Create a public and private key pair before connecting Openprise to Snowflake using key-pairing authentication. Key pairs can be unencrypted or encrypted. Once you have set-up the key pair, connect Openprise to Snowflake using the article HERE.
Unencrypted Public/ Private Key Pair
NOTE: You will need to have OpenSSL installed on your machine to run the below commands. OpenSSL is a command-line tool that enables you to generate the public/private keys you will need during authentication with Openprise. For Linux machines, this library is installed by default. Windows users will need to install the tool manually; the latest releases are available for download HERE.
Private Key
- Open a terminal on your machine and execute the following command. This will generate an
unencrypted private key in whatever directory you execute the command. -
The below command should generate a private key in PEM format.
openssl genrsa 2048 | openssl pkcs8 -topk8 -inform PEM -out rsa_key.p8 -nocrypt - Open the file on your machine to confirm that it aligns with the formatting shown below.
-----BEGIN PRIVATE KEY-----
MIIE6T...
-----END PRIVATE KEY-----
Public Key
- Generate a public key by referencing the private key you just created.
-
The below command assumes that the private key is contained in the file named rsa_key.p8, which should be correct if you did not modify the command in Step 1-3 above to change the private key file name. The below command should generate a public key in PEM format.
openssl rsa -in rsa_key.p8 -pubout -out rsa_key.pub - Open the file on your machine to confirm that it aligns with the formatting shown below.
-----BEGIN PUBLIC KEY-----
MIIBIj…
-----END PUBLIC KEY-----
Encrypted Public/ Private Key Pair
Private Key
-
Open a terminal on your machine and execute the below command. This will generate an encrypted private key in whatever directory you execute the command. The below command should generate a private key in PEM format.
-
-
NOTE: You will be prompted to enter a password to encrypt the file before it is generated. Make note of this password as you will need it when creating a Security Key in Openprise. Snowflake recommends that you use a passphrase that complies with PCI DSS standards though this is not required for using the key to connect to Openprise. See HERE for information regarding how to generate a PCI DSS password.
openssl genrsa 2048 | openssl pkcs8 -topk8 -v2 des3 -inform PEM -out rsa_key.p8
-
NOTE: You will be prompted to enter a password to encrypt the file before it is generated. Make note of this password as you will need it when creating a Security Key in Openprise. Snowflake recommends that you use a passphrase that complies with PCI DSS standards though this is not required for using the key to connect to Openprise. See HERE for information regarding how to generate a PCI DSS password.
-
- Open the file on your machine to confirm that it aligns with the formatting shown below.
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIE6T...
-----END ENCRYPTED PRIVATE KEY-----
Public Key
-
Generate a public key by referencing the private key you just created. The below command assumes that the private key is contained in the file named rsa_key.p8, which should be correct if you did not modify the command in Step 1-3 above to change the private key file name. The below command should generate a public key in PEM format.
openssl rsa -in rsa_key.p8 -pubout -out rsa_key.pub - Open the file on your machine to confirm that it aligns with the formatting shown below.
-----BEGIN PUBLIC KEY-----
MIIBIj…
-----END PUBLIC KEY------
Assign a Public Key to a Snowflake User
-
In the Snowflake SQL Worksheet, execute the below command to assign the public key to a particular Snowflake user.
-
- NOTE: Only owners of a user or users with the SECURITYADMIN or ACCOUNTADMIN role can execute this command to effectively alter a user.
-
ALTER USER example_user_name SET RSA_PUBLIC_KEY='MIIBIjANBgkqh...';
-
-
- The value assigned to RSA_PUBLIC_KEY should correspond to the unencrypted or encrypted public key that was generated in previous steps.
- Only copy the text between the following commands:
-
-----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY-----
- Run the below command in a Snowflake SQL Worksheet to retrieve the user’s public key fingerprint.
DESC USER example_user_name;
SELECT SUBSTR((SELECT "value" FROM TABLE(RESULT_SCAN(LAST_QUERY_ID()))
WHERE "property" = 'RSA_PUBLIC_KEY_FP'), LEN('SHA256:') + 1);
-
Run the below command on the command line in the same directory where you created your public/private keys.
openssl rsa -pubin -in rsa_key.pub -outform DER | openssl dgst -sha256 -binary | openssl enc -base64 - Compare the outputs from Step 2 and Step 3. If they match, you have configured the public key correctly for the specified user.