From November 2025, Snowflake will phase out simple username-password logins in favor of key-pair authentication, which is a more secure, standards-based approach. All users, especially service and machine accounts, will need to switch to this new authentication method.
Key-pair authentication uses a public/private key pair to verify identity, significantly reducing the risk of breaches from phishing, brute-force attacks, or leaked credentials. It is also ideal for automation scenarios where MFA isn’t practical, ensuring that only those who possess the private key can connect to your Snowflake account.
In this guide, you will learn how to generate a Snowflake key pair. Alternatively, you can also follow the official Snowflake documentation.
Step 1: Generate your public and private keys
A key pair consists of:
- A private key that stays securely with you and
- A public key that you will register in Snowflake.
Together, they replace the traditional credentials (username and password) and enable Snowflake to verify your identity without ever transmitting sensitive information.
Generate your private key
To generate an encrypted private key, make sure you have openssl:
- MacOS:
opensslshould be installed by default. - Windows: You can get
opensslin the following ways:- Download Git for Windows command line tool.
- Use the Windows Subsystem for Linux (WSL) command line.
- Download openssl directly and add it to your system PATH.
-
Open the terminal and enter the following:
openssl genrsa 2048 | openssl pkcs8 -topk8 -v2 des3 -inform PEM -out rsa_key.p8 -
To generate an encrypted private key, you will be asked to enter a passphrase twice.
-
Remember this passphrase or save it somewhere safe, you will need it for Snowflake integration in Dawiso.
Generate your public key
The next step is to use the private key with the passphrase and generate a public key, which will be assigned to your Snowflake user.
Make sure you are in the same folder where you created your private key and run this command:
openssl rsa -in rsa_key.p8 -pubout -out rsa_key.pubStep 2: Assign the public key to a Snowflake user
-
Open the public key with
cat rsa_key.pubas seen above and copy the value between the-----BEGIN PUBLIC KEY-----and-----END PUBLIC KEY-----markers. This value is the actual key that you need to assign to your integration account (created in Prepare for Snowflake integration). -
Add your new public key to Snowflake by executing the following query in the SQL editor:
ALTER USER DAWISO_INTEGRATION_USER SET rsa_public_key= 'MIIBIjANBgkqhkiG9w0BAQEy0b4CoKCOzPo1UVsqX/DR7ho+nn1EKSICe8XsnUx 528wDImUgB0QDuj9hih23M/zrSA7yeHHaQ8dQ8skib/EGRkQp0IpzWVFKy1l7Q J6heNwx+6eYBg/f/2mOZLn8zwc5Q4zQpyQYwc+F45/mwEx7IzmUkogpRtDv/ FYrV3LxWiSTf/z3kfAffo3anCUr3J ...REST OF THE PUBLIC KEY';
Make sure to replace:
- The example username (
DAWISO_INTEGRATION_USER) with your actual Dawiso user (created in Prepare for Snowflake integration). - The example public key with your actual key.
Make sure to store your public and private key files securely, you will need them when connecting from Dawiso to Snowflake.