Authenticate with Snowflake PKI or OAuth
Snowflake allows you to use token based authentication to secure communications and authenticate entities such as user names and passwords within its ecosystem. This is available with Public Key Infrastructure (PKI) or with Open Authorization (OAuth) and both are a mechanism that improves overall security architecture.
By November 2025, Snowflake will require token-based authentication.
Before you begin
- Generate your own token by following the Snowflake authenticator documentation
- Familiarize yourself with the liquibase.properties file.
- Choose between the OAauth and PKI authentication method.
- Choose between setting the
OAUTH
parameter in the URL or in theliquibase.snowflake.auth.token
property.
It is important to know that the liquibase token property takes precedence over the equivalent parameter in the URL. So, if you set oneOAUTH
parameter in your URL, and you set another one in your token property, you will see an error. Be sure to only specify one or the other for successful authentication.
OAuth Step-by-step
- In the liquibase.properties file, add your token under the
authMechanism=OAUTH
section:- Copy
authMechanism=OAUTH
liquibase.snowflake.auth.type=oauth
liquibase.snowflake.auth.token=your_token
PKI Step-by-step
- In the liquibase.properties file, add your private key information under the
liquibase.snowflake.auth.type
section:- Copy
liquibase.snowflake.auth.type=PKI
liquibase.snowflake.auth.token=your_token
liquibase.snowflake.auth.privateKeyPath=<path_to_private_key>
liquibase.snowflake.auth.privateKeyPassphrase=<Pass_phrase_to_a_private_key>
PrivateKeyPassphrase
options:
Your private key may be encrypted. It is best practice to employ a passphrase for security purposes.- If your
rsa_key
is encrypted, theprivateKeyPassphrase
is required to decrypt it.
Specify yourliquibase.snowflake.auth.privateKeyPassphrase
in theliquibase.properties
file.
If you are using an encrypted private key and do not specify aliquibase.snowflake.auth.privateKeyPassphrase
, you will see this error:CopyERROR: Exception Details: Unexpected error running Liquibase: Used Private key is encrypted with a passphrase. Please provide one in the 'snowflake-auth-private-key-passphrase' configuration. For more information, please use the --log-level flag
- If your
rsa_key
is not encrypted, theprivateKeyPassphrase
is not necessary.
- If your