Re: Issue with Key Pair Authentication for Snowfla... - Qlik Community

SHARMA-G

Hi all, I’m currently transitioning an existing Snowflake user setup in Qlik Replicate from password-based authentication to key pair authentication.

I’ve followed Qlik’s official documentation, but ran into an issue after upgrading to the May 2024 version (previously I was on an older build). I’ve attached a screenshot of the new screen/interface for reference.

Here’s my setup:

I’ve generated .p8 and .pub keys

The public key (.pub) is assigned to the Snowflake user

The private key (.p8) is stored locally

I'm entering the following in the connection config:

username = abc

privateKeyFile = X:\FILENAME.p8

privateKeyPassphrase = [passphrase created during key generation]

Despite providing all the required details, I receive the error: "failed to decrypt password".

Has anyone run into this issue after upgrading? Could it be related to the format of the key file or compatibility with the new version?

lilizou

Hi @SHARMA-G

The key-pair authentication is available starting from the May 2024 release.
So, the issue was not related to the upgrade.

The error typically means that Snowflake could not decrypt your private key or password when using key-pair authentication.

Could you check the followings?
-Ensure your private key file is correct and matches the public key in Snowflake
-If password-protected, make sure the client can supply the password
-Confirm the key is in supported format (PEM, RSA)
-Validate file permissions and paths

Hope it helps.
Lili

Thanks,

SHARMA-G

thanks, so I am following How to setup Key Pair Authentication in Snowflake ... - Qlik Community - 1987060 to generate keys its not .pem but .p8. Just making sure this is the right way to genrate keys for 2024 version

john_wang

Hello @SHARMA-G ,

Could you please confirm whether the error message you received is:

"Failed to decrypt password"

In certain scenarios such as when you initially enter all connection parameters, including the Private key passphrase, in the connection window the connection test may succeed. However, if you subsequently modify other properties (e.g., the username) and save the changes, you might encounter the following error:

Failed to decrypt the 'privateKeyPassphrase'. This might be because you changed the 'username' value, which is used to encrypt the password. Reenter the 'privateKeyPassphrase' and then retry the operation Failed to decrypt data, the cipher text is corrupted.

To resolve this, please re-enter the Private key passphrase and save the changes again.

Hope this helps.

John.

Help users find answers! Do not forget to mark a solution that worked for you! If already marked, give it a thumbs up!

SHARMA-G

Hi Thanks, exact message is :

Failed to load dynamic endpoint properties
Failed to decrypt the 'password'. This might be because you changed the 'username' value, which is used to encrypt the password.
Reenter the 'password' and then retry the operation Failed to decrypt data, the cipher text is corrupted.

I believe as mqlik is installed in ec2 i might have to move keys to the ec2 instance and this error relates to that

john_wang

Hello @SHARMA-G ,

Thank you for the detailed information.

I ran a sanity test today on AWS EC2 Windows Server 2019 Datacenter using Qlik Replicate 2024.5, and the Snowflake endpoint worked as expected. The endpoint was configured with Key Pair Authentication.

To help troubleshoot your issue, we recommend opening a support ticket and attaching the Task Diagnostics Package. Please also set the logging level for target_apply/target_load to Verbose. Our support team will be happy to assist you further.

Regards,

John.

Help users find answers! Do not forget to mark a solution that worked for you! If already marked, give it a thumbs up!

SushilKumar

Hello @SHARMA-G

Request you to check the below article in case you are having a password which may have some Special characters used in it.

https://community.qlik.com/t5/Official-Support-Articles/Qlik-Replicate-fails-to-connect-to-Snowflake...

Regards,
Sushil Kumar

SHARMA-G

thanks by password you mean the encryption key pair pass-phrase which is already following the guidelines

SHARMA-G

so ihave identified the core issue why key pair is not working its because my qlik-server is setup in ec2 instance using linux so i need to move keys to the linux qlik server first and then make sure file acccess to the qlik/attunity user. Do we have some sort of guide whcih can assist me or does any of the experts have linux based commands to get this done (best practices may be)

john_wang

Hello @SHARMA-G ,

The key pair setup on Linux is very similar to the setup on Windows, and it works as expected in my lab environment.

The only difference is that on Linux, you need to place the key file in a specific directory. Please ensure that the account used for the process (by default, 'attunity') has sufficient permissions to access both the directory and the .p8 key file.

Hope this helps.

John.

Help users find answers! Do not forget to mark a solution that worked for you! If already marked, give it a thumbs up!

Issue with Key Pair Authentication for Snowflake in Qlik Replicate (May 2024 Version)

Errors - Unexpected Behavior