![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 53%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZ%3C/text%3E%3C/svg%3E)
446 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 49%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDN%3C/text%3E%3C/svg%3E)
Hi @zmsoft ,Thanks for reaching out, I have taken a look at your problem and come up with 2 solutions according to Snowflake documentations: you can either use Key Pair Authentication or use Programmatic Access Tokens. These approaches both need alteration to your connectionString, though you won't be logging in using password.
For Key-pair Authentication:
Key pair authentication is a secure method of connecting to Snowflake without using a password. Instead, it uses a cryptographic key pair:
- The public key is uploaded to Snowflake and associated with a user.
- The private key is stored securely on your machine or in your app.
When your app connects, it uses the private key to digitally sign a token, which Snowflake verifies using the public key. If the signature is valid, access is granted — no password needed.
Link to the documentation: Key-pair authentication and key-pair rotation | Snowflake Documentation
You should have OpenSSL installed. Run the following on your Command Line Interface:
# Generate private key
openssl genrsa 2048 | openssl pkcs8 -topk8 -inform PEM -out rsa_key.p8 -nocrypt
# Generate public key
openssl rsa -in rsa_key.p8 -pubout -out rsa_key.pub
Keep rsa_key.p8 safe as you will need this to connect to your user.
Log in to your Snowflake account, then run this SQL code on your worksheet:
ALTER USER your_user SET RSA_PUBLIC_KEY=<your_public_key>;
Fill in <your_public_key> with your content of rsa_key.pub
Your connectionString should look like this:
string connectionString = "account=<your_account>;" +
"user=<your_user>;" +
"authenticator=SNOWFLAKE_JWT;" +
"private_key_file=<full_path_to_rsa_key.p8>;" +
"role=<your_role>;" +
"warehouse=<your_warehouse>;" +
"db=<your_database>;" +
"schema=<your_schema>";
For Programmatic Access Tokens:
A programmatic access token in Snowflake is a secure authentication method used for automated or API-based connections. Instead of requiring a password, these tokens act as credentials for accessing Snowflake REST APIs, SQL API, and other integrations like Tableau or Power BI.
A token can be used instead of a password to log in.
Link to the documentation: Using programmatic access tokens for authentication | Snowflake Documentation
Go to your Snowflake web page, use your work ship to properly configure your Authentication Policy:
Create your Authentication policy:
CREATE AUTHENTICATION POLICY my_authentication_policy
PAT_POLICY=(NETWORK_POLICY_EVALUATION = ENFORCED_NOT_REQUIRED)
SET AUTHENTICATION_METHODS = ('OAUTH', 'PASSWORD', 'PROGRAMMATIC_ACCESS_TOKEN');
;
You can refer to the documentation as to what your favorable PAT policy should be (default is ENFORCED_REQUIRED).
Also remember to include PROGRAMMATIC_ACCESS_TOKEN as part of Authentication methods to facilitate logging in with access tokens.
Based on your Network Policy, you might need to alter Account or User Network Policy to handle logins: Controlling network traffic with network policies | Snowflake Documentation
Proceed to generate a Token:
- Navigate to Admin » Users & Roles.
- Select the user and generate a new token with a name, comment, and expiration time.
Remember to download that token or copied it somewhere as after closing, you will not be able to access that token again.
In your connectionString, simply replace the value in password with the value of your token:
string connectionString = "account=<your_account>;" +
"user=<your_user>;" +
"password=<token_value>;" +
"role=<your_role>;" +
"warehouse=<your_warehouse>;" +
"db=<your_database>;" +
"schema=<your_schema>";
If you encounter any problems, please reach out as I'm happy to help