Authenticate with Snowflake OAuth

Last updated: July 23, 2025

Snowflake allows you to use token-based authentication to secure communications and authenticate entities such as user names and passwords within its ecosystem. This is available with Public Key Infrastructure (PKI) or with Open Authorization (OAuth), and both are a mechanism that improves overall security architecture.

Note: By November 2025, Snowflake will require token-based authentication.

Before you begin

  • Generate your own token by following the Snowflake authenticator documentation.

  • Familiarize yourself with the liquibase.properties file.

  • Determine whether your team uses OAuth or PKI authentication, based on your organization's infrastructure and security standards.

  • Choose between setting the OAUTH parameter in the URL or in the liquibase.snowflake.auth.token property. It is important to know that the liquibase token property takes precedence over the equivalent parameter in the URL. So, if you set one OAUTH parameter in your URL and set another one in your token property, you will see an error. Be sure to only specify one or the other for successful authentication.

Procedure

1

In the liquibase.properties file, add your token under the authMechanism=OAUTH section.

liquibase.snowflake.auth.type=oauth liquibase.snowflake.auth.token=your_token