February 05-06, 2024 — 8.5 Release Notes¶

External API authentication and secrets — General Availability¶

With this release, we are pleased to announce the general availability of external API authentication and the secret object. A secret is a schema-level object that can store sensitive information, such as but not limited to OAuth refresh token values, authentication credentials such as a username and password, and other sensitive string values.

The advantage of using a secret is that it enhances your security posture because only Snowflake itself can access the sensitive information the secret stores. For example, when Snowflake authenticates to an external service, such as ServiceNow, it accesses the credentials in the secret programmatically. Similarly, if the handler code in a stored procedure references a secret, Snowflake accesses the secret programmatically when you call that stored procedure. After you create the secret, users cannot access sensitive information that the secret stores.

For details, see External API authentication and secrets.

External network access — General Availability¶

With this release, we are pleased to announce the general availability of external network access, with which you can access network locations external to Snowflake from within procedure and UDF handler code. This GA release is available on AWS and Azure except in the Gov region. External network access remains in preview for accounts using GCP.

When setting up external network access, you create a network rule that represents the external network location. If your handler code will need to authenticate with the external location, you create a secret containing the credentials needed. In handler code, you can use APIs to retrieve credential values from the secret.

For more information, see External network access overview.

Python packages policies — General Availability¶

With this release, we are pleased to announce the general availability of Python packages policies.

Using a packages policy enables you to set allowlists and blocklists for third-party Python packages from Anaconda at the account level. This lets you meet stricter auditing and security requirements and gives you more fine-grained control over which packages are available or blocked in your environment.

For more information, see Packages Policies.

COPY FILES — Preview¶

With this release, we are pleased to announce the preview of the COPY FILES command. You can use COPY FILES to copy files from one named stage to another.

For details, see COPY FILES.

Data Classification: Asynchronous tag assignments for columns of tables in a schema and automate tagging for a single classification event — Preview¶

With this release, we are pleased to announce the preview of asynchronous classification of columns for tables in a schema using SQL and Snowsight. This update enables the option for the classification and tag assignment actions to take place at different times and by different personas: for example, a data steward initiates the classification process and a tag administrator assigns the tags to columns later.

Additionally, you can choose to automate the tag assignments for a single classification event. The automation speeds up the data classification process by removing the need to manually interpret the classification results and assign tags to columns.

For details, see Use Data Classification.