Connecting to Snowflake Using Key Pair Authentication

Objective:

For this document we will review how to connect to Snowflake using Key-Pair Authentication (https://docs.snowflake.com/en/user-guide/odbc-parameters.html#using-key-pair-authentication).

What is Key Pair Authentication?

Key Pair authentication allows for the use of a RSA key to authenticate requests to Snowflake rather than the traditional username/password combination. This approach is considered more secure where it is possible to implement.

Requirements

• Qlik Sense Enterprise on Windows
• Snowflake ODBC Driver (see Snowflake’s Documentation on this driver)

Snowflake Pre-Requisites:

As outlined in the Snowflake documentation. The user needs to be configured for key pair by having the public key of the certificate assigned to the RSA_PUBLIC_KEY_FP element of their user record. And the user's PASSWORD element must be null.

Qlik Sense Configuration:

• Create a DSN with the required values for:
  • User: Your Snowflake User
  • Server: Your Tenant URL
  • Database: YourDatabase
  • Schema: Your Schema
  • Warehouse: YourWarehouse
  • Role: YourRole
  • Authenticator: SNOWFLAKE_JWT
    • Note, this value is non-default and required

• Save the DSN
• Open Regedit
• (When using System DSNs), navigate to Computer\HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBC.INI\YourDSNName
• Add the following keys
  • Name: PRIV_KEY_FILE
  • Value: Drive:\Path\To\file.ext. For example C:\rsa_key.p8
  • Name: PRIV_KEY_FILE_PWD
  • Value: YourCertificatePassword

• Repeat this process on all nodes in the Qlik Sense Cluster (where the Engine service will be used)

Validate Connectivity

• Open the Data Load Editor / Data Manager
• Create a new data connection from an ODBC source

• Select your newly created DSN configured to use key pair authentication
  • Enter your Snowflake User ID
  • Enter your desired Data Connection Name
  • Create the Data Connection

• Select your data