rb_snowflake_client 1.5.0 → 1.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ddf76c34f14ea4b7192e5bd3dbdb18b7d176e66c6327fab97ef8d4352138d964
-  data.tar.gz: 20223663cc72100e28b22a4ea572611d2b2bc8291519d1cde9f2b536c02865f1
+  metadata.gz: 8d4e6f5f28c211ce79c5c049125008efdbddca46ecb670f7bc724a10c11eb5ef
+  data.tar.gz: 42378b7321d2ce549b347b5f882d85af33f393a4a34e3032fa22e5bbbaa264e7
 SHA512:
-  metadata.gz: 266de51be70f28c748b703fc55787b0a495404a62226fba151c44dfe00ce31465c3aae5e516ba362cdfa8a22a0d597514d86fd6644f263a046cb275b0a3e3f46
-  data.tar.gz: b0e90b538d9b6557d7de1b58f085570097036df3a9d1ea6be500babb6b56fafb50f21a4d905f1c50e8a274df7ffdd58b6268d65f9dc2220c7e9f70680662479c
+  metadata.gz: 33be4299bb251eb3be2ddef2301ab6e471c1a312d3a35dab3a2067d757125eec473aecf230bd84544992714e4dc7ab23b4a2129c8a460c5654eadb68de5f0109
+  data.tar.gz: 71ed8816683f48ed434fdb44515a3e92d0121d8935cc1e89c41a4accef4431ef5448c2feed0355df66cc04d17a1e88afcc7732a5a56af915d85e8345b84bd49a

data/CHANGELOG.md

@@ -7,6 +7,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## Unreleased
 
+## [1.6.0] - 2026-04-13
+### Added
+- Support for passing a passphrase when using an encrypted private key for JWT authentication (#166)
+### Security
+- Bumped `activesupport` to patch CVEs (#167)
+
 ## [1.5.0] - 2025-10-14
 ### Added
 - Instrumentation feature added for Active Support users

data/Gemfile

@@ -9,7 +9,7 @@ gem "bundler"
 gem "rake"
 
 group :development, :test do
-  gem "activesupport"
+  gem "activesupport", "~> 8.0.4", ">= 8.0.4.1"
 end
 
 group :development do

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    rb_snowflake_client (1.5.0)
+    rb_snowflake_client (1.6.0)
       bigdecimal (>= 3.0)
       concurrent-ruby (>= 1.2)
       connection_pool (>= 2.4)
@@ -13,7 +13,7 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    activesupport (8.0.3)
+    activesupport (8.0.5)
       base64
       benchmark (>= 0.3)
       bigdecimal
@@ -27,23 +27,26 @@ GEM
       tzinfo (~> 2.0, >= 2.0.5)
       uri (>= 0.13.1)
     base64 (0.3.0)
-    benchmark (0.4.1)
-    bigdecimal (3.3.1)
+    benchmark (0.5.0)
+    bigdecimal (4.1.1)
     coderay (1.1.3)
-    concurrent-ruby (1.3.5)
-    connection_pool (2.5.4)
+    concurrent-ruby (1.3.6)
+    connection_pool (3.0.2)
     diff-lcs (1.6.2)
     dotenv (3.1.8)
     drb (2.2.3)
-    i18n (1.14.7)
+    i18n (1.14.8)
       concurrent-ruby (~> 1.0)
     json (2.15.1)
     jwt (3.1.2)
       base64
     logger (1.7.0)
     method_source (1.1.0)
-    minitest (5.26.0)
+    minitest (6.0.3)
+      drb (~> 2.0)
+      prism (~> 1.5)
     parallel (1.27.0)
+    prism (1.9.0)
     pry (0.15.2)
       coderay (~> 1.1)
       method_source (~> 1.0)
@@ -65,14 +68,14 @@ GEM
     securerandom (0.4.1)
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
-    uri (1.0.4)
+    uri (1.1.1)
 
 PLATFORMS
   arm64-darwin-22
   ruby
 
 DEPENDENCIES
-  activesupport
+  activesupport (~> 8.0.4, >= 8.0.4.1)
   bundler
   parallel
   pry
@@ -81,4 +84,4 @@ DEPENDENCIES
   rspec
 
 BUNDLED WITH
-   2.5.10
+  4.0.3

data/README.md

@@ -48,6 +48,8 @@ Available ENV variables (see below in the config section for details)
 - `SNOWFLAKE_URI`
 - `SNOWFLAKE_PRIVATE_KEY_PATH` or `SNOWFLAKE_PRIVATE_KEY`
   - Use either the key or the path. Key takes precedence if both are provided.
+- `SNOWFLAKE_PRIVATE_KEY_PASSPHRASE`
+  - Optional, if you are using an encrypted private key
 - `SNOWFLAKE_ORGANIZATION`
   - Optional, if you leave it off, the library will authenticate with an account name of only SNOWFLAKE_ACCOUNT
 - `SNOWFLAKE_ACCOUNT`
@@ -265,6 +267,7 @@ or alternatively, use the client to verify:
 client = RubySnowflake::Client.new(
   "https://yourinstance.region.snowflakecomputing.com", # insert your URL here
   File.read("secrets/my_key.pem"),                      # path to your private key
+  "private-key-passphrase",                             # your private key passphrase, if it has one (defaults to nil)
   "snowflake-organization",                             # your account name (doesn't match your URL), using nil may be required depending on your snowflake account
   "snowflake-account",                                  # typically your subdomain
   "snowflake-user",                                     # Your snowflake user

data/lib/ruby_snowflake/client/key_pair_jwt_auth_manager.rb

@@ -8,12 +8,13 @@ module RubySnowflake
   class Client
     class KeyPairJwtAuthManager
       # requires text of a PEM formatted RSA private key
-      def initialize(organization, account, user, private_key, jwt_token_ttl)
+      def initialize(organization, account, user, private_key, jwt_token_ttl, private_key_passphrase = nil)
         @organization = organization
         @account = account
         @user = user
         @private_key_pem = private_key
         @jwt_token_ttl = jwt_token_ttl
+        @private_key_passphrase = private_key_passphrase
 
         # start with an expired value to force creation
         @token_expires_at = Time.now.to_i - 1
@@ -26,8 +27,7 @@ module RubySnowflake
         @token_semaphore.acquire do
           now = Time.now.to_i
           @token_expires_at = now + @jwt_token_ttl
-
-          private_key = OpenSSL::PKey.read(@private_key_pem)
+          private_key = OpenSSL::PKey.read(@private_key_pem, @private_key_passphrase)
 
           payload = {
             :iss => "#{account_name}.#{@user.upcase}.#{public_key_fingerprint}",
@@ -56,7 +56,7 @@ module RubySnowflake
         def public_key_fingerprint
           return @public_key_fingerprint unless @public_key_fingerprint.nil?
 
-          public_key_der = OpenSSL::PKey::RSA.new(@private_key_pem).public_key.to_der
+          public_key_der = OpenSSL::PKey::RSA.new(@private_key_pem, @private_key_passphrase).public_key.to_der
           digest = OpenSSL::Digest::SHA256.new.digest(public_key_der)
           fingerprint = Base64.strict_encode64(digest)
 

data/lib/ruby_snowflake/client.rb

@@ -97,6 +97,7 @@ module RubySnowflake
       new(
         ENV.fetch("SNOWFLAKE_URI"),
         private_key,
+        ENV["SNOWFLAKE_PRIVATE_KEY_PASSPHRASE"],
         ENV.fetch("SNOWFLAKE_ORGANIZATION"),
         ENV.fetch("SNOWFLAKE_ACCOUNT"),
         ENV.fetch("SNOWFLAKE_USER"),
@@ -116,7 +117,7 @@ module RubySnowflake
     end
 
     def initialize(
-      uri, private_key, organization, account, user, default_warehouse, default_database,
+      uri, private_key, private_key_passphrase = nil, organization, account, user, default_warehouse, default_database,
       default_role: nil,
       logger: DEFAULT_LOGGER,
       log_level: DEFAULT_LOG_LEVEL,
@@ -130,7 +131,7 @@ module RubySnowflake
     )
       @base_uri = uri
       @key_pair_jwt_auth_manager =
-        KeyPairJwtAuthManager.new(organization, account, user, private_key, jwt_token_ttl)
+        KeyPairJwtAuthManager.new(organization, account, user, private_key, jwt_token_ttl, private_key_passphrase)
       @default_warehouse = default_warehouse
       @default_database = default_database
       @default_role = default_role

data/lib/ruby_snowflake/version.rb

@@ -1,3 +1,3 @@
 module RubySnowflake
-  VERSION = "1.5.0"
+  VERSION = "1.6.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rb_snowflake_client
 version: !ruby/object:Gem::Version
-  version: 1.5.0
+  version: 1.6.0
 platform: ruby
 authors:
 - Rinsed
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-10-14 00:00:00.000000000 Z
+date: 2026-04-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bigdecimal