Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Connect to Snowflake

            Modified on Mon, 7 Jul at 2:26 PM

            Snowflake connectivity is bundled with Omniscope -  you will be able to connect to Snowflake as seen here:


            Key-pair authentication

            The example above uses a password. If your Snowflake account prevents this, and you are unable to use a LEGACY_SERVICE user account type, you should configure key-pair authentication.


            Follow the Snowflake docs on Key-pair authentication.  If using older builds of Omniscope 2025.1 or earlier, you will need to generate and store securely an unencrypted private key. From late March 2025, Omniscope 2025.1 supports password-protected private keys without any additional steps needed.


            You'll need to add the public key to the user in Snowflake using an ALTER USER statement. It is recommended that you use a user of type SERVICE for this, too. 


            You'll also need to be sure that you are using a recent Snowflake JDBC driver. Omniscope comes bundled with this unless you are using an older version. 


            (If you are supplying the driver yourself, be sure to pick the regular Snowflake JDBC driver, and not the "thin" one. And be careful; their download page does not list the versions in natural order, you will need to hunt to find the latest one.)


            In this example we're using a private key file on the Omniscope server. This should be outside of the sharing folder, perhaps in a special folder designated for private keys created using Project Resource Access in Admin.

            Note the use of private_key_file rather than password, for authentication. The value is the full path on the Omniscope server to the private key created following the Snowflake documentation.


            Encrypted private keys

            The screenshot above is for an unencrypted private key. If it's encrypted, you'll also want to supply a private_key_file_pwd secret property, containing the password you entered when you generated the key pair:


            Base64-encoded inline private keys

            It is also possible to provide the contents of the private key inline, without needing to store the file on the server. The key must be stored encrypted, as a secret, within the project. (Note that when sharing projects by downloading them from the server, any embedded secrets such as this are cleared.) 

            To do this you must use private_key_base64 instead of private_key_file, together with private_key_file_pwd if the key was encrypted. Be sure to tick the padlock for both options as shown below. 

            To generate the base64 encoded private key, use a terminal command such as:

            cat rsa_key.p8 | base64

            or on Windows

            type rsa_key.p8 | openssl base64

            and copy the long gibberish output into the value option for private_key_base64. 
            Note, you should not need to edit the key file first - keep as-is, headers and linebreaks are not an issue.


            Also see further documentation on these parameters.


            Troubleshooting

            Snowflake JDBC errors are very difficult to read. Here's a guide:

            • If you see "Invalid parameter value null for parameter type {1}", it typically means the private key file is not present at the configured path. Double-check the private_key_file value is correct, from the perspective of the Omniscope server installation.
            • If you see "JWT token is invalid", it typically means the private key is a different one to the user account in Snowflake. Either you have the wrong user account, or you have not performed the ALTER USER step to set the RSA public key correctly or for the latest key generation.
            • If you see "Private key provided is invalid or not supported: java.security.InvalidKeyException: IOException : DER input, Integer tag error" or similar, it typically means you are using an encrypted key and have not supplied a password via the "private_key_file_pwd" parameter.
            • If you see "Private key provided is invalid or not supported: PBE parameter parsing error: expecting the object identifier for AES cipher" it typically means you are using an encrypted key and need an updated version of Omniscope to support that. Encrypted keys were supported in 2025.1 from late March 2025.
            • If you see "Private key provided is invalid or not supported: net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.io.InvalidCipherTextIOException: Error finalising cipher" it typically means you have entered an incorrect private key password.
            • If you see "Missing password", when attempting to use private key parameters, it typically means you have an older version of the JDBC driver which does not suppport those parameters. Base64 private keys were added in Snowflake JDBC 3.19.0, keypair authentication in 3.11.0.


            General troubleshooting:

            • Make sure Omniscope 2025.1 or later is installed; you can check the version in the tooltip for the Omniscope logo, bottom-left of the home page.
            • Make sure the bundled Snowflake driver is used. In the Admin > Database drivers page, it should say "Driver bundled" rather than "Driver uploaded", and should only list a single Snowflake driver version. If this is not the case, click Delete, and restart Omniscope.





            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0