[Docs]: Misleading example of SNOWFLAKE_PRIVATE_KEY

[martinw-intersport]

Company Name

No response

Object type(s)

No response

Documentation Link

https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/docs/index.md

Description

In section #keypair-authentication-passphrase and #order-precedence mentioned example to assign SNOWFLAKE_PRIVATE_KEY with private key path, like

export SNOWFLAKE_USER="..."
export SNOWFLAKE_PRIVATE_KEY="~/.ssh/snowflake_key.p8"
export SNOWFLAKE_PRIVATE_KEY_PASSPHRASE="..."

Instead the SNOWFLAKE_PRIVATE_KEY accepts file content, and there's no way to pass in file path directly to snowflake provider.

References

No response

Would you like to implement a fix?

• Yeah, I'll take it 😎

[sfc-gh-jmichalak]

Hi @martinw-intersport 👋

You're right - the example is misleading. We will adjust this soon. You should be able to load the contents of your key file like this:

export SNOWFLAKE_PRIVATE_KEY=$(cat ~/.ssh/snowflake_key.p8)

[martinw-intersport]

Hi @sfc-gh-jmichalak,

thanks for your reply! I still get following error when i set through env var SNOWFLAKE_PRIVATE_KEY

  │ Error: could not retrieve private key: could not parse private key, key is not in PEM format
  │ 
  │   with provider["registry.terraform.io/snowflake-labs/snowflake"].accountadmin,
  │   on main.tf line 1, in provider "snowflake":
  │    1: provider "snowflake" {
  │ 

and when I run echo "$SNOWFLAKE_PRIVATE_KEY", it outputs correct file content. Is that because provider cannot load multiline file?

[sfc-gh-jmichalak]

Probably the key is not formatted correctly. Please take a look at similar issues: #2899 and #2432. We don't do any processing on the file, we just pass it straight to the gosnowflake driver - see #2899 (comment).

[martinw-intersport]

@sfc-gh-jmichalak The file is correctly formatted, at least when i use file("~/.ssh/snowflake_key.p8") it works.

But this command does not work as i said before (does this work on your side?)

export SNOWFLAKE_PRIVATE_KEY=$(cat ~/.ssh/snowflake_key.p8)

Regarding this #2899 (comment), it can be passed through on my side when env set using above command. So not due to pem.Decode

I have tried many ways, including:

• Set ssh key content as one line local variable like
  locals ssh_content = "-----BEGIN PRIVATE KEY-----\nxxx\n-----END PRIVATE KEY-----\n to pass into schema private_key, it can be recongized by provider.
• But if set ssh key content like this oneline string and then export SNOWFLAKE_PRIVATE_KEY=$(cat ~/.ssh/snowflake_key.p8) it doesn't work
• Directly export SNOWFLAKE_PRIVATE_KEY="ssh oneline string" it works
• Wrap ssh key content with <<EOT and EOT then export SNOWFLAKE_PRIVATE_KEY=$(cat ~/.ssh/snowflake_key.p8) it works

It seems there was an issue transferring the content from the SSH file to the environment variables. So your commit c7e463d about SNOWFLAKE_PRIVATE_KEY might still not work for others.

It will be good like snowflake cli to set private_key_file as file path, then we don't have to struggle with multiline string parameter. I know in gosnowflake haven't implement it, but snowflake provider can accept file path and load content by itself to pass to Config.PrivateKey