SOL-C01 · Question #262
You have a Python script that uses Snowpark to connect to Snowflake. You want to ensure that the connection parameters, such as account identifier, username, password, and database, are securely manag
The correct answer is B. Utilize environment variables to store the connection parameters and access them from the Python C. Use Snowflake's Secret object to store credentials, and use Snowpark to retrieve these secrets for D. Store the connection parameters in a configuration file encrypted with a strong encryption. The goal is to avoid hardcoding sensitive credentials in source code. Option B (environment variables) is a widely accepted secure practice: credentials are set at the OS or container level, read at runtime, and never appear in the codebase. Option C (Snowflake Secret objects) is
Question
You have a Python script that uses Snowpark to connect to Snowflake. You want to ensure that the connection parameters, such as account identifier, username, password, and database, are securely managed and not hardcoded directly in the script. Which of the following strategies would be most effective and secure for managing these sensitive connection parameters? Choose all that apply:
Options
- AStore the connection parameters in a plain text file in a secure location on the server.
- BUtilize environment variables to store the connection parameters and access them from the Python
- CUse Snowflake's Secret object to store credentials, and use Snowpark to retrieve these secrets for
- DStore the connection parameters in a configuration file encrypted with a strong encryption
- EHardcode the parameters within the Python script, but obfuscate them using Base64 encoding.
How the community answered
(25 responses)- A12% (3)
- B84% (21)
- E4% (1)
Explanation
The goal is to avoid hardcoding sensitive credentials in source code. Option B (environment variables) is a widely accepted secure practice: credentials are set at the OS or container level, read at runtime, and never appear in the codebase. Option C (Snowflake Secret objects) is the native Snowflake approach-secrets are stored encrypted in Snowflake and retrieved programmatically by the Snowpark session, keeping credentials out of the script entirely. Option D (encrypted configuration file) adds a layer of security over a plain text file, making it a reasonable approach when properly implemented with key management. Option A (plain text file) is explicitly insecure-it provides no protection if the file is accessed. Option E (Base64 encoding) is not encryption; it is trivially reversible and provides zero security, making it a dangerous false sense of security.
Topics
Community Discussion
No community discussion yet for this question.