API Reference for Access to Secrets¶
You can use Java or Python to retrieve credentials contained in a secret you created with the CREATE SECRET statement. This topic lists the methods for getting information from a secret. These are available with APIs included in Snowflake.
Java API for Secret Access¶
For code in Java, use the com.snowflake.snowpark_java.types.SnowflakeSecrets
class.
The following table lists methods for accessing data in a secret.
Method |
Description |
---|---|
|
Gets the generic token string held by the secret specified by |
|
Gets the OAuth2 access token held by the secret specified by |
|
Gets the type of the secret specified by |
|
Gets the username and password from the secret specified by |
|
Gets a cloud provider token containing values you can use to create a session with the cloud provider, such as AWS. Returns a
|
To use the SnowflakeSecrets
class:
Make the Snowpark library available to your handler code using the PACKAGES clause as described in CREATE FUNCTION.
In your handler code, import
com.snowflake.snowpark_java.types.SnowflakeSecrets
.Construct a
SnowflakeSecrets
object, and call one of the methods listed above to access the secret.
Code in the following example retrieves the value set for the TYPE clause when the secret was created with CREATE SECRET. Here,
the oauth_token
secret is of type OAUTH2.
CREATE OR REPLACE FUNCTION get_secret_type()
RETURNS STRING
LANGUAGE JAVA
HANDLER = 'SecretTest.getSecretType'
EXTERNAL_ACCESS_INTEGRATIONS = (external_access_integration)
PACKAGES = ('com.snowflake:snowpark:latest')
SECRETS = ('cred' = oauth_token )
AS
$$
import com.snowflake.snowpark_java.types.SnowflakeSecrets;
public class SecretTest {
public static String getSecretType() {
SnowflakeSecrets sfSecrets = SnowflakeSecrets.newInstance();
String secretType = sfSecrets.getSecretType("cred");
return secretType;
}
}
$$;
Python API for Secret Access¶
For code in Python, use the _snowflake
module exposed to Python UDFs that execute within Snowflake. The following table lists
_snowflake
functions for accessing data in a secret.
Function |
Description |
---|---|
|
Gets the generic token string held by the secret specified by |
|
Gets the OAuth2 access token held by the secret specified by |
|
Gets the type of the secret specified by |
|
Gets the username and password from the secret specified by |
|
Gets a cloud provider object containing values you can use to create a session with the cloud provider, such as AWS. Returns a type with the following attributes:
|
Authenticating for external access with AWS IAM is a preview feature available to all accounts.
To use the _snowflake
module in your handler code, import it as you would another module.
Code in the following example retrieves the value set for the TYPE clause when the secret was created with CREATE SECRET. Here,
the oauth_token
secret is of type OAUTH2.
CREATE OR REPLACE FUNCTION get_secret_type()
RETURNS STRING
LANGUAGE PYTHON
RUNTIME_VERSION = 3.9
HANDLER = 'get_secret'
EXTERNAL_ACCESS_INTEGRATIONS = (external_access_integration)
SECRETS = ('cred' = oauth_token )
AS
$$
import _snowflake
def get_secret():
secret_type = _snowflake.get_secret_type('cred')
return secret_type
$$;
Code in the following example retrieves the username and password held by the secret.
CREATE OR REPLACE FUNCTION get_secret_username_password()
RETURNS STRING
LANGUAGE PYTHON
RUNTIME_VERSION = 3.9
HANDLER = 'get_secret_username_password'
EXTERNAL_ACCESS_INTEGRATIONS = (external_access_integration)
SECRETS = ('cred' = credentials_secret )
AS
$$
import _snowflake
def get_secret_username_password():
username_password_object = _snowflake.get_username_password('cred');
username_password_dictionary = {}
username_password_dictionary["Username"] = username_password_object.username
username_password_dictionary["Password"] = username_password_object.password
return username_password_dictionary
$$;