The Akeyless Dev Hub

If you're looking for help with the only zero-trust, SaaS, unified platform for secrets management - you've come to the right place.

This is our documentation and updates center.

Documentation

Snowflake Dynamic Secrets

You can use Akeyless dynamic secrets to generate access credentials for Snowflake. To do this, configure a dynamic secret with the details required for Akeyless to authenticate and communicate with the relevant Snowflake account.

Prerequisites

To create a Snowflake dynamic secret, ensure that:

  • You have administrator access to the Akeyless Gateway.
  • You have a Snowflake account, and credentials for a user administrator (with the USERADMIN role or higher).

Create a Snowflake Dynamic Secret from the CLI

Let’s create a Snowflake dynamic secret using the Akeyless CLI. If you’d prefer, see how to do this from the Akeyless Gateway instead.

The CLI command to create a Snowflake dynamic secret is:

$ akeyless gateway-create-producer-snowflake \
--name <secret name> \
--account <Snowflake account name> \
--username <Snowflake username> \
--password <Snowflake password> \
--db-name <Database to which the generated credentials are restricted>

where:

  • name: A unique name for the dynamic secret. The name can include the path to the virtual folder in which you want to create the new secret, using slash / separators. If the folder does not exist, it will be created together with the secret.
  • account: The Snowflake account name in xy12345.region.cloud_provider format.
  • username: The username for a Snowflake user administrator (with the USERADMIN role or higher).
  • password: The password for the Snowflake user administrator account.
  • dbname: The name of the target Snowflake database.

Options

The full list of options for this command is:

Options:

  -u, --gateway-url[=http://localhost:8000]   Akeyless Gateway URL (Configuration Management port)
  -n, --name                                 *Producer name
      --account                              *Snowflake account name
      --db-name                              *The DB the generated credentials are restricted to
      --role                                  Role to be assigned to the generated credentials
      --warehouse                             The warehouse the generated credentials are restricted to
      --user-ttl[=24h]                        User TTL
      --profile                               Use a specific profile from your akeyless/profiles/ folder
      --username                              Optional username for various authentication flows
      --password                              Optional password for various authentication flows
      --uid-token                             The universal identity token, Required only for universal_identity authentication
  -h, --help                                  display help information
      --json[=false]                          Set output format to JSON
      --no-creds-cleanup[=false]              Do not clean local temporary expired creds

👍

For details about these options, see the CLI Command Reference.

Create a Snowflake Dynamic Secret from the Akeyless Gateway

Let’s create a Snowflake dynamic secret using the Akeyless Gateway. If you’d prefer, see how to do this from the Akeyless CLI instead.

  1. Log in to the Akeyless Gateway and go to Dynamic Secrets > New > DB Producer.

  2. Define a Name for the dynamic secret, and specify the Location as a path to the virtual folder in which you want to create the new secret, using slash / separators. If the folder does not exist, it will be created together with the secret.

  3. From the DB Engine drop down list, select Snowflake.

  4. Define the remaining parameters as follows:

    • Account Username: Enter the username for a Snowflake user administrator (with the USERADMIN role or higher).
    • Account Password: Enter the password for the Snowflake user administrator account.
    • DB Name: Enter the name of the target Snowflake database.
    • Account Name: Enter the Snowflake account name in xy12345.region.cloud_provider format.
    • User Role: Enter the Snowflake role to be assigned to temporary users.
    • Warehouse Name: Enter the name of the target Snowflake warehouse.
    • Encrypt Dynamic Producer with the following Key: Select the encryption key with which to encrypt the dynamic secret (if your system includes multiple encryption keys). Otherwise, select Default.
    • User TTL: Enter the length of time for which the credentials generated by the dynamic secret are valid, by default 60 (minutes).
    • Time Unit: Select the time unit for the TTL, by default, minutes.
  5. Select Save.

Updated 2 months ago

Snowflake Dynamic Secrets


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.