Snowflake Private Key Auth Issues

ded2025 · April 21, 2025, 6:30pm

Metabase (open source) deployed to EC2 via JAR file. I am getting an error when trying to use a Snowflake private key auth. I placed the file on the server at /metabase/keys/snowflake-key.p8. This key is not encrypted.

I get the error when trying to save the connection using the above file path as the Local file path in the auth section:
Cannot invoke "java.lang.CharSequence.length()" because "this.text" is null

Diagnostic info:

{
  "browser-info": {
    "language": "en-US",
    "platform": "MacIntel",
    "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36",
    "vendor": "Google Inc."
  },
  "metabase-info": {
    "databases": [
      "postgres",
      "redshift",
      "snowflake"
    ],
    "run-mode": "prod",
    "plan-alias": "pro-self-hosted-yearly",
    "version": {
      "date": "2025-04-08",
      "tag": "v1.54.2",
      "hash": "446d9aa"
    },
    "settings": {
      "report-timezone": null
    },
    "hosting-env": "unknown",
    "application-database": "postgres",
    "application-database-details": {
      "database": {
        "name": "PostgreSQL",
        "version": "14.13"
      },
      "jdbc-driver": {
        "name": "PostgreSQL JDBC Driver",
        "version": "42.7.5"
      }
    }
  },
  "system-info": {
    "file.encoding": "UTF-8",
    "java.runtime.name": "OpenJDK Runtime Environment",
    "java.runtime.version": "21.0.6+7-LTS",
    "java.vendor": "Amazon.com Inc.",
    "java.vendor.url": "https://aws.amazon.com/corretto/",
    "java.version": "21.0.6",
    "java.vm.name": "OpenJDK 64-Bit Server VM",
    "java.vm.version": "21.0.6+7-LTS",
    "os.name": "Linux",
    "os.version": "4.14.355-276.618.amzn2.x86_64",
    "user.language": "en",
    "user.timezone": "UTC"
  }
}```

Any help would be appreciated.

marcos · April 21, 2025, 10:11pm

Hello there,

This issue is reported here: Snowflake RSA connection doesn't work with Hostname setting · Issue #53749 · metabase/metabase · GitHub, I'm asking around for any updates on this.

As a temporary workaround, I believe using Account Name instead of Hostname should let you continue. Can you please try that out and see if it works?

ded2025 · April 22, 2025, 5:21pm

Thanks, will take a look. We are using AWS Privatelink , so unsure of what the account name would be (vs the privatelink host)

Will take a look and keep an eye on that Github issue. Thanks @marcos

arakaki · April 22, 2025, 8:17pm

Hey, thanks for the report. We are working on the issue.

Can you confirm your use case?

you connect to Snowflake via AWS private link. You need to use a custom hostname instead of an account name.
you authenticate via RSA key pair (not user/pw)

This RSA key pair is created as any other key pair used for regular (non private link) connections