Snowflake Password

ID

snowflake_password

Severity

critical

Vendor

Snowflake

Family

Password

Description

Snowflake is a Data Cloud provider, offering data storage and analytics services. Authentication credentials used in the different tools (SnowSQL CLI, database drivers …​) are based on an account ID, a username and a password.

Snowpark is a library for accessing the Snowflake data services from different programming languages.

Security

Any hardcoded Snowflake password is a potential secret reported by this detector.

Some Snowflake customers had in 2024 a massive data breach when info-stealer malware exfiltrated Snowflake credentials from the affected accounts. Leaking Snowflake credentials make even easier the threat actors' workings.

Examples

snowflake_account=jdtcusk-je123456
snowflake_user=MY_USER
# Secret leaked
snowflake_password=P4ssw0rt!
snowflake_role=account_admin

Mitigation / Fix

  1. Follow your policy for handling leaked secrets, which typically require resetting the password for the affected account and user.

  2. Remove the Snowflake Password from the source code or committed configuration file.

  3. Check access logs to ensure that the secret was not used by unintended actors during the compromised period.

  4. If using snowflake/config.toml configuration file for the Snowflake CLI, make sure that it is not under version control and that it has the appropriate permissions. In other case, try to get the credentials from a secret vault or similar mechanism, instead of hard-coding the credentials in scripts or source code.

  5. Consider using multi-factor authentication, at least for admin users and users with access to sensitive data: follow the recommendations given in Identifying Non-MFA Users and Enabling MFA.

  6. As an additional security mechanism for mitigating credential leaks, you may also restrict the access to a given whitelist of IP addresses via a Network Policy.

Reference