API Reference for Access to Secrets¶
You can use Java or Python to retrieve credentials contained in a secret you created with the CREATE SECRET statement. This topic lists the methods for getting information from a secret. These are available with APIs included in Snowflake.
Java API for Secret Access¶
For code in Java, use the com.snowflake.snowpark_java.types.SnowflakeSecrets class.
The following table lists methods for accessing data in a secret.
Method |
Description |
|---|---|
|
Gets the generic token string held by the secret specified by |
|
Gets the OAuth2 access token held by the secret specified by |
|
Gets the type of the secret specified by |
|
Gets the username and password from the secret specified by |
To use the SnowflakeSecrets class:
Make the Snowpark library available to your handler code using the PACKAGES clause as described in CREATE FUNCTION.
In your handler code, import
com.snowflake.snowpark_java.types.SnowflakeSecrets.Construct a
SnowflakeSecretsobject, and call one of the methods listed above to access the secret.
Code in the following example retrieves the value set for the TYPE clause when the secret was created with CREATE SECRET. Here,
the oauth_token secret is of type OAUTH2.
CREATE OR REPLACE FUNCTION get_secret_type()
RETURNS STRING
LANGUAGE JAVA
HANDLER = 'SecretTest.getSecretType'
EXTERNAL_ACCESS_INTEGRATIONS = (external_access_integration)
PACKAGES = ('com.snowflake:snowpark:latest')
SECRETS = ('cred' = oauth_token )
AS
$$
import com.snowflake.snowpark_java.types.SnowflakeSecrets;
public class SecretTest {
public static String getSecretType() {
SnowflakeSecrets sfSecrets = SnowflakeSecrets.newInstance();
String secretType = sfSecrets.getSecretType("cred");
return secretType;
}
}
$$;
Python API for Secret Access¶
For code in Python, use the _snowflake module exposed to Python UDFs that execute within Snowflake. The following table lists
_snowflake functions for accessing data in a secret.
Function |
Description |
|---|---|
|
Gets the generic token string held by the secret specified by |
|
Gets the OAuth2 access token held by the secret specified by |
|
Gets the type of the secret specified by |
|
Gets the username and password from the secret specified by |
To use the _snowflake module in your handler code, import it as you would another module.
Code in the following example retrieves the value set for the TYPE clause when the secret was created with CREATE SECRET. Here,
the oauth_token secret is of type OAUTH2.
CREATE OR REPLACE FUNCTION get_secret_type()
RETURNS STRING
LANGUAGE PYTHON
RUNTIME_VERSION = 3.8
HANDLER = 'get_secret'
EXTERNAL_ACCESS_INTEGRATIONS = (external_access_integration)
SECRETS = ('cred' = oauth_token )
AS
$$
import _snowflake
def get_secret():
secret_type = _snowflake.get_secret_type('cred')
return secret_type
$$;
Code in the following example retrieves the username and password held by the secret.
CREATE OR REPLACE FUNCTION get_secret_username_password()
RETURNS STRING
LANGUAGE PYTHON
RUNTIME_VERSION = 3.8
HANDLER = 'get_secret_username_password'
EXTERNAL_ACCESS_INTEGRATIONS = (external_access_integration)
SECRETS = ('cred' = credentials_secret )
AS
$$
import _snowflake
def get_secret_username_password():
username_password_object = _snowflake.get_username_password('cred');
username_password_dictionary = {}
username_password_dictionary["Username"] = username_password_object.username
username_password_dictionary["Password"] = username_password_object.password
return username_password_dictionary
$$;