page_title | description |
---|---|
Provider: Snowflake |
Manage SnowflakeDB with Terraform. |
This is a terraform provider plugin for managing Snowflake accounts. Coverage is focused on part of Snowflake related to access control.
provider snowflake {
// required
username = "..."
account = "..."
region = "..."
// optional, at exactly one must be set
password = "..."
oauth_access_token = "..."
private_key_path = "..."
// optional
role = "..."
}
- account (String, Optional)
- browser_auth (Boolean, Optional)
- oauth_access_token (String, Optional)
- password (String, Optional)
- private_key_path (String, Optional)
- region (String, Optional)
- role (String, Optional)
- username (String, Optional)
The Snowflake provider support multiple ways to authenticate:
- Password
- OAuth Access Token
- Browser Auth
- Private Key
In all cases account, username, and region are required.
You should generate the public and private keys and set up environment variables.
cd ~/.ssh
openssl genrsa -out snowflake_key 4096
openssl rsa -in snowflake_key -pubout -out snowflake_key.pub
To export the variables into your provider:
export SNOWFLAKE_USER="..."
export SNOWFLAKE_PRIVATE_KEY_PATH="~/.ssh/snowflake_key"
If you have an OAuth access token, export these credentials as environment variables:
export SNOWFLAKE_USER='...'
export SNOWFLAKE_OAUTH_ACCESS_TOKEN='...'
Note that once this access token expires, you'll need to request a new one through an external application.
If you choose to use Username and Password Authentication, export these credentials:
export SNOWFLAKE_USER='...'
export SNOWFLAKE_PASSWORD='...'
In addition to generic provider
arguments
(e.g. alias
and version
), the following arguments are supported in the Snowflake
provider
block:
account
- (required) The name of the Snowflake account. Can also come from theSNOWFLAKE_ACCOUNT
environment variable.username
- (required) Username for username+password authentication. Can come from theSNOWFLAKE_USER
environment variable.region
- (required) Snowflake region to use. Can be source from theSNOWFLAKE_REGION
environment variable.password
- (optional) Password for username+password auth. Cannot be used withbrowser_auth
orprivate_key_path
. Can be source fromSNOWFLAKE_PASSWORD
environment variable.oauth_access_token
- (optional) Token for use with OAuth. Generating the token is left to other tools. Cannot be used withbrowser_auth
,private_key_path
orpassword
. Can be source fromSNOWFLAKE_OAUTH_ACCESS_TOKEN
environment variable.private_key_path
- (optional) Path to a private key for using keypair authentication.. Cannot be used withbrowser_auth
,oauth_access_token
orpassword
. Can be source fromSNOWFLAKE_PRIVATE_KEY_PATH
environment variable.role
- (optional) Snowflake role to use for operations. If left unset, default role for user will be used. Can come from theSNOWFLAKE_ROLE
environment variable.