Skip to main content

Key-Pair Authentication Migration Guide

Key-pair authentication provides a strong authentication method between ALTR and Snowflake compared to password authentication. Snowflake is deprecating password authentication in 2025, requiring all users to update existing connections to leverage key-pair authentication. Follow this guide to migrate your existing ALTR connections from password authentication to key-pair authentication.

Note

You need a Snowflake role with OWNERSHIP on the ALTR’s service user in order to migrate to key-pair authentication. The following query will identify which role has OWNERSHIP on the service user:

SELECT OWNER FROM SNOWFLAKE.ACCOUNT_USAGE.USERS WHERE NAME = '<USER>' AND DELETED_ON IS NULL;

Step 1: Identify Existing Service Users

ALTR has recently updated to separately manage service users from Snowflake connections. This enables customers to more easily manage one or a small number of service users being across several Snowflake data source connections. There should be a service user entry for each service user in use by your ALTR account. Most customers should have a small number of service user entries.

To identify a list of service users used by ALTR:

  1. Log into the ALTR platform.

  2. Select Data ConfigurationService Users in the Navigation menu.

  3. Identify all service users listed with “password” as the Authentication Method.

Each of these users must be updated to use key-pair authentication. If they are not updated before Snowflake deprecates single-factor password authentication, any ALTR connections using that service user will break.

Note

ALTR automatically generated a service user entry for each unique service user leveraged by your ALTR organization. There may be duplicate service user entries if any of your connections had incorrect passwords. If there are duplicate entries, first consolidate them into a single service user record before proceeding by changing the service user record associated with connections on the Data Source page.

Step 2: Update Service Users to Use Key-Pair Authentication

This process must be taken for each service user using password authentication, identified in Step 1.

To update service users to use key-pair authentication:

  1. Click Edit Service User on the user to update.

  2. Click the Key-Pair Authentication tab.

  3. Click Generate Key.

  4. Copy the generated SQL snippet.

  5. Log into Snowflake as a role that has the OWNERSHIP privilege on the service user.

    Note

    The following query can be used to identify what role has OWNERSHIP on the service user:

    SELECT OWNER FROM SNOWFLAKE.ACCOUNT_USAGE.USERS WHERE NAME = '<USER>' AND DELETED_ON IS NULL;

  6. Execute the SQL snippet from step 4.

  7. Navigate back to ALTR and click Save on the service user

    Important

    If you were logged out of ALTR due to inactivity between steps 4 and 7, you must restart this process.

In this section: