by 
This week’s challenge puts the spotlight on secure, key-pair authentication in Snowflake using Snowpark including seamless rotation.
Snowflake continues to elevate its security offerings, and key-pair authentication is now a strong recommendation for service users. It eliminates the need for passwords, enhances automation, and aligns with modern best practices. But what if the private key needs replacement? Day-to-day operations shouldn’t be interrupted, and that’s where seamless key rotation comes in.
In this challenge, you’ll:
- Rotate your key-pair on-the-fly—without breaking your connection or workflow.
- Set up a service-style user (demo_user) with RSA key-pair authentication,
- Connect confidently via Snowpark in Python,
Your steps to follow :
1. Create a demo user
Cheat-sheet
CREATE OR REPLACE USER demo_user
DEFAULT_WAREHOUSE = COMPUTE_WH
COMMENT = ‘User for key-pair auth Snowpark challenge’;
2. Generate an RSA key pair (public first , then private)
3. Link the public key to the Snowflake user
4. Grant minimal access needed for the challenge
Cheat-sheet
GRANT USAGE ON WAREHOUSE compute_wh TO USER demo_user;
5. Connect via Python using Snowpark and authenticate with the private key
Cheat-sheet
from snowflake.snowpark import Session
# Set up the session for demo_user with RSA private key authentication
private_key_file = '<location of private key>'
connection_parameters = {
'account': "<put your account identifier here>",
'user': "demo_user",
'warehouse': "compute_wh",
'private_key_file': private_key_file
}
session = Session.builder.configs(connection_parameters).create()
# Check
result = session.sql('select current_user();').collect()
print(result)7. Generate a secondary RSA key pair (public first , then private)
8. Link the secondary public key to the Snowflake user without removing the first one
9. Authenticate using the secondary key
Cheat-sheet
from snowflake.snowpark import Session
# Set up the session for demo_user with RSA private key authentication
secondary_private_key_file = '<location of the second private key>'
connection_parameters = {
'account': "<put your account identifier here>",
'user': "demo_user",
'warehouse': "compute_wh",
'private_key_file': secondary_private_key_file
}
session = Session.builder.configs(connection_parameters).create()
# Check
result = session.sql('select current_user();').collect()
print(result)10. Don’t forget to post your code!
Leave a Reply
You must be logged in to post a comment.