Snowflake Integration : Anaplan Connect with Private key

vipsgoyani2000
vipsgoyani2000
in Integrations and extensibility

Hi All

Anaplan connect is unable to extract private key while making a JDBC connection to snowflake. Error says “Try setting the JVM argument: -Dnet.snowflake.jdbc.enableBouncyCastle=TRUE”

I believe I am using the supported version of Java (v8) & the latest version of Anaplan connect(4.2.1).  I have converted.p8 to .pem just incase but same error. Installed Bouncy castle as per Anaplan connect guide as well. Does anyone succeed in using a private key directly as part of your CA certificate authentication? 

jdbc.connect.url=jdbc:snowflake://XXXX.us-east-1.snowflakecomputing.com/?warehouse=RSM_XS_WH&db=CDR&schema=RSM&private_key_file=C:/anaplan-connect-4.2.1/key/key.p8&private_key_file_pwd=XXXX

PS- I can connect to snowflake via snowsql using .p8 key and passphrase combination so there is nothing wrong with private key.

image.png

Regards,

Vipul

Best Answer

  • vipsgoyani2000
    vipsgoyani2000
    Answer ✓

    @purt - Thanks for great suggestions there. The issue was resolved by adding argument below into Java Security file.

    -Dnet.snowflake.jdbc.enableBouncyCastle=TRUE

    Thank you !

Answers

  • Unknown
    Unknown
    edited August 2024
    This content has been removed.
  • curclutter
    curclutter

    It sounds like you've covered many of the typical troubleshooting steps for this issue. Here are a few additional things you might check or try to resolve the problem with Anaplan Connect and JDBC connectivity to Snowflake:

    1. Set JVM Argument: Ensure -Dnet.snowflake.jdbc.enableBouncyCastle=true is correctly added to your Java command.
    2. Verify Key Path: Double-check the .p8 key file path in the JDBC URL.
    3. Check Key Format: Ensure the .p8 key is properly formatted in PKCS#8.
    4. Bouncy Castle: Confirm Bouncy Castle library is on the Java classpath.
    5. Permissions: Ensure the key file has the right read permissions.
    6. Special Characters: Escape special characters in the passphrase.
    7. Test with Java: Try a simple Java program to test the JDBC connection.

    These steps should help you narrow down where the problem bitlife might be. If the issue persists after these checks, it might be useful to share the exact error message for a deeper look.

  • vipsgoyani2000
    vipsgoyani2000
    edited October 2024

    Thank you @curclutter and @vitexbakle for your input. Bouncy Castle library installation issue was resolved by updating java security file with below.

    -Dnet.snowflake.jdbc.enableBouncyCastle=true

    somehow this didn't not working.

    1. Set JVM Argument: Ensure -Dnet.snowflake.jdbc.enableBouncyCastle=true is correctly added to your Java command.

  • alexpavel
    alexpavel

    @vipsgoyani2000 : what do you see in your Snowflake private key file?

    If it contains "---BEGIN ENCRYPTED PRIVATE KEY--" you may need to generate the private key without encryption:

    The private key PEM file without encryption should contain "---BEGIN PRIVATE KEY---"

    Hope it helps

    Alex

  • purt
    purt

    It seems like you've covered most of the common troubleshooting steps, but the error suggests there might still be an issue with the JVM argument or the key format. Here are a few suggestions:

    1. Ensure JVM Argument is Properly Set: Double-check that the -Dnet.snowflake.jdbc.enableBouncyCastle=TRUE argument is correctly added to your ANAPLAN_OPTS or Java environment settings before running the Anaplan Connect script.
    2. Check Key Permissions: Ensure the .p8 or .pem file has the appropriate read permissions for the user running the script in idle breakout
    3. Use a Fully Qualified Key Path: Verify that the path to your key is correctly resolved. Try replacing C:/anaplan-connect-4.2.1/key/key.p8 with a different directory to test.
    4. Convert the Key Using OpenSSL Again: If you converted .p8 to .pem, double-check the conversion steps. Alternatively, create a fresh .p8 key and retry without converting to .pem.
    5. Confirm Driver Compatibility: While you're on the supported versions, ensure you're also using the correct Snowflake JDBC driver version that matches with the rest of your setup.
    6. Experiment with Other Tools: Since SnowSQL works, compare how the key and authentication behave there. You might discover subtle configuration differences.

    If these steps don't work, you may want to check if there's an issue specific to Anaplan Connect's handling of private keys. You could also reach out to Snowflake or Anaplan support for further assistance.

Categories