Skip to content

Commit 0aa5d9d

Browse files
edgarrmondragonedgarrmondragon
committed
Update readme
Signed-off-by: Edgar Ramírez Mondragón <edgarrm358@gmail.com>
1 parent 13799d4 commit 0aa5d9d

File tree

1 file changed

+34
-2
lines changed

1 file changed

+34
-2
lines changed

README.md

Lines changed: 34 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -78,18 +78,49 @@ state_backend:
7878
7979
- **account**: Your Snowflake account identifier (e.g., `myorg-account123`)
8080
- **user**: The username for authentication
81-
- **password**: The password for authentication
81+
- **password**: The password for authentication (required unless using key pair authentication)
8282
- **warehouse**: The compute warehouse to use (required)
8383
- **database**: The database where state will be stored
8484
- **schema**: The schema where state tables will be created (defaults to PUBLIC)
8585
- **role**: Optional role to use for the connection
86+
- **private_key_base64**: Optional base64-encoded DER private key for key pair authentication
87+
88+
#### Key Pair Authentication
89+
90+
Instead of password-based authentication, you can use [Snowflake key pair authentication][snowflake-keypair]. Provide the private key as a base64-encoded DER-format string:
91+
92+
```yaml
93+
state_backend:
94+
uri: snowflake://my_user@my_account/my_database?warehouse=my_warehouse
95+
snowflake:
96+
private_key_base64: MIIEvgIBADANBg... # base64-encoded DER private key
97+
```
98+
99+
The private key can also be passed as a URI query parameter:
100+
101+
```
102+
snowflake://my_user@my_account/my_database?warehouse=my_warehouse&private_key_base64=MIIEvgIBADANBg...
103+
```
104+
105+
Or via an environment variable:
106+
107+
```bash
108+
export MELTANO_STATE_BACKEND_SNOWFLAKE_PRIVATE_KEY_BASE64='MIIEvgIBADANBg...'
109+
```
110+
111+
To generate the base64-encoded DER key from a PEM private key file:
112+
113+
```bash
114+
openssl pkcs8 -topk8 -inform PEM -outform DER -in rsa_key.pem -nocrypt | base64
115+
```
116+
117+
When using key pair authentication, no password is required.
86118

87119
#### Security Considerations
88120

89121
When storing credentials:
90122

91123
- Use environment variables for sensitive values in production
92-
- Consider using Snowflake key-pair authentication (future enhancement)
93124
- Ensure the user has CREATE TABLE, INSERT, UPDATE, DELETE, and SELECT privileges
94125

95126
Example using environment variables:
@@ -129,6 +160,7 @@ gh release create v<new-version>
129160
[meltano]: https://meltano.com
130161
[pipx]: https://github.com/pypa/pipx
131162
[snowflake]: https://www.snowflake.com/
163+
[snowflake-keypair]: https://docs.snowflake.com/en/user-guide/key-pair-auth
132164
[snowflake-sqlalchemy]: https://github.com/snowflakedb/snowflake-sqlalchemy
133165
[state-backend]: https://docs.meltano.com/concepts/state_backends
134166
[uv]: https://docs.astral.sh/uv

0 commit comments

Comments
 (0)