snowflake-auth-token
--snowflake-auth-token is a string parameter that specifies the authentication token value for token-based authentication with Snowflake databases. This parameter is available in Liquibase Pro/Secure and requires a valid license.
Uses
When using token-based authentication mechanisms with Snowflake, you must provide the actual token value for authentication. This parameter supplies the token to Liquibase for authenticating your connection.
Token-based authentication provides several advantages:
OAuth integration — Supports OAuth 2.0 authentication flows for enterprise identity management.
Federated identity — Works with identity providers like Okta, Azure AD, or other SAML-based systems.
Short-lived credentials — Tokens can have limited lifespans for enhanced security.
Externalbrowser flows — Supports browser-based SSO authentication mechanisms.
Service accounts — Ideal for service-to-service authentication in automated workflows.
You must set --snowflake-auth-token when:
OAuth authentication — You've configured
--snowflake-auth-typeto use OAuth or other token-based authentication.SSO integration — Your organization uses browser-based or federated authentication requiring token exchange.
Service accounts — Automated processes authenticate using service account tokens rather than user credentials.
Temporary credentials — You're using short-lived tokens that expire and are regularly rotated.
Note: This parameter must be used in conjunction with --snowflake-auth-type. The token format and requirements depend on the authentication type configured (OAuth, externalbrowser, etc.).
Syntax
You can set this parameter in the following ways:
Option | Syntax |
Liquibase properties file (defaults file) | liquibase.snowflake.auth.token: <string> |
Global flow file argument (example) |
|
Global CLI parameter |
|
JVM system property (JAVA_OPTS Environment Variable) | Unix:
Windows:
|
Liquibase Environment Variables |
|