Categories:

System functions (System Information)

SYSTEM$GET_CMK_CONFIG_POSTGRES¶

Returns configuration information for use with customer-managed keys (CMKs) and Snowflake Postgres Tri-Secret Secure.

语法

Amazon Web Services:

SYSTEM$GET_CMK_CONFIG_POSTGRES()

Microsoft Azure:

SYSTEM$GET_CMK_CONFIG_POSTGRES( '<tenant_id>' )

实参

'tenant_id'

Specifies the unique identifier for the Azure Key Vault tenant (https://docs.microsoft.com/en-us/azure/key-vault/general/basic-concepts) in your Microsoft Azure subscription.

This value is in the GUID format, such as b3ddabe4-e5ed-4e71-8827-0cefb99af240. You can find this value by logging into the Portal and navigating to Key Vault » Overview. Select the Directory ID value.

返回

输出取决于托管您的 Snowflake 账户的云平台：

• For Amazon Web Services, a snippet of the statement identifier (Sid) for the CMK policy:

  Expand code block

  {"Sid": "Allow use of the key by Snowflake","Effect": "Allow","Principal": {"AWS": "my-arn:name/TRISECRETTEST"},"Action": ["kms:Decrypt","kms:GenerateDataKeyWithoutPlaintext"],"Resource": "arn:aws:kms:us-west-2:736112632310:key/ceab36e4-f0e5-4b46-9a78-86e8f17a0f59"},

  Show lessSee more

  Scroll to top

• For Microsoft Azure, use the Azure CLI to create service principals in your tenant for Snowflake multi-tenant apps that need to access the CMK:

  Expand code block

  az ad sp create --id appId1
  az ad sp create --id appId2

  Show lessSee more

  Scroll to top

访问控制要求

只有账户管理员（具有 ACCOUNTADMIN 角色的用户）或被授予账户 MONITOR SECURITY 权限的角色才能调用此函数。

示例

Obtain the configuration information for the CMK for your Snowflake account on Microsoft Azure:

SELECT SYSTEM$GET_CMK_CONFIG_POSTGRES('b3ddabe4-e5ed-4e71-8827-0cefb99af240');