snowflake-auth-type

--snowflake-auth-type is a string parameter that specifies the authentication mechanism for connecting to Snowflake databases. This parameter is available in Liquibase Pro/Secure and requires a valid license.

Uses

When connecting to Snowflake, you can use different authentication methods depending on your security requirements and infrastructure setup. The --snowflake-auth-type parameter tells Liquibase which authentication mechanism to use.

Common authentication types include:

  • Username/Password — Standard authentication using database credentials (default Snowflake behavior).

  • Key Pair (PKI) — Public Key Infrastructure authentication using private key files for enhanced security.

  • OAuth — OAuth-based authentication for federated identity management.

  • Externalbrowser— Browser-based SSO authentication.

You may want to set --snowflake-auth-type in the following scenarios:

  • Enhanced security — Your organization requires certificate-based authentication instead of password-based authentication.

  • Automated processes — CI/CD pipelines require authentication using key pairs rather than interactive credentials.

  • SSO integration — You need to integrate with your organization's identity provider using OAuth or browser-based authentication.

  • Compliance requirements — Security policies mandate specific authentication mechanisms for database access.

Note: When using key pair authentication, you must also specify --snowflake-auth-private-key-path and optionally --snowflake-auth-private-key-passphrase if your key is encrypted.

Syntax

You can set this parameter in the following ways:

Option

Syntax

Liquibase properties file (defaults file)

liquibase.snowflake.auth.type: <string>

Global flow file argument (example)

stages: Default: actions: - type: liquibase command: update globalArgs: {snowflake-auth-type: "<string>"}

Global CLI parameter

liquibase --snowflake-auth-type=<string> update --changelog-file=mychangelog.xml

JVM system property (JAVA_OPTS Environment Variable)

Unix:

JAVA_OPTS=-Dliquibase.snowflake.auth.type=<string>

Windows:

JAVA_OPTS=-D"liquibase.snowflake.auth.type"=<string>

Liquibase Environment Variables

LIQUIBASE_SNOWFLAKE_AUTH_TYPE=<string>

Valid Values

Value

Description

PKI

Public Key Infrastructure authentication using private/public key pairs. Generates JWT tokens for authentication (equivalent to Snowflake's snowflake_jwt authenticator).

oauth

OAuth token-based authentication.