# Snowflake Key Pair Rotation

## Introduction

This documentation provides step-by-step instructions for performing key-pair rotation in Snowflake using the Select Star API. The rotation process ensures that your authentication keys are updated securely and efficiently. All steps in this guide are executed via API requests, allowing seamless integration into automated workflows.

Here is an overview of the steps covered:

1. [Get a new public key from Select Star](#id-1.-get-a-new-public-key-from-select-star)
2. [Update the public key in Snowflake](#id-2.-update-the-public-key-in-snowflake)
3. [Update the public key of your data source in Select Star](#id-3.-update-the-public-key-of-your-data-source-in-select-star)

**Note:** The only method to rotate keys for a Snowflake integration is through API requests. Ensure that your workflows accommodate this API-based approach.

## Authentication

All API requests require an API token. Instructions to obtain and manage your API token can be found [here](/select-star-api/authentication.md).

Base URL: `https://api.production.selectstar.com/`

## Permissions

Role "Admin" is required to perform key-pair rotation.

## 1. Get a new public key from Select Star

This API generates a new key pair for your organization. The private key is securely stored by Select Star, while the public key is returned in the response.

**Endpoint:**

```
GET /v1/data-sources/keygen/
```

**Response:**

```json
{
  "public_key": "MIIBIjANB...."
}
```

## 2. Update the public key in Snowflake

To update the public key in Snowflake, follow the steps outlined in the [Snowflake documentation](https://docs.snowflake.com/en/user-guide/key-pair-auth#configuring-key-pair-rotation).

Assign the public key generated in the previous step to the user in Snowflake (step 1 in the Snowflake documentation).

Once the new public key is added, both the new and old keys remain valid simultaneously. This allows you to update your data source configurations in Select Star without experiencing any downtime.

**Note:** We recommend removing the old public key from the user (step 3 in the Snowflake documentation) **after** updating the data source in Select Star.

## 3. Update the public key of your data source in Select Star

This API allows users to update credentials, merging new information with existing ones. This is useful for updating public keys after rotation.

**Endpoint:**

```
PATCH /v1/data-sources/<guid>/credentials/
```

**Payload:**

```json
{
  "credentials": {
    "public_key": "MIIBIjANB....",
    // Optional other credential fields
  }
}
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.selectstar.com/integrations/snowflake/key-pair-rotation.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.