Using AWS Secrets Manager to get Snowflake credentials

[vicsteiner]

I have currently setup a key pair authentication following the doc here https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs#keypair-authentication-environment-variables.

However, te company I work for has a policy to avoid having too many private key (.p8) files and prefers to store it in AWS Secrets Manager.

I was wondering if there is a way I could instead of exporting TF_VAR_SNOWFLAKE_PRIVATE_KEY_PATH with a path to a local file get this info from AWS Secrets Manager directly so I can avoid having a .p8 file stored locally?

[tturkenitz]

I wanted to add that I am in the same boat. My company discourages placing physical files on our K8s clusters and mandate that we use a Secret Manager instead.

Is it possible to pass the raw text of the key to the provider instead of a file path?

[sfc-gh-asawicki]

Hey @vicsteiner @tturkenitz. In one of the recent issues, I saw a setup using the AWS secrets manager (this one: #2432). So this is possible.

And yes, private_key_path was deprecated already. You can use private_key with file function instead.

[bjornburrell-8451]

The AWS provider has a data source for secrets manager - aws_secretsmanager_secret_version - you can initialize the Snowflake provider using the data source. This pattern works well with Azure key vaults.