Skip to main content
By August to October 2026, all Snowflake SERVICE connections must authenticate with Key Pair authentication. In late 2024, Snowflake introduced a new TYPE property for the USER object. The value determines permitted authentication methods and will become progressively stricter throughout 2025 and 2026. The value can be null, HUMAN, SERVICE, or LEGACY_SERVICE.

Understanding your current connection configuration

You can check your user’s configuration with:
Check user config
DESCRIBE USER <USERNAME>; -- check TYPE, RSA_PUBLIC_KEY
A TYPE of null is treated like HUMAN, and single factor password authentication will eventually be deprecated. Action required if:
  • TYPE is null or HUMAN: Apply either the long-term or temporary fix.
  • RSA_PUBLIC_KEY is set and TYPE is SERVICE: No action needed.
HUMAN or null users cannot login with single-factor passwords starting August 2026.

Long term fix: update to key pair authentication

Step 1: Set the RSA public key (which Prequel provides):
Set public key
ALTER USER <USERNAME> SET RSA_PUBLIC_KEY='MIIBI...YOUR_KEY...';
Test your connection to verify it works. Step 2: Update the user type:
Set user type
ALTER USER <USERNAME> SET TYPE = SERVICE;
DESCRIBE USER <USERNAME>; -- verify
ALTER USER <USERNAME> UNSET PASSWORD; -- optional

Temporary fix: use LEGACY_SERVICE type

As a short-term workaround, you can set:
Set legacy service type
ALTER USER <USERNAME> SET TYPE = LEGACY_SERVICE;
However, LEGACY_SERVICE users will be deprecated starting in August 2026.