse into their respective fields and Save. Click Test Connection to ensure this works as expected.
Workspace Settings Development page showing Snowflake connection configuration. Left sidebar lists Settings, User Credentials, Storage Mappings, Parameters, and OAuth Settings. Main panel displays connection details including Snowflake account URL (fka56740.snowflakecomputing.com), authentication fields for Key Pair login, and role set to ACCOUNTADMIN. Cancel and Save buttons at bottom.
Adding Your Private Key

When entering your private key, make sure it's formatted properly. It must include the full private key including the lines BEGIN ENCRYPTED PRIVATE KEY and END ENCRYPTED PRIVATE KEY.

-----BEGIN ENCRYPTED PRIVATE KEY-----
...
-----END ENCRYPTED PRIVATE KEY-----