Week 148 - Security & Governance

Security & Governance
Written By


This week’s challenge puts the spotlight on secure, key-pair authentication in Snowflake using Snowpark including seamless rotation.

Snowflake continues to elevate its security offerings, and key-pair authentication is now a strong recommendation for service users. It eliminates the need for passwords, enhances automation, and aligns with modern best practices. But what if the private key needs replacement? Day-to-day operations shouldn’t be interrupted, and that’s where seamless key rotation comes in.

In this challenge, you’ll:

  • Rotate your key-pair on-the-fly—without breaking your connection or workflow.
  • Set up a service-style user (demo_user) with RSA key-pair authentication,
  • Connect confidently via Snowpark in Python,

Your steps to follow :
1. Create a demo user

CREATE OR REPLACE USER demo_user
DEFAULT_WAREHOUSE = COMPUTE_WH
COMMENT = 'User for key-pair auth Snowpark challenge';

2. Generate an RSA key pair (public first , then private)

3. Link the public key to the Snowflake user

4. Grant minimal access needed for the challenge

GRANT USAGE ON WAREHOUSE compute_wh TO USER demo_user;

5. Connect via Python using Snowpark and authenticate with the private key

from snowflake.snowpark import Session# Set up the session for demo_user with RSA private key authenticationprivate_key_file = '<location of private key>'connection_parameters = {'account': "<put your account identifier here>",'user': "demo_user",'warehouse': "compute_wh",'private_key_file': private_key_file}session = Session.builder.configs(connection_parameters).create()# Checkresult = session.sql('select current_user();').collect()print(result)

7. Generate a secondary RSA key pair (public first , then private)

8. Link the secondary public key to the Snowflake user without removing the first one

9. Authenticate using the secondary key

from snowflake.snowpark import Session# Set up the session for demo_user with RSA private key authenticationsecondary_private_key_file = '<location of the second private key>'connection_parameters = {'account': "<put your account identifier here>",'user': "demo_user",'warehouse': "compute_wh",'private_key_file': secondary_private_key_file}session = Session.builder.configs(connection_parameters).create()# Checkresult = session.sql('select current_user();').collect()print(result)

10. Don't forget to post your code!

Previous

Week 149 - SQL & Query Techniques
Next

Week 147 - Cortex (AI / ML)