Generating Keys
To connect to Snowflake, you must have a public and private key or you must generate them. The keys are generated in the PEM format.
Note
- SailPoint only supports the encrypted private key for connecting to Snowflake to ensure maximum security.
- By default, Windows systems do not support OpenSSL. You may need to download and install the OpenSSL libraries to generate your keys. Apple systems support OpenSSL by default. Go to OpenSSL to download OpenSSL for Windows.
- The generated private key is required as an input on the Connection Settings page.
To generate the private and public keys, complete the following:
-
On your system, open a command prompt, terminal, or emulator and use the following command to generate an encrypted version of the private key:
openssl genrsa 2048 | openssl pkcs8-topk8-v2 des3-inform PEM -out rsa_key.p8The command to generate an encrypted key prompts you to enter a passphrase to regulate access to the key. SailPoint recommends storing the passphrase in a secure location.
-
Use the following command to generate an encrypted version of the public key:
openssl rsa -in rsa_key.p8 -pubout -out rsa_key.pub -
Copy the public and private key files to a local directory for storage. Record the path to the files.
Note
The private key is stored using the PKCS#8 (Public Key Cryptography Standards) format and is encrypted using the passphrase you specified in the first step. However, the file should still be protected from unauthorized access using the file permission mechanism provided by your operating system. It is your responsibility to secure the file when it is not being used.