# Using Key Pair Authentication ## Before you start To connect Snowflake to Select Star, you will need: * Admin access to your Snowflake instance via the `ACCOUNTADMIN` role. Complete the following steps to enable metadata, lineage, and popularity for your Snowflake data in Select Star. 1. [Get Public Key from Select Star](#id-1.-get-public-key-from-select-star) 2. [Create a Select Star role and user in Snowflake](#id-2.-create-select-star-role-and-user-in-snowflake) 3. [Grant optional permissions](#id-3.-grant-optional-permissions) 4. [Connect Snowflake to Select Star](#id-4.-connect-snowflake-to-select-star) 5. [Choose databases and schemas](#id-5.-choose-databases-and-schemas) *** ## 1. Get Public Key from Select Star 1. **Go to Data Sources in Select Star** * Navigate to **Settings > Data**. * Click **+ Add** to create a new data source. ![](https://3470314135-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MgAiVthA_yg9UXKuhyY%2Fuploads%2Fgit-blob-1b5ef3716637dedbfa0eb69326a83270b0773b0b%2FAdd_Data_Source_Settings.gif?alt=media) 2. **Select Snowflake as the Source Type** * In the **Source Type** dropdown, choose **Snowflake**. ![](https://3470314135-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MgAiVthA_yg9UXKuhyY%2Fuploads%2Fgit-blob-eaccd28498c9b3450c2ac45669a66a4eae72a289%2Fsnowflake-1.png?alt=media) 3. **Fill in the Connection Details** Provide the following information: * **Display Name:** * Default is `Snowflake`. You can customize it if desired. * **Account:** * Your Snowflake account name (the part before `.snowflakecomputing.com` in your Snowflake URL). * **Role:** * The role you will grant to the service account user. * **Warehouse:** * The name of the data warehouse you will give us access to. 4. **Choose Key Pair Authentication** * Select **Key Pair** as the authentication method. ![](https://3470314135-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MgAiVthA_yg9UXKuhyY%2Fuploads%2Fgit-blob-79b0fe880133acadc927086dada2c89115aa9d0b%2Fsnowflake-2.png?alt=media) 5. **Copy the Public Key** * Select Star generates a pair of keys: a **public key** and a **private key**. * The **public key** will be displayed on the screen along with a copy button. Use this button to copy the public key. * This public key is required for creating a user in Snowflake. * You can leave the form open, as you’ll return to it to complete the connection details after creating the Snowflake user. ## 2. Create Select Star Role and User in Snowflake Use the `ACCOUNTADMIN` role and run the following SQL in your Snowflake instance. Replace `` with the copied public key from Select Star. ```sql -- Required for basic metadata & query history access CREATE ROLE selectstar_role; GRANT IMPORTED PRIVILEGES ON DATABASE snowflake TO ROLE selectstar_role; CREATE USER selectstar DEFAULT_ROLE = 'selectstar_role' TYPE = 'SERVICE' RSA_PUBLIC_KEY = ''; -- Replace with the copied public key GRANT ROLE selectstar_role TO USER selectstar; GRANT USAGE ON WAREHOUSE MED TO ROLE selectstar_role; ``` {% hint style="info" %} These are the minimum permissions required for Select Star to collect basic metadata and query history. Query history is also used to generate lineage. {% endhint %} ## 2a. Updating an Existing User with a Key Pair If you already have a Snowflake user for Select Star and just need to add or update the key pair, use the following command: ```sql ALTER USER selectstar SET RSA_PUBLIC_KEY = ''; ``` * Replace `` with the public key generated by Select Star. This will update the user's key pair without needing to recreate the user. ## 3. Grant optional permissions To enable Select Star’s **Preview** feature and access additional metadata—such as **Primary Keys (PK)** and **Foreign Keys (FK)** —you’ll need to grant the following permissions. Using the `ACCOUNTADMIN` role, execute the following SQL for each database you want to ingest (example uses `DWH` as the database name): ```sql use role ACCOUNTADMIN; grant usage on database DWH to role selectstar_role; grant usage on all schemas in database DWH to role selectstar_role; grant select on all tables in database DWH to role selectstar_role; grant select on all views in database DWH to role selectstar_role; grant usage on future schemas in database DWH to role selectstar_role; grant select on future tables in database DWH to role selectstar_role; grant select on future views in database DWH to role selectstar_role; ``` {% hint style="info" %} If the latency of updates in `ACCOUNT_USAGE` is too high for your needs (see [Snowflake documentation on data latency](https://docs.snowflake.com/en/sql-reference/account-usage#data-latency)), you can switch to `INFORMATION_SCHEMA` instead, providing faster updates in the UI. {% endhint %} #### Enhanced Lineage for Dynamic Tables To see **lineage for dynamic tables**, we recommend granting permission to **read dynamic table definitions**. Without this, lineage can only be inferred from query logs, which may not be fully reliable. Using the `ACCOUNTADMIN` role, execute the following SQL for each database you want to ingest (example uses `DWH` as the database name): ```sql use role ACCOUNTADMIN; grant usage on database DWH to role selectstar_role; grant usage on all schemas in database DWH to role selectstar_role; grant monitor on all dynamic tables in database DWH to role selectstar_role; grant monitor on future dynamic tables in database DWH to role selectstar_role; ``` {% hint style="success" %} If you're granting these permissions after your Snowflake metadata has already been synced, you'll need to re-sync it. 1. Go to **Settings > Data** 2. Click on **Sync metadata** on your Snowflake Data source. {% endhint %} ## 4. Connect Snowflake to Select Star 1. **Complete the Setup in Select Star** Once the role has been created in Snowflake, return to Select Star to complete the setup. 2. **Fill in the Authentication Details** Provide the following information: * **Authentication:** * You already selected **Key Pair** authentication. * **Username:** * The name of the service account user you created earlier. In the example above, it is `selectstar` 3. **Test the Connection and Proceed** * Once all fields are filled, click **Next** to proceed. ## 5. Choose databases and schemas After you fill in the information, you'll be asked to select the databases you'd like to load into Select Star. {% hint style="info" %} Select Star will not read queries or metadata or generate lineage for databases, schemas, or tables that are not loaded. Please load all data for which you expect to see lineage. You can [change the databases and schemas](https://docs.selectstar.com/data-source-management/manage-data-sources#configure-a-data-source) you have loaded if needed. {% endhint %} Select the database and click **Next**. ![](https://3470314135-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MgAiVthA_yg9UXKuhyY%2Fuploads%2Fgit-blob-7a2b6f22780956a34298382de4cbae404a0113ed%2FScreen%20Shot%202021-11-11%20at%203.25.49%20PM.png?alt=media) For each database you selected, you'll be able to select the schemas. ![](https://3470314135-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MgAiVthA_yg9UXKuhyY%2Fuploads%2Fgit-blob-f39bf07760f525c2fe54eeb25b543181eceb90a9%2FScreen%20Shot%202021-11-11%20at%203.26.35%20PM.png?alt=media) Your metadata should start loading automatically. Please allow 24-48 hours to completely generate popularity and lineage. When the sync is complete, you'll be able to explore Snowflake in Select Star. See the link below for more information on Snowflake in Select Star. {% hint style="info" %} Note: To change an existing data source's configuration, go to Settings > Admin > Data Sources and click **Configure** on your Snowflake data source. Click **Back** to get to the credential screen to update credentials. {% endhint %} {% content-ref url="../../learning-data/getting-started-snowflake" %} [getting-started-snowflake](https://docs.selectstar.com/learning-data/getting-started-snowflake) {% endcontent-ref %}