Skip to content

Commit 78e3989

Browse files
authored
docs(snowflake): security integrations (#122)
* docs(snowflake): security integrations * Update security-integrations.md
1 parent c0d74a8 commit 78e3989

File tree

1 file changed

+91
-0
lines changed

1 file changed

+91
-0
lines changed
Lines changed: 91 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,91 @@
1+
---
2+
title: Security Integrations
3+
description: Get started with Security Integrations in LocalStack for Snowflake
4+
tags: ["Base"]
5+
---
6+
7+
## Introduction
8+
9+
Security Integration is a Snowflake object that acts as a bridge between Snowflake and an external identity, API, or provisioning service. Security Integrations simplify single sign-on, token-based API access, and automated user/role management while keeping sensitive keys encrypted and auditable within Snowflake.
10+
11+
The Snowflake emulator lets you test Security Integrations locally by mocking their creation and management. You can set up a Snowflake OAuth-based security integration that handle user authentication for Snowflake access.
12+
13+
## Getting started
14+
15+
This guide is designed for users new to Security Integrations and assumes basic knowledge of SQL and Snowflake. Start your Snowflake emulator and connect to it using an SQL client in order to execute the queries further below.
16+
17+
In this guide, you will create a Security Integration, display the Security Integration details, alter the Security Integration configuration, and drop the Security Integration.
18+
19+
### Create a Security Integration
20+
21+
You can create a Security Integration using the `CREATE SECURITY INTEGRATION` statement. In this example, you can create an OAuth-based Security Integration called `my_oauth_integration`:
22+
23+
```sql
24+
CREATE SECURITY INTEGRATION my_oauth_integration
25+
TYPE = OAUTH
26+
ENABLED = true
27+
OAUTH_CLIENT = CUSTOM
28+
OAUTH_CLIENT_TYPE = 'PUBLIC'
29+
OAUTH_REDIRECT_URI = 'https://example.com/callback'
30+
OAUTH_ISSUE_REFRESH_TOKENS = true;
31+
```
32+
33+
### Describe Security Integration
34+
35+
You can view detailed information about a Security Integration using the `DESCRIBE SECURITY INTEGRATION` statement:
36+
37+
```sql
38+
DESCRIBE SECURITY INTEGRATION my_oauth_integration;
39+
```
40+
41+
The output should display various properties of the Security Integration:
42+
43+
```sql
44+
property |property_type|property_value |property_default|
45+
------------------------------------------+-------------+----------------------------------+----------------+
46+
BLOCKED_ROLES_LIST |List |[] |[] |
47+
COMMENT |String | | |
48+
ENABLED |Boolean |RuntimeException: Unknow json type|false |
49+
NETWORK_POLICY |String | | |
50+
OAUTH_ALLOWED_AUTHORIZATION_ENDPOINTS |List |[] |[] |
51+
OAUTH_ALLOWED_TOKEN_ENDPOINTS |List |[] |[] |
52+
OAUTH_ALLOW_NON_TLS_REDIRECT_URI |Boolean |false |false |
53+
OAUTH_AUTHORIZATION_ENDPOINT |String | | |
54+
OAUTH_CLIENT_ID |String | | |
55+
OAUTH_CLIENT_RSA_PUBLIC_KEY_2_FP |String | | |
56+
OAUTH_CLIENT_RSA_PUBLIC_KEY_FP |String | | |
57+
OAUTH_CLIENT_TYPE |String |PUBLIC |CONFIDENTIAL |
58+
OAUTH_ENFORCE_PKCE |Boolean |false |false |
59+
OAUTH_ISSUE_REFRESH_TOKENS |Boolean |RuntimeException: Unknow json type|true |
60+
OAUTH_REDIRECT_URI |String |https://example.com/callback | |
61+
OAUTH_REFRESH_TOKEN_VALIDITY |Integer |7776000 |7776000 |
62+
OAUTH_SINGLE_USE_REFRESH_TOKENS_REQUIRED |Boolean |false |false |
63+
OAUTH_TOKEN_ENDPOINT |String | | |
64+
OAUTH_USE_SECONDARY_ROLES |String |NONE |NONE |
65+
PRE_AUTHORIZED_ROLES_LIST |List |[] |[] |
66+
USE_PRIVATELINK_FOR_AUTHORIZATION_ENDPOINT|Boolean |false |false |
67+
```
68+
69+
### Alter Security Integration
70+
71+
You can modify the configuration of an existing Security Integration using the `ALTER SECURITY INTEGRATION` statement. In this example, you can disable the integration:
72+
73+
```sql
74+
ALTER SECURITY INTEGRATION my_oauth_integration SET ENABLED = false;
75+
```
76+
77+
### Show Security Integrations
78+
79+
You can display the Security Integrations using the `SHOW SECURITY INTEGRATIONS` statement:
80+
81+
```sql
82+
SHOW SECURITY INTEGRATIONS LIKE 'my_oauth_integration';
83+
```
84+
85+
### Drop Security Integration
86+
87+
You can drop the Security Integration using the `DROP SECURITY INTEGRATION` statement:
88+
89+
```sql
90+
DROP SECURITY INTEGRATION my_oauth_integration;
91+
```

0 commit comments

Comments
 (0)