Streamlit native snowflake connector with key-pair authentification

Does st.connection(“snowflake”) support key-pair authentication?
In my org only SSO is allowed and if app needs to be deployed to production this does not seem to be good enough? user/password auth is prohibited.

1 Like

Did you ever find out? :slight_smile:

Unfortunately not.

I got it working today :slight_smile:

This is my secrets.toml

[connections.snowflake]
account = myaccount
user = myuser
role = myrole
warehouse = mywarehouse
database = mydatabase
schema = myschema
client_session_keep_alive = true
private_key_path = "/path/to/key.p8"

Then in my app.py:

import os
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives.asymmetric import dsa
from cryptography.hazmat.primitives import serialization

with open("/path/to/key.p8", "rb") as key:
    p_key = serialization.load_pem_private_key(
        key.read(),
        password=os.environ["PRIVATE_KEY_PASSPHRASE"].encode(),
        backend=default_backend(),
    )

pkb = p_key.private_bytes(
    encoding=serialization.Encoding.DER,
    format=serialization.PrivateFormat.PKCS8,
    encryption_algorithm=serialization.NoEncryption(),
)

conn = st.connection("snowflake", type="snowflake", private_key=pkb)

I have the passphrase in my environment variables.

1 Like