Skip to main content

Creating a Snowflake Server with RSA Key-Pair Authentication

This guide walks through creating a dedicated Snowflake user for Bytespree and configuring RSA key-pair authentication.

Adam McDonald avatar
Written by Adam McDonald
Updated yesterday

1. Create a Dedicated Bytespree User

Create a dedicated user in Snowflake, for example:

CREATE USER BYTESPREE_USER;

Note:
This user currently requires Snowflake administrator access due to schema and column limitations. The Bytespree team is actively working to remove this requirement.

2. Generate a Private RSA Key

On your local machine, create a private RSA key.

For macOS

Run the following command in your terminal:

openssl genrsa 2048 | openssl pkcs8 -topk8 -v2 des3 -inform PEM -out rsa_key.p8

  • You may add an encryption password for additional security.

  • Press Enter if you prefer no password.

For Windows

Use PuTTYgen to generate the RSA key.
The process is similar to macOS, but performed via a graphical interface.

3. Generate a Public RSA Key

Next, create the public key based on your private RSA key:

openssl rsa -in rsa_key.p8 -pubout -out rsa_key.pub

View the generated public key file with:

cat rsa_key.pub

or open it in a text editor.

4. Update the Snowflake User

Assign the public key to your Snowflake user and disable password authentication.

ALTER USER BYTESPREE_USER SET RSA_PUBLIC_KEY='<<PUBLIC_KEY_HERE>>';

ALTER USER BYTESPREE_USER UNSET PASSWORD;

After this, the user can only log in using the private RSA key—password login will be disabled.

5. Configure Bytespree to Use RSA Authentication

  1. In Bytespree, navigate to:
    Admin → Servers

  2. Click Use Existing Server in the upper-right corner.

  3. Choose Snowflake.

  4. Fill out the fields as follows:

Field

Description

Name

Display name of the server

Hostname

Account/Server URL found in Snowflake under “Connect a Tool to Snowflake” (bottom right)

Username

The Snowflake user (e.g., BYTESPREE_USER)

Password

Leave blank if you ran ALTER USER BYTESPREE_USER UNSET PASSWORD;

Port

443

Default Database

Usually Snowflake

Authentication Method

Select RSA Key (with or without Password) depending on your setup

Target Database

Optional (may be left blank)

Warehouse

The Snowflake warehouse for this user (defaults to the user’s default if unspecified)

RSA Key

Paste the entire contents of your private key file (begins with -----BEGIN ENCRYPTED PRIVATE KEY----- or -----BEGIN PRIVATE KEY-----)

Password

If your RSA key was encrypted, enter the key password here

Click Save.

Bytespree will verify that it can connect to your Snowflake server using the provided RSA key.

6. Verification

Once saved, Bytespree should successfully connect to Snowflake using your RSA key-pair authentication—without requiring a password.

Did this answer your question?