Skip to main content

Official Support Articles

Search or browse our knowledge base to find answers to your questions ranging from account questions to troubleshooting error messages. The content is curated and updated by our global Support team

Announcements
NEW webinar Dec. 7th: 2023 Outlook, A Pivotal Year for Data Integration SIGN ME UP!

How to setup Key Pair Authentication in Snowflake and How to configure this enhanced security mechanism in Qlik Replicate

cancel
Showing results for 
Search instead for 
Did you mean: 
SwathiPulagam
Support
Support

How to setup Key Pair Authentication in Snowflake and How to configure this enhanced security mechanism in Qlik Replicate

Snowflake supports using key pair authentication for enhanced authentication security as an alternative to basic authentication (i.e. username and password). This article covers end-to-end setup for Key Pair Authentication in Snowflake and Qlik Replicate.

This authentication method requires, at minimum, a 2048-bit RSA key pair. You can generate the Privacy Enhanced Mail (i.e. PEM) private-public key pair using OpenSSL.

Qlik Replicate will use the ODBC driver to connect snowflake and ODBC is one of the supported clients which will support key pair authentication.

Let's assume, you decided to use key pair authentication for the Snowflake user which is used in Qlik Replicate to connect to Snowflake. You have to follow the below process to convert user authentication from basic to key pair.

 

Step 1: Generate the Private Key

You can generate either an encrypted version of the private key or an unencrypted version of the private key.

To generate an unencrypted version use the following command in the command prompt:

$ openssl genrsa 2048|openssl pkcs8 -topk8 -inform PEM -out rsa_key.p8 -nocrypt

To generate an encrypted version (which omits -nocrypt) use:

$ openssl genrsa 2048|openssl pkcs8 -topk8 -v2 des3 -inform PEM -out rsa_key.p8

In our example case, we generate an encrypted version of a private key.

We:

  1. Open a command prompt
  2. Run $ openssl genrsa 2048|openssl pkcs8 -topk8 -v2 des3 -inform PEM -out rsa_key.p8
  3. Enter our password
  4. And store the password to use in Qlik Replicate.

SwathiPulagam_0-1664450480506.png

 

This generates a private key in PEM format:

SwathiPulagam_1-1664450480508.png

 

 

Step 2: Generate a Public Key

From the command line, we generate the public key by referencing the private key. The following command assumes the private key is encrypted and contained in the file named rsa_key.p8.

When it requests a passphrase, use the same password that we generated in step 1.

openssl rsa -in rsa_key.p8 -pubout -out rsa_key.pub

 

SwathiPulagam_2-1664450480509.png

 

This command generates the public key in PEM format:

 

SwathiPulagam_3-1664450480511.png

 

 

Step 3: Store the Private and Public Keys Securely

Copy the public and private key files to a local directory for storage and record the path to the files. Note that the private key is stored using the PKCS#8 (Public Key Cryptography Standards) format and is encrypted using the passphrase you specified in the previous step.

However, the file should still be protected from unauthorized access using the file permission mechanism provided by your operating system. It is your responsibility to secure the file when it is not being used.

 

Step 4: Assign the Public Key to a Snowflake User

Describe the user to see current information. We can see that there is no public key assigned to the HDW user. Therefore, the user needs to use basic authentication.

 

SwathiPulagam_4-1664450480513.png

 

Execute an ALTER USER command to assign the public key to a Snowflake user.

 

SwathiPulagam_5-1664450480514.png

 

 

Step 5: Verify the User’s Public Key Fingerprint

 

Execute a DESCRIBE USER command to verify the user’s public key.

 

SwathiPulagam_6-1664450480516.png

 

 

Step 6: Configure Qlik Replicate to Use snowflake Key Pair Authentication

 

  1. Enter the snowflake server name and the username that we configured key pair authentication.

    SwathiPulagam_7-1664450480517.png

  2. We need to set the below parameters to set the authentication method as SNOWFLAKE_JWT, passing the private key and password from step 1.

    SwathiPulagam_8-1664450480517.png

  3. Try to do the test connection\browse the database and you can see a missing password error. We can't ignore the password in the endpoint UI and at the same time, we shouldn't enter the password as we are using keypair authentication.

    SwathiPulagam_9-1664450480518.png

  4. You can key in a dummy password, such as dummy, dummy123, etc., in the UI to eliminate the missing password error.

    Finally, browse the database and do the test connection.

    SwathiPulagam_10-1664450480519.png

 

 

 

 

Environment

Qlik Replicate 
Snowflake Target

 

Version history
Last update:
‎2022-09-29 09:10 AM
Updated by: