Snowflake Key Pair Rotation

Introduction

This documentation provides step-by-step instructions for performing key-pair rotation in Snowflake using the Select Star API. The rotation process ensures that your authentication keys are updated securely and efficiently. All steps in this guide are executed via API requests, allowing seamless integration into automated workflows.

Here is an overview of the steps covered:

Note: The only method to rotate keys for a Snowflake integration is through API requests. Ensure that your workflows accommodate this API-based approach.

Authentication

All API requests require an API token. Instructions to obtain and manage your API token can be found .

Base URL: https://api.production.selectstar.com/

Permissions

Role "Admin" is required to perform key-pair rotation.

1. Get a new public key from Select Star

This API generates a new key pair for your organization. The private key is securely stored by Select Star, while the public key is returned in the response.

Endpoint:

GET /v1/data-sources/keygen/

Response:

{
  "public_key": "MIIBIjANB...."
}

2. Update the public key in Snowflake

Assign the public key generated in the previous step to the user in Snowflake (step 1 in the Snowflake documentation).

Once the new public key is added, both the new and old keys remain valid simultaneously. This allows you to update your data source configurations in Select Star without experiencing any downtime.

Note: We recommend removing the old public key from the user (step 3 in the Snowflake documentation) after updating the data source in Select Star.

3. Update the public key of your data source in Select Star

This API allows users to update credentials, merging new information with existing ones. This is useful for updating public keys after rotation.

Endpoint:

PATCH /v1/data-sources/<guid>/credentials/

Payload:

{
  "credentials": {
    "public_key": "MIIBIjANB....",
    // Optional other credential fields
  }
}