Applies to:
- Liquibase Pro
- Liquibase Open Source (Community)
Summary:
You can configure your Liquibase environment to connect to your Snowflake database using a private key. This method supports both encrypted and unencrypted private keys.
Environment Conditions:
- Snowflake JDBC
- Java LTS version
How to configure a Snowflake JDBC connection with a private key:
Environment Setup
There are required components to setting up your environment to successfully connect using a private key.
- An LTS version of Java is required. This is a requirement from Snowflake.
- In this example, we are using Java OpenJDK 17.0.12.
- You'll need to set the following JAVA_OPTS variable:
-
export JAVA_OPTS='-Dnet.snowflake.jdbc.enableBouncyCastle=true'
-
- Ensure that you have a supported Snowflake JDBC version.
- Note: If you're using snowflake-jdbc3.16.1, you must use the "private_key_file_pwd" syntax in your URL.
Create the private and public keys
You can find the full detailed steps in Snowflake's documentation, which are summarized below for convenience.
Generate the private key
There are several ways to do this, depending on your security needs. Below are a few examples:
Unencrypted Private Key
openssl genrsa 2048 | openssl pkcs8 -topk8 -inform PEM -out <PRIVATE_KEY_FILENAME>.p8 -nocrypt
Encrypted Private Keys
openssl genrsa 2048 | openssl pkcs8 -topk8 -v2 des3 -inform PEM -out <PRIVATE_KEY_FILENAME>.p8
openssl genrsa 3072 | openssl pkcs8 -topk8 -v2 aes256 -inform PEM -out <PRIVATE_KEY_FILENAME>.p8
Review the OpenSSL documentation for more information on creating private keys.
Generate a public key
The following command assumes the private key is encrypted.
openssl rsa -in <PRIVATE_KEY_FILENAME>.p8 -pubout -out <PUBLIC_KEY_FILENAME>.pub
This will generate a public key in PEM format.
Assign the public key to your connecting Snowflake user
In your Snowflake database, execute an ALTER USER command to assign the public key to the Snowflake user you're connecting with.
ALTER USER example_user SET RSA_PUBLIC_KEY='MIIBIjANBgkqh...';
Configure your Liquibase JDBC connection
Below is the correct format of a JDBC connection to Snowflake using an encrypted private key. Including the username in the URL is not required, so you can pass that value in separately.
jdbc:snowflake://ExxxxxV-Gxxxxx4.snowflakecomputing.com/?db={DATABASE_NAME}&schema={SCHEMA_NAME}&user={USERNAME}&private_key_file={PRIVATE_KEY_FILE_PATH}&private_key_pwd={PRIVATE_KEY_PASSWORD}
- Note: If you're using snowflake-jdbc3.16.1, you must use the "private_key_file_pwd" syntax instead of "private_key_pwd" in your URL.
Comments
0 comments
Article is closed for comments.