snow connection generate-jwt¶

Generate and display a JWT token.

Syntax¶

snow connection generate-jwt
  --connection <connection>
  --host <host>
  --port <port>
  --account <account>
  --user <user>
  --password <password>
  --authenticator <authenticator>
  --private-key-file <private_key_file>
  --token-file-path <token_file_path>
  --database <database>
  --schema <schema>
  --role <role>
  --warehouse <warehouse>
  --temporary-connection
  --mfa-passcode <mfa_passcode>
  --enable-diag
  --diag-log-path <diag_log_path>
  --diag-allowlist-path <diag_allowlist_path>
  --format <format>
  --verbose
  --debug
  --silent
Copy

Arguments¶

None

Options¶

--connection, -c, --environment TEXT

Name of the connection, as defined in your config.toml file. Default: default.

--host TEXT

Host address for the connection. Overrides the value specified for the connection.

--port INTEGER

Port for the connection. Overrides the value specified for the connection.

--account, --accountname TEXT

Name assigned to your Snowflake account. Overrides the value specified for the connection.

--user, --username TEXT

Username to connect to Snowflake. Overrides the value specified for the connection.

--password TEXT

Snowflake password. Overrides the value specified for the connection.

--authenticator TEXT

Snowflake authenticator. Overrides the value specified for the connection.

--private-key-file, --private-key-path TEXT

Snowflake private key file path. Overrides the value specified for the connection.

--token-file-path TEXT

Path to file with an OAuth token that should be used when connecting to Snowflake.

--database, --dbname TEXT

Database to use. Overrides the value specified for the connection.

--schema, --schemaname TEXT

Database schema to use. Overrides the value specified for the connection.

--role, --rolename TEXT

Role to use. Overrides the value specified for the connection.

--warehouse TEXT

Warehouse to use. Overrides the value specified for the connection.

--temporary-connection, -x

Uses connection defined with command line parameters, instead of one defined in config. Default: False.

--mfa-passcode TEXT

Token to use for multi-factor authentication (MFA).

--enable-diag

Run Python connector diagnostic test. Default: False.

--diag-log-path TEXT

Diagnostic report path. Default: <temporary_directory>.

--diag-allowlist-path TEXT

Diagnostic report path to optional allowlist.

--format [TABLE|JSON]

Specifies the output format. Default: TABLE.

--verbose, -v

Displays log entries for log levels info and higher. Default: False.

--debug

Displays log entries for log levels debug and higher; debug logs contain additional information. Default: False.

--silent

Turns off intermediate output to console. Default: False.

--help

Displays the help text for this command.

Usage notes¶

The snow connection generate-jwt command generates a JWT (JSON Web Token) that you can use for key-pair authentication when connecting to Snowflake. You can use the token to connect to Snowflake from any Snowflake application, such as the SQL REST API or the Snowflake REST APIs.

Examples¶

This example generates a token for account TEST and user JDOE, using the private key from rsa_key.p8:

snow connection generate-jwt --user JDOE --account TEST --private-key-file=rsa_key.p8
Copy

The command prompts you for a private key passphrase to complete the connection. You can avoid the prompt by providing the passphrase in the PRIVATE_KEY_PASSPHRASE environment variable.