This guide explains how to migrate your Snowflake destination’s authentication method from password-based authentication to key-pair authentication on Integrate.io.
Prerequisites
- The destination node or pipeline does not need to be recreated; only the existing destination requires modification.
Steps to Migrate to Key-Pair Authentication
Steps to Migrate to Key-Pair Authentication
1. Generate a Key Pair for Snowflake
To set up key-pair authentication for the user configured in the destination, follow Snowflake's official guide: Configuring Key-Pair Authentication.
- Generate a public-private key pair.
- Store the private key securely, as it will be used in later steps.
2. Assign the Public Key to the Snowflake User
Run the following command in Snowflake to associate the public key with the user:
ALTER USER example_user SET RSA_PUBLIC_KEY='MIIBIjANBgkqh...';
Replace example_user
with the appropriate Snowflake username and 'MIIBIjANBgkqh...'
with the actual public key.
3. Modify the Snowflake Destination in Integrate.io (ELT & CDC)
Once the Snowflake-side setup is complete, update the destination settings in Integrate.io:
- Navigate to Destinations in the Integrate.io dashboard.
- Locate the desired Snowflake destination, click on it ****and then click Edit.
- Go to the Destination Credentials section.
- Change the Authentication Type to Key-Pair.
- Upload the private key you generated earlier.
- If the private key is encrypted, enter the corresponding passphrase. If it is not encrypted, leave this field blank.
4. Test and Apply Changes
- Click Test Connection to validate the setup.
- If the test is successful, click Save to apply the changes.
- If the pipeline using this destination is running, it will restart automatically upon saving the changes.
5. Key Rotation Considerations
If you need to rotate the key pair for the Snowflake user, follow these steps:
- Generate a new key pair and update the Snowflake user’s RSA_PUBLIC_KEY or RSA_PUBLIC_KEY_2.
- Update the destination settings in Integrate.io with the new private key and passphrase, if applicable.
- Test and save the connection.