0

Running Pipelines in Azure DevOps where we need to authenticate with Snowflake and execute on Snowflake. For different Pipeline there are different Users used to authenticate and run process on Snowflake. Currently key pair authentication is used where Private key is stored in Secure Files in Azdo and Password Paraphrase is stored as Secret Variable.

I am exploring the OAuth Authentication process to connect with Snowflake from Azure DevOps.

Based on current exploration,

  1. There is a provision to create Service Connections which can be used to create OAuth connection with Snowflake. Issue -: There is no good document found for Azure DevOps and Snowflake setup.
  2. Does OAuth allow connection with different User/Role or each would need a separate Security Integration in Snowflake.
  3. My initial understanding is that Snowflake Security Integration of Type External OAuth will be useful. But is there a industry standard on which one should be used between External OAuth and Snowflake OAuth.
  4. The Token for OAuth authentication can be used as Secret Variable or linked with Azure Key Vault.

Any recommended process around Azure DevOps and Snowflake authentication for multiple user and roles.

Improve this question

1 Answer 1

Reset to default
0

Normally, one service connection can use the credentials of only one user and cannot use multi-users credentials at the same time.

If you want to use the credentials of different users in different pipelines, you need to create multiple service connections with the different user credentials for use in pipelines.

Azure DevOps can just use the authenticate methods supported and provided by Snowflake (or the Snowflake service connection) to connect with Snowflake.

If no available extensions provided by Snowflake to allow you set up service connections to connect with Snowflake, you might need to check whether Snowflake has built-in CLI for login and other operations.

The authenticate information required on the Snowflake service connections (or CLI) should be generated from the Snowflake instances to which you need to connect in pipelines.

From the Snowflake community, I found the following articles that might be helpful for you:

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.