This guide provides detailed instructions to set up Snowflake OAuth or Key-Pair Authentication for integration with BonData, configure access roles, and grant permissions to specific resources.
1. Authentication Options
You can connect your Snowflake account to BonData using one of the following methods:
π OAuth Authentication: Recommended for user-level integrations.
π Key-Pair Authentication: Suitable for service accounts and automation.
β Prerequisites
A Snowflake account with ACCOUNTADMIN or similar privileges.
Access to the warehouse, database, and schema you intend to use.
Replace placeholders (
YOUR_WAREHOUSE,YOUR_DATABASE, etc.) with actual resource names.
π Create the OAuth Integration
Execute the following SQL in Snowflake to create the OAuth integration:
CREATE SECURITY INTEGRATION bondata_oauth
TYPE = OAUTH
ENABLED = TRUE
OAUTH_CLIENT = CUSTOM
OAUTH_CLIENT_TYPE = 'CONFIDENTIAL'
OAUTH_REDIRECT_URI = 'https://app.bondata.ai/auth/oauth2/callback'
OAUTH_ISSUE_REFRESH_TOKENS = TRUE
OAUTH_REFRESH_TOKEN_VALIDITY = 7776000; -- 90 days
Retrieve OAuth credentials with:
select SYSTEM$SHOW_OAUTH_CLIENT_SECRETS('BONDATA_OAUTH');Note the following:
OAUTH_CLIENT_IDOAUTH_CLIENT_SECRET
Configure BonData using:
URL: Snowflake account URL (
https://<your_account>.snowflakecomputing.com).APP_ID: OAuth client ID.
APP_SECRET: OAuth client secret.
π Key-Pair Authentication
Key-pair authentication connects Snowflake securely without passwords or OAuth.
π οΈ Set Up Key-Pair Auth
Generate a Key Pair:
openssl genrsa -aes256 -out rsa_key.pem 2048 && openssl rsa -in rsa_key.pem -pubout -out rsa_key.pub
Assign Public Key to User:
ALTER USER your_user
SET RSA_PUBLIC_KEY = '<copy contents of rsa_key.pub here>';
More info: Snowflake Docs β Key-Pair Authentication
2. Create a Role for the Integration
Create a dedicated role:
CREATE ROLE bondata_app_role;
Optional: Grant this role to a user:
GRANT ROLE bondata_app_role TO USER your_user;
3. Grant Access to Warehouse and Schema
Grant the role necessary privileges:
-- Warehouse access
GRANT USAGE ON WAREHOUSE <YOUR_WAREHOUSE> TO ROLE bondata_app_role;
-- Database and schema access
GRANT USAGE ON DATABASE <YOUR_DATABASE> TO ROLE bondata_app_role;
GRANT USAGE ON SCHEMA <YOUR_DATABASE>.<YOUR_SCHEMA> TO ROLE bondata_app_role;
-- Read access to schema tables GRANT SELECT ON ALL TABLES IN SCHEMA <YOUR_DATABASE>.<YOUR_SCHEMA> TO ROLE bondata_app_role;
GRANT SELECT ON FUTURE TABLES IN SCHEMA <YOUR_DATABASE>.<YOUR_SCHEMA> TO ROLE bondata_app_role;
Your Snowflake OAuth or Key-Pair integration is now configured and ready for BonData integration.
Need further assistance?
Contact BonData support for more help.