So I have a Snowflake instance I am trying to setup for (pub/priv) key authentication for each user w/ key rotation.
Every user has a akeyless account and I'm new to akeyless/secret mgmt systems in general. After reading the docs though I feel more lost.
At first glance it seems that I should create a static secret for each user, store the public key in the sf db and store the private in the akeyless static...but as I look more into rotated secrets and encryption keys it feels that I could let akeyless take care of the actual rotation and generation. Would like to hear the communities experience and findings with this.
Thanks in advance!
I am not sure how you have set up your snowflake within Akeyless, but the idea is to store in Akeyless a strong user with permissions to your snowflake account to be able to create for you just in time secrets for your users (aka dynamic secrets). Now even easier way, is to create a Target first that will be able to connect to your snowflake account, and then have several Dynamic secrets pointing to that Target, and each one of those DS, will grant a different permissions level to snowflake. To complete the security part, using the RBAC model, you can define which user can have access (e.g. based on his email or on a group) to which DS.
Hope this info will be helpful