PluginsPlugin Jdbc Snowflake

Download​Download

Download data from a Snowflake stage to Kestra's internal storage.

yaml
type: "io.kestra.plugin.jdbc.snowflake.Download"
yaml
id: snowflake_download
namespace: company.team

tasks:
  - id: download
    type: io.kestra.plugin.jdbc.snowflake.Download
    url: jdbc:snowflake://<account_identifier>.snowflakecomputing.com
    username: "{{ secret('SNOWFLAKE_USERNAME') }}"
    password: "{{ secret('SNOWFLAKE_PASSWORD') }}"
    stageName: "@demo_db.public.%myStage"
    fileName: prefix/destFile.csv
Properties

File name on Snowflake stage that should be downloaded.

Snowflake stage name.

~ or table name or stage name.

The JDBC URL to connect to the database.

Default true

Whether to compress data before uploading stream.

Specifies the default database to use once connected.

The specified database should be an existing database for which the specified default role has privileges. If you need to use a different database after connecting, execute the USE DATABASE command.

The database user's password.

Private key used for Snowflake key-pair authentication.

Kestra supports multiple private key formats for Snowflake key-pair authentication.

You can provide your key in any of the following formats:

  1. PKCS8 DER (base64-encoded, single-line)
  2. PEM PKCS8: -----BEGIN PRIVATE KEY----- ... -----END PRIVATE KEY-----
  3. PEM PKCS1 RSA: -----BEGIN RSA PRIVATE KEY----- ... -----END RSA PRIVATE KEY-----
  4. Multiline or single-line input (Kestra will normalize automatically)
  5. Encrypted PKCS8 (requires providing privateKeyPassword)

Snowflake recommends PKCS8. If your key is in PKCS1 format, Kestra will automatically convert it.

secret('SNOWFLAKE_PRIVATE_KEY') should contain:

-----BEGIN PRIVATE KEY----- MIIEvQIBADANBgkqhkiG9w0BAQEFAASC... ... -----END PRIVATE KEY-----

Example: encrypted private key

privateKey: "" privateKeyPassword: ""

Converting a PEM key to unencrypted PKCS8 DER (optional)

openssl pkcs8 -topk8 -nocrypt -inform PEM -outform DER
-in private_key.pem
-out private_key.der

base64 -w 0 private_key.der > private_key.base64

You can then store the content of private_key.base64 as the Kestra secret.

Kestra automatically detects the format and performs the necessary conversions. No manual header stripping or reformatting is required.

Specifies the private key password for key pair authentication and key rotation.

Specifies the default access control role to use in the Snowflake session initiated by the driver.

The specified role should be an existing role that has already been assigned to the specified user for the driver. If the specified role has not already been assigned to the user, the role is not used when the session is initiated by the driver. If you need to use a different role after connecting, execute the USE ROLE command.

Specifies the default schema to use for the specified database once connected.

The specified schema should be an existing schema for which the specified default role has privileges. If you need to use a different schema after connecting, execute the USE SCHEMA command.

The database user.

Specifies the virtual warehouse to use once connected.

The specified warehouse should be an existing warehouse for which the specified default role has privileges. If you need to use a different warehouse after connecting, execute the USE WAREHOUSE command to set a different warehouse for the session.

Format uri

The URI of the file on Kestra's internal storage.