RPC for Snowflake in Secret Server

RPC for Snowflake in Secret Server applies to Snowflake SQL database user accounts, including both admin and non-admin user accounts.

Prerequisites

Make sure you have:

  • Two active Snowflake accounts. One of these accounts must be a privileged admin account which will be used for password changing.

  • A Secret Server user which can create two snowflake secrets.

    • Optionally, admin credentials for Secret Server (the ACCOUNTADMIN role must be assigned to the admin account).

  • The RPC feature enabled in Secret Server.

  • Permission to create and configure secrets.

  • Heartbeat monitoring and remote password-changing features enabled on Secret Server.

  • A site with a distributed engine which has access to the internet.

Configuration

  1. Log into Secret Server.

  2. Navigate to Secrets >All secrets and click the Create secret button, the Create new secret popup appears.

  3. Search for the Snowflake account template and select it. The popup refreshes automatically to reflect the fields you must fill in.

  4. Complete the following fields:

    1. Secret name: give the secret an appropriate name.

    2. AccountId: you will find this as a part of your Snowflake URL (starts with lsb followed by several numbers).

    3. Username: the username used to sign into the Snowflake account.

    4. Password: the password used to sign into the Snowflake account.

    5. Site: set a site with a distributed engine that can access Snowflake services.

    6. Leave Auto Change Enabled unchecked and click Create secret. The newly created secret loads automatically for viewing.

  5. The Heartbeat operation runs automatically to check if the entered credentials are valid. If the credentials are valid the status will change from Pending to Success.

    If the credentials are not valid the status will change from Pending to Failed.

    The distributed engine checks for RPC every 300 seconds. If the heartbeat state remains in Pending for longer than 300 seconds, confirm that the site has an operational distributed engine by accessing Settings > Sites and engines.

    To verify the status of the heartbeat processes, navigate to Settings > Heartbeat Log.

  6. Navigate to the Remote password changing tab and select Edit for the RPC/Autochange section.

  7. For Change password using, select the Privileged account credentials option.

    1. If you chose the option above, the Change password using option appears, and you must select a secret by clicking on the No secret selected link. A popup will appear where you can search for the secret you want to associate. Select a Snowflake user with the ADMINACCOUNT role used to process the password change.

    2. Click Save.

  8. (Optional) Access the Change password now option button from the top right corner if you want to change the secret password. Alternatively, it can be found under the Options dropdown list: