SNOW-1808401: Issue while reading private key from azure functions configs

[hemantkadam03]

I always get below exception when my azure serverless application reads private key and tries to connect to snowflake.

Error: Could not read private key with value passed in connection string. \n Error : incorrect private key value or private key format: use "\n" for newlines and double the equals sign. SqlState: , VendorCode: 270052, QueryId: : System.NullReferenceException: Object reference not set to an instance of an object.

I have tried adding "\n" and double equal signs in my privatekey but still not working. Strange thing is same connection string with private key works fine, if i run serverless application locally in visual studio on my windows laptop. below is sample snowflake connection string which i am coufiguring in cloud service.

account=accountName;ROLE=roleName;user=userName;AUTHENTICATOR=snowflake_jwt;PRIVATE_KEY="-----BEGIN PRIVATE KEY-----\nASDASDASDjkhkjhASDASDkjhkjj\najhgsdjhasgdhjasdASDASDASDajshdjhsaasdas\njkashdkhjsk\n83798324jksdfhkjsdfv7jXxSXsY4xW\n-----END PRIVATE KEY-----\n";schema=schemaName;db=dbName;

Can you please suggest any solution to this. i did connect with snowflake team but they mention as request is not reaching to snowflake so it means the issue is with .net driver which is Snowflake.Data V2.2.0

Please answer these questions before submitting your issue.

In order to accurately debug the issue this information is required. Thanks!

1. What version of .NET driver are you using?
   Snoeflake.Data V 2.2.0

2. What operating system and processor architecture are you using?
   linux

3. What version of .NET framework are you using?
   .net 8.0

4. What did you do?

5. What did you expect to see?

   it should accept the snowflake connection string with private key and then connect to snowflake

6. Can you set logging to DEBUG and collect the logs?

Error: Could not read private key with value passed in connection string. \n Error : incorrect private key value or private key format: use "\n" for newlines and double the equals sign. SqlState: , VendorCode: 270052, QueryId: : System.NullReferenceException: Object reference not set to an instance of an object.
https://community.snowflake.com/s/article/How-to-generate-log-file-on-Snowflake-connectors

There is an example in READMD.md file showing you how to enable logging.

Before sharing any information, please be sure to review the log and remove any sensitive
information.

[sfc-gh-dszmolka]

hi, thanks for raising this issue. So Snowflake.Data 2.2.0 is very old and several bugfixes were introduced since it was released. Do you think it would be possible to try with the latest version?

Also can you please give me the case number you had with Snowflake Support where the advice was to raise the issue here ?

[hemantkadam03]

i have updated Snowflake.Data to 4.2.0 but still the same issue. littlebit different error msg though below is the error message now.

Error: Could not read private key with value passed in connection string. \n Error : incorrect private key value or private key format: use "\n" for newlines and double the equals sign. SqlState: , VendorCode: 270052, QueryId: : System.FormatException: The input is not a valid Base-64 string as it contains a non-base 64 character, more than two padding characters, or an illegal character among the padding characters.

case number with snowflake support is below
Case#00889309-Unable to login using Key/Pay with .NetDriver on Azure.

please let me know if you find any solution. we are almost stuck with deployment into azure

[sfc-gh-dszmolka]

Thank you - from the support case I understand that

• the implementation works perfectly with the same .NET driver on local machine, using key-pair authentication (you also hinted this in the issue submission here)
• issue is only surfacing when same app is run from Azure Function App, using the key-pair authentication, with the same key

thus the issue might be specific to how Azure is formatting the key and I also see

• my colleague already provided you several publicly available documentation pieces which might be relevant to the solution
• you're also working with Microsoft (Azure Support i guess?), as for now, the issue seems to be specific to their platform

What you can also try:

• if that's feasible, try passing the key as an envvar in your local repro, and if that works, then load and pass the same key as same envvar in Azure Function. Optimally, log out the envvar value in both local repro and Azure function, to see if the content is still the same, if it turns out it doesn't work in Azure Function
• instead of PRIVATE_KEY, try using PRIVATE_KEY_FILE which needs to be pointed at a key file, and not passing the key content . Of course you'll need to pass/mount the key file first into the Azure Function if that's possible, or perhaps reference from Key Vault
  • you can also look at https://stackoverflow.com/questions/72330358/azure-function-to-generate-jwt-token-error-desterilising-private-key-stored-in-k where the poster had similar problem, to see if the approach helps (with PRIVATE_KEY too). It's Python, but i still think it can be relevant.

[sfc-gh-dszmolka]

closing this issue for now but please let us know if you need any further help here.