keboola · jirkasemmler · Jun 27, 2025
diff --git a/packages/php-storage-driver-snowflake/.env.dist b/packages/php-storage-driver-snowflake/.env.dist
@@ -1,7 +1,6 @@
 SNOWFLAKE_HOST=
 SNOWFLAKE_PORT=
 SNOWFLAKE_USER=
-SNOWFLAKE_PASSWORD=
 SNOWFLAKE_PRIVATE_KEY=
 SNOWFLAKE_CERT=
 SNOWFLAKE_DATABASE=

diff --git a/packages/php-storage-driver-snowflake/README.md b/packages/php-storage-driver-snowflake/README.md
@@ -27,9 +27,9 @@ GRANT ALL PRIVILEGES ON DATABASE "KEBOOLA_CI_PHP_STORAGE_DRIVER_SNOWFLAKE" TO RO
 GRANT USAGE ON WAREHOUSE "DEV" TO ROLE "KEBOOLA_CI_PHP_STORAGE_DRIVER_SNOWFLAKE";
 
 CREATE USER "KEBOOLA_CI_PHP_STORAGE_DRIVER_SNOWFLAKE"
-PASSWORD = ''
 DEFAULT_ROLE = "KEBOOLA_CI_PHP_STORAGE_DRIVER_SNOWFLAKE"
 RSA_PUBLIC_KEY = '<your_public_key>'
+TYPE = SERVICE
 ;
 
 GRANT ROLE "KEBOOLA_CI_PHP_STORAGE_DRIVER_SNOWFLAKE" TO USER "KEBOOLA_CI_PHP_STORAGE_DRIVER_SNOWFLAKE";
@@ -41,7 +41,6 @@ set up env variables:
 SNOWFLAKE_HOST: keboolaconnectiondev.us-east-1.snowflakecomputing.com
 SNOWFLAKE_PORT: 443
 SNOWFLAKE_USER: KEBOOLA_CI_PHP_STORAGE_DRIVER_SNOWFLAKE
-SNOWFLAKE_PASSWORD: ${{ secrets.SNOWFLAKE_PASSWORD }}
 SNOWFLAKE_PRIVATE_KEY: ${{ secrets.SNOWFLAKE_PRIVATE_KEY }} # note: it has to be full private key in PEM format, including the header and footer
 SNOWFLAKE_DATABASE: KEBOOLA_CI_PHP_STORAGE_DRIVER_SNOWFLAKE
 SNOWFLAKE_WAREHOUSE: DEV

diff --git a/packages/php-storage-driver-snowflake/src/ConnectionFactory.php b/packages/php-storage-driver-snowflake/src/ConnectionFactory.php
@@ -12,30 +12,6 @@
 
 final class ConnectionFactory
 {
-    /**
-     * Check if a string is a valid RSA private key
-     */
-    private static function isValidRsaPrivateKey(string $key): bool
-    {
-        // Remove any whitespace and check if it looks like a PEM encoded key
-        $key = trim($key);
-        if (!str_contains($key, '-----BEGIN') || !str_contains($key, 'PRIVATE KEY-----')) {
-            return false;
-        }
-
-        // Try to get the private key details
-        $privateKey = openssl_pkey_get_private($key);
-        if ($privateKey === false) {
-            return false;
-        }
-
-        // Get the details to verify it's an RSA key
-        $details = openssl_pkey_get_details($privateKey);
-
-        // Check if it's an RSA key
-        return $details !== false && isset($details['key']) && $details['type'] === OPENSSL_KEYTYPE_RSA;
-    }
-
     public static function createFromCredentials(GenericBackendCredentials $credentials): Connection
     {
         $meta = $credentials->getMeta();
@@ -45,30 +21,17 @@ public static function createFromCredentials(GenericBackendCredentials $credenti
         } else {
             throw new Exception('SnowflakeCredentialsMeta is required.');
         }
-
-        // Check if the secret is a valid RSA private key
-        $isRsaKey = self::isValidRsaPrivateKey($credentials->getSecret());
-
         $connectionParams = [
             'port' => (string) $credentials->getPort(),
             'warehouse' => $meta->getWarehouse(),
             'database' => $meta->getDatabase(),
         ];
 
-        if ($isRsaKey) {
-            return SnowflakeConnectionFactory::getConnectionWithCert(
-                $credentials->getHost(),
-                $credentials->getPrincipal(),
-                $credentials->getSecret(),
-                $connectionParams,
-            );
-        } else {
-            return SnowflakeConnectionFactory::getConnection(
-                $credentials->getHost(),
-                $credentials->getPrincipal(),
-                $credentials->getSecret(),
-                $connectionParams,
-            );
-        }
+        return SnowflakeConnectionFactory::getConnectionWithCert(
+            $credentials->getHost(),
+            $credentials->getPrincipal(),
+            $credentials->getSecret(),
+            $connectionParams,
+        );
     }
 }
diff --git a/packages/php-storage-driver-snowflake/tests/Functional/ConnectionFactoryTest.php b/packages/php-storage-driver-snowflake/tests/Functional/ConnectionFactoryTest.php
@@ -12,31 +12,6 @@
 
 class ConnectionFactoryTest extends TestCase
 {
-    public function testCreateFromCredentialsWithPassword(): void
-    {
-        // Create credentials with a password
-        $credentials = new GenericBackendCredentials();
-        $credentials->setHost((string) getenv('SNOWFLAKE_HOST'));
-        $credentials->setPrincipal((string) getenv('SNOWFLAKE_USER'));
-        $credentials->setSecret((string) getenv('SNOWFLAKE_PASSWORD'));
-        $credentials->setPort((int) getenv('SNOWFLAKE_PORT'));
-
-        $meta = new Any();
-        $meta->pack(
-            (new SnowflakeCredentialsMeta())
-                ->setWarehouse((string) getenv('SNOWFLAKE_WAREHOUSE'))
-                ->setDatabase((string) getenv('SNOWFLAKE_DATABASE')),
-        );
-        $credentials->setMeta($meta);
-
-        // Create connection
-        $connection = ConnectionFactory::createFromCredentials($credentials);
-
-        // Test connection works
-        $result = $connection->executeQuery('SELECT 1 as TEST');
-        $this->assertEquals(1, $result->fetchOne());
-    }
-
     public function testCreateFromCredentialsWithPrivateKey(): void
     {
         // Create credentials with a key

diff --git a/packages/php-storage-driver-snowflake/tests/Functional/ConnectionTestWithPassword.php b/packages/php-storage-driver-snowflake/tests/Functional/ConnectionTestWithPassword.php