Categories:

System functions (System Information)

SYSTEM$VERIFY_CMK_INFO¶

Verifies your customer-managed key (CMK) configuration and returns a message about the registered CMK.

See also:

Understanding CMK self-registration with support activation of Tri-Secret Secure

Syntax¶

SYSTEM$VERIFY_CMK_INFO()
Copy

Note

Private connectivity isn’t currently supported on Google Cloud.

Returns¶

Returns a successful status message or information about the unsuccessful verification:

  • AWS:

    +----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
    |                                                                                                                                                                                               SYSTEM$VERIFY_CMK_INFO()                                                                                                                                                                                               |
    +----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
    | Verification failed due to an exception with message: Access is denied to the customer managed key (CMK) for this account. This could be because: 1) the CMK access permissions granted to Snowflake have been revoked OR 2) the CMK is disabled OR 3) the CMK is scheduled for deletion OR 4) the CMK specified is wrong. CMK ARN used: arn:aws:kms:us-west-2:736112632311:key/ceab36e4-f0e5-4b46-9a78-86e8f17a0f59 |
    +----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
    
  • Azure::

    +----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
    |                                                                                                                                                     SYSTEM$VERIFY_CMK_INFO()                                                                                                                                                     |
    +----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
    | Verification failed due to an exception with message: Error received from the customer managed key (CMK) provider caused by user: 'Your request cannot be completed because of the failure of an external dependency. Please try again later.'. CMK KEY URI used: https://trisecretsite.vault.azure.net/keys/TriSecretAZKeyWrong |
    +----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
    
  • Google Cloud:

    +---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
    |                                                                                                                                                                                                                   SYSTEM$VERIFY_CMK_INFO()                                                                                                                                                                                                                    |
    +---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
    | Verification failed due to an exception with message: Access is denied to the customer managed key (CMK) for this account. This could be because: 1) the CMK access permissions granted to Snowflake have been revoked OR 2) the CMK is disabled OR 3) the CMK is scheduled for deletion OR 4) the CMK specified is wrong. CMK resource ID used: projects/my-env/locations/us-west2/keyRings/TriSecretTest/cryptoKeys/TriSecretGCPKey                         |
    +---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
    

Access control requirements¶

Only account administrators (users with the ACCOUNTADMIN role) or a role that is granted the MONITOR SECURITY privilege can call this function.

Examples¶

Obtain the status of the CMK for your Snowflake account:

SELECT SYSTEM$VERIFY_CMK_INFO();
Copy