Link Search Menu Expand Document
Virtues

Key Based Snowflake Service User Authentication

urn:js:virtue:aspire:standard:342.1

TL;DR

Snowflake service users should authenticate using RSA keys, not using username and password.

Definition

Snowflake service users should authenticate using RSA keys, not using username and password. Exceptions will be granted by Governance where particular services/applications are unable to handle keys.

Appendix

Optional - Misc details related to what is being proposed.

Adherance

The following SQL will provide a list of all service users in Snowflake that do not use key based authentication:

select * from snowflake.account_usage.users where disabled = ‘false’ and deleted_on is null and name not like ‘%@%’ and name not like ‘%_ADMIN’ and HAS_RSA_PUBLIC_KEY = ‘FALSE’;

Where an exception has been granted and username and password is acceptable, these should be excluded/ignored from this output.