snow connection generate-jwt¶

Generate a JWT token, which will be printed out and displayed..

Syntax¶

snow connection generate-jwt
  --connection <connection>
  --host <host>
  --port <port>
  --account <account>
  --user <user>
  --password <password>
  --authenticator <authenticator>
  --private-key-file <private_key_file>
  --token-file-path <token_file_path>
  --database <database>
  --schema <schema>
  --role <role>
  --warehouse <warehouse>
  --temporary-connection
  --mfa-passcode <mfa_passcode>
  --enable-diag
  --diag-log-path <diag_log_path>
  --diag-allowlist-path <diag_allowlist_path>
  --oauth-client-id <oauth_client_id>
  --oauth-client-secret <oauth_client_secret>
  --oauth-authorization-url <oauth_authorization_url>
  --oauth-token-request-url <oauth_token_request_url>
  --oauth-redirect-uri <oauth_redirect_uri>
  --oauth-scope <oauth_scope>
  --oauth-disable-pkce
  --oauth-enable-refresh-tokens
  --oauth-enable-single-use-refresh-tokens
  --client-store-temporary-credential
  --format <format>
  --verbose
  --debug
  --silent
  --enhanced-exit-codes
Copy

Arguments¶

None

Options¶

--connection, -c, --environment TEXT

Name of the connection, as defined in your config.toml file. Default: default.

--host TEXT

Host address for the connection. Overrides the value specified for the connection.

--port INTEGER

Port for the connection. Overrides the value specified for the connection.

--account, --accountname TEXT

Name assigned to your Snowflake account. Overrides the value specified for the connection.

--user, --username TEXT

Username to connect to Snowflake. Overrides the value specified for the connection.

--password TEXT

Snowflake password. Overrides the value specified for the connection.

--authenticator TEXT

Snowflake authenticator. Overrides the value specified for the connection.

--private-key-file, --private-key-path TEXT

Snowflake private key file path. Overrides the value specified for the connection.

--token-file-path TEXT

Path to file with an OAuth token to use when connecting to Snowflake.

--database, --dbname TEXT

Database to use. Overrides the value specified for the connection.

--schema, --schemaname TEXT

Database schema to use. Overrides the value specified for the connection.

--role, --rolename TEXT

Role to use. Overrides the value specified for the connection.

--warehouse TEXT

Warehouse to use. Overrides the value specified for the connection.

--temporary-connection, -x

Uses a connection defined with command line parameters, instead of one defined in config. Default: False.

--mfa-passcode TEXT

Token to use for multi-factor authentication (MFA).

--enable-diag

Whether to generate a connection diagnostic report. Default: False.

--diag-log-path TEXT

Path for the generated report. Defaults to system temporary directory. Default: <system_temporary_directory>.

--diag-allowlist-path TEXT

Path to a JSON file that contains allowlist parameters.

--oauth-client-id TEXT

Value of client id provided by the Identity Provider for Snowflake integration.

--oauth-client-secret TEXT

Value of the client secret provided by the Identity Provider for Snowflake integration.

--oauth-authorization-url TEXT

Identity Provider endpoint supplying the authorization code to the driver.

--oauth-token-request-url TEXT

Identity Provider endpoint supplying the access tokens to the driver.

--oauth-redirect-uri TEXT

URI to use for authorization code redirection.

--oauth-scope TEXT

Scope requested in the Identity Provider authorization request.

--oauth-disable-pkce

Disables Proof Key for Code Exchange (PKCE). Default: False.

--oauth-enable-refresh-tokens

Enables a silent re-authentication when the actual access token becomes outdated. Default: False.

--oauth-enable-single-use-refresh-tokens

Whether to opt-in to single-use refresh token semantics. Default: False.

--client-store-temporary-credential

Store the temporary credential.

--format [TABLE|JSON]

Specifies the output format. Default: TABLE.

--verbose, -v

Displays log entries for log levels info and higher. Default: False.

--debug

Displays log entries for log levels debug and higher; debug logs contain additional information. Default: False.

--silent

Turns off intermediate output to console. Default: False.

--enhanced-exit-codes

Differentiate exit error codes based on failure type. Default: False.

--help

Displays the help text for this command.

Usage notes¶

The snow connection generate-jwt command generates a JWT (JSON Web Token) that you can use for key-pair authentication when connecting to Snowflake. You can use the token to connect to Snowflake from any Snowflake application, such as the SQL REST API or the Snowflake REST APIs.

Examples¶

This example generates a token for account TEST and user JDOE, using the private key from rsa_key.p8:

snow connection generate-jwt --user JDOE --account TEST --private-key-file=rsa_key.p8
Copy

The command prompts you for a private key passphrase to complete the connection. You can avoid the prompt by providing the passphrase in the PRIVATE_KEY_PASSPHRASE environment variable.