Venafi Integration for Snowflake
Updated Jul. 19 2021

Snowflake provides developers and builders of data-driven applications and services a ready-made infrastructure and engine to build and run their solutions. However, frictionless access to machine identities does not currently exist. Snowflake developers are required to use existing, antiquated processes. This Development Fund project seeks to remedy that with the integration of Venafi to enable devs to get machine identities when they need them, right in their native environment.
Solution Overview

Starschema, the developers of StarSnow, understands that Snowflake provides developers and builders of data-driven applications and services a ready-made infrastructure and engine to build and run their solutions. However, frictionless access to machine identities does not currently exist. Snowflake developers are required to use existing, antiquated processes. This burdens developers with having to learn new tools that detract from their existing workflows when machine identities are required. This project's objective is to elevate access to machine identities to “first class” citizens within Snowflake’s data layers. It will enable developers to easily request machine identities from directly within their databases.

The project will implement Venafi’s Vcert Go library within a wrapper function. The function will be initially deployed as an AWS Lambda serverless function callable using Snowflake’s native SQL. This will enable application developers to request a machine identity before bootstrapping their applications with additional configuration data during the initialization stages. An additional benefit is that the machine identities can now essentially be ephemeral “in memory” with no need to store them within a filesystem.