Does anyone know if meltano dbt-snowflake supports...
# random
i
Does anyone know if meltano dbt-snowflake supports key-pair auth? Is it just a matter of setting your private key path in profiles.yml? Are there any required env vars to set? Could I just reference the env vars I plan on using to my TARGET_SNOWFLAKE_PRIVATE_KEY_PATH or something like that?
1
e
It seems to support
private_key_path
and
private_key_passphrase
, you'd need to update your
profiles.yml
. If you're already using password auth, you could similarly reference settings in
profiles.yml
, e.g.
private_key_path: "{{ env_var('DBT_SNOWFLAKE_PRIVATE_KEY_PATH') }}"
after https://github.com/meltano/hub/pull/1962 merges and you do
meltano lock --update --all
.
1
i
awesome - thank you!
e
Let me know how it goes and if I can help 🙂
i
Was able to successfully swap both the transformer and loader to use key pair auth - the required changes were: dbt profiles.yml:
private_key: "{{ env_var('TARGET_SNOWFLAKE_PRIVATE_KEY') }}"
meltano.yml:
Copy code
settings:
    - name: private_key
instead of having
name: password
set Then ran
meltano lock --update --all
Then set that TARGET_SNOWFLAKE_PRIVATE_KEY to the private key and created a new user in snowflake and did some role adjustments and granting. I had been using the ACCOUNTADMIN role with user/pass auth, now using KeyPair auth with a much more restricted role.
🙌 1
@Edgar Ramírez (Arch.dev) thank you for the help!
e
Happy to help!
i
@Edgar Ramírez (Arch.dev) I've not yet been able to successfully run this in Azure - any ideas how the private key value should be set? Locally my env var looks like:
Copy code
36 -----BEGIN PRIVATE KEY-----
37 MIIE...
38 ...
with line breaks. I'm setting it as a secret in Azure Key Vault. I've tried it with just using the key string with no line breaks and it doesn't seem to be working properly. Should I be formatting it in any specific way to account for the line breaks or would you expect the string on one line to work correctly? I'm encountering another issue (a dagster one) which is causing me other failures simultaneously so this might actually be fine (and that might be what is causing my revision start failure), but wanted to know if you had any ideas.
e
i
Thanks! will check it out
@Edgar Ramírez (Arch.dev) this worked
Created a temporary file for the secret and ran that
az keyvault secret set --vault-name "<your-unique-keyvault-name>" --name "MultilineSecret" --file "secretfile.txt"
command
e
Nice!