Skip to main content

Integrate with Snowflake

Follow this step by step guide to allow SlashID to monitor and protect your Snowflake instance.

First, you will create a Snowflake service account, grant it the required permissions to read your data and generate a RSA key pair which allows SlashID to interact with Snowflake on your behalf. Second, you will use the details of your new service account to configure the integration in the SlashID Console.

Step 1: Create RSA key pair

  1. Open a terminal window and create an unecrypted RSA private key using openssl:
openssl genrsa 2048 | openssl pkcs8 -topk8 -inform PEM -out rsa_key.p8 -nocrypt

The command generates a file containing a RSA private key formatted in PEM format:

-----BEGIN PRIVATE KEY-----
MIIE6T...
-----END PRIVATE KEY-----

Keep the private key safe, you will need to enter it in the SlashID Console later.

  1. From the command line, create a RSA public key using openssl:
openssl rsa -in rsa_key.p8 -pubout -out rsa_key.pub

The command generates a file containing a RSA public key formatted in PEM format:

-----BEGIN PUBLIC KEY-----
MIIBIj...
-----END PUBLIC KEY-----

Step 2: Create Snowflake service account

  1. Log in to your Snowflake account.

  2. From the menu on the left, select 'Projects' > 'Worksheets'.

  3. Using the '+' button on the top right corner, create a new 'SQL Worksheet'.

create sql worksheet

  1. Copy and paste your RSA public key in the command below and run it in the SQL Worksheet in Snowflake:
CREATE USER SLASHID_IDENTITY_PROTECTION
RSA_PUBLIC_KEY = '[YOUR_RSA_PUBLIC_KEY]'

Click on the button with the play symbol in the top right corner to run the query and create a service account user without a password. If successful, you should see the message: User SLASHID_IDENTITY_PROTECTION successfully created.

Step 3: Grant permissions

  1. In a new SQL Worksheet, run the following command to grant the required permissions to your new service account:
GRANT ROLE ACCOUNTADMIN TO USER SLASHID_IDENTITY_PROTECTION

If successful, you should see the message: Statement executed successfully.

Step 4: Obtain Snowflake account identifier

  1. Go to Snowflake's login page and choose your account but do not log in.

  2. Note the domain in your browser URL bar: it follows the format {LOCATOR.REGION.PLATFORM}.snowflakecomputing.com. Copy the text that appears before .snowflakecomputing.com, we call this your snowflake account identifier. You will need to enter it in the SlashID Console later.

Step 5: Create your Snowflake<>SlashID Integration

  1. Go to the SlashID Console > 'Identity Protection' > 'Configuration' > 'Integrations'. Click on 'Add integration' on the right.

  2. Select 'Snowflake' from the list of providers in the horizontal menu.

  3. Paste your Snowflake account identifier, your service account name (if you followed this guide literally this will be SLASHID_IDENTITY_PROTECTION) and RSA private key in the boxes provided. Click on the 'Connect' button to complete the integration.

create slashid integration

SlashID is now monitoring your Snowflake environment for potential security issues. It may take a couple of minutes for the initial data sync, after which you can start exploring security events in the 'Identity Protection Dashboard' section of the SlashID Console.