diff --git a/dlt/helpers/dbt/profiles.yml b/dlt/helpers/dbt/profiles.yml index cccab0d369..2414222cbd 100644 --- a/dlt/helpers/dbt/profiles.yml +++ b/dlt/helpers/dbt/profiles.yml @@ -122,7 +122,7 @@ snowflake_pkey: role: "{{ env_var('DLT__CREDENTIALS__ROLE', '') }}" schema: "{{ var('destination_dataset_name', var('source_dataset_name')) }}" warehouse: "{{ env_var('DLT__CREDENTIALS__WAREHOUSE', '') }}" - private_key: "{{ env_var('DLT__CREDENTIALS__PRIVATE_KEY') }}" + private_key: "{{ env_var('DLT__CREDENTIALS__PRIVATE_KEY') }}" # base64 encoded private key private_key_passphrase: "{{ env_var('DLT__CREDENTIALS__PRIVATE_KEY_PASSPHRASE', '') }}" threads: 4 diff --git a/docs/website/docs/dlt-ecosystem/destinations/snowflake.md b/docs/website/docs/dlt-ecosystem/destinations/snowflake.md index 4b25ef538d..084ed40d9e 100644 --- a/docs/website/docs/dlt-ecosystem/destinations/snowflake.md +++ b/docs/website/docs/dlt-ecosystem/destinations/snowflake.md @@ -78,24 +78,21 @@ You can also pass credentials as a database connection string. For example: destination.snowflake.credentials="snowflake://loader:@kgiotue-wn98412/dlt_data?warehouse=COMPUTE_WH&role=DLT_LOADER_ROLE" ``` -In **key pair authentication** you replace password with a private key exported in PEM format. The key may be encrypted. In that case you must provide a passphrase. +In **key pair authentication** you replace password with a private key string that should be in Base64-encoded DER format, representing the key bytes. The key may be encrypted. In that case you must provide a passphrase. ```toml [destination.snowflake.credentials] database = "dlt_data" username = "loader" host = "kgiotue-wn98412" -private_key = """-----BEGIN ENCRYPTED PRIVATE KEY----- - MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDz5LZoccgKZ4jH - ... ------END PRIVATE KEY----- +private_key = "LS0tLS1CRUdJTiBFTkNSWVBURUQgUFJJ....Qo=" private_key_passphrase="passphrase" -""" ``` +> You can easily get the base64-encoded value of your private key by running `base64 -i .pem` in your terminal -We allow to pass private key and passphrase in connection string. Please url encode the private key and passphrase. +If you pass a passphrase in the connection string, please url encode it. ```toml # keep it at the top of your toml file! before any section starts -destination.snowflake.credentials="snowflake://loader:@kgiotue-wn98412/dlt_data?private_key=&private_key_passphrase=" +destination.snowflake.credentials="snowflake://loader:@kgiotue-wn98412/dlt_data?private_key=&private_key_passphrase=" ``` ## Write disposition