# Step 2: Create a Key Pair for Snowflake Authentication

Composable Audience Studio connects to Snowflake using RSA key pair authentication. You generate a private/public key pair, assign the public key to a Snowflake user, and provide the private key to Treasure Data.

## Generate the Key Pair

Run the following commands to create an RSA key pair in PKCS#8 format:


```bash
# Generate a 2048-bit private key in PKCS#8 format (no passphrase)
openssl genrsa 2048 | openssl pkcs8 -topk8 -inform PEM -out rsa_key.p8 -nocrypt

# Derive the public key from the private key
openssl rsa -in rsa_key.p8 -pubout -out rsa_key.pub
```

This creates two files:

- **rsa_key.p8** -- Private key (keep this secure; you will provide it to Treasure Data)
- **rsa_key.pub** -- Public key (you will assign this to your Snowflake user)


Important
The private key must be in PKCS#8 format. Other formats will cause connection failures.

## Assign the Public Key to a Snowflake User

Open the public key file and copy its contents, excluding the `-----BEGIN PUBLIC KEY-----` and `-----END PUBLIC KEY-----` headers:


```bash
cat rsa_key.pub
```

In Snowflake, assign the public key to the user that Treasure Data will use:


```sql
ALTER USER <username> SET RSA_PUBLIC_KEY='MIIBIjANBgkqhk...your_public_key_content...';
```

Verify the key assignment:


```sql
DESC USER <username>;
```

Look for the `RSA_PUBLIC_KEY_FP` property to confirm the key fingerprint is set.

Reference
For more details, see the [Snowflake Key Pair Authentication Documentation](https://docs.snowflake.com/en/user-guide/key-pair-auth).