clarify private key exmple (#4092)

per [slack thread](https://dbt-labs.slack.com/archives/CH1AWA9ST/p1695043706212719) from @b-per and common user painpoints, this pr clarifies causes/solutions for jwt token and could not deserialize key data errors for snowflake key pair method. this pr also clarifies the passphrase example
dbt-labs · Sep 26, 2023 · 1572eb7 · 1572eb7
2 parents 122f747 + 38e7977
commit 1572eb7
Showing 1 changed file with 45 additions and 9 deletions.
diff --git a/website/docs/docs/cloud/connect-data-platform/connect-snowflake.md b/website/docs/docs/cloud/connect-data-platform/connect-snowflake.md
@@ -30,31 +30,34 @@ to authenticate dbt Cloud to run queries against Snowflake on behalf of a Snowfl
 <Lightbox src="/img/docs/dbt-cloud/snowflake-userpass-auth.png" title="Snowflake username/password authentication"/>
 
 ### Key Pair
+
 **Available in:** Development environments,  Deployment environments
 
 The `Keypair` auth method uses Snowflake's [Key Pair Authentication](https://docs.snowflake.com/en/user-guide/python-connector-example.html#using-key-pair-authentication) to authenticate Development or Deployment credentials for a dbt Cloud project.
 
-After [generating an encrypted key pair](https://docs.snowflake.com/en/user-guide/key-pair-auth.html#configuring-key-pair-authentication), be sure to set the `rsa_public_key` for the Snowflake user to authenticate in dbt Cloud:
+1. After [generating an encrypted key pair](https://docs.snowflake.com/en/user-guide/key-pair-auth.html#configuring-key-pair-authentication), be sure to set the `rsa_public_key` for the Snowflake user to authenticate in dbt Cloud:
 
 ```sql
 alter user jsmith set rsa_public_key='MIIBIjANBgkqh...';
 ```
 
-Finally, set the "Private Key" and "Private Key Passphrase" fields in the "Edit
-Credentials" page to finish configuring dbt Cloud to authenticate with Snowflake
-using a key pair.
-
-**Note:** At this time ONLY Encrypted Private Keys are supported by dbt Cloud, and the keys must be of size 4096 or smaller.
+2. Finally, set the **Private Key** and **Private Key Passphrase** fields in the **Credentials** page to finish configuring dbt Cloud to authenticate with Snowflake using a key pair.
+
+   **Note:** At this time ONLY Encrypted Private Keys are supported by dbt Cloud, and the keys must be of size 4096 or smaller.
 
-In order to successfully fill in the Private Key field, you **must** include the commented lines below when you add the passphrase. Leaving the `PRIVATE KEY PASSPHRASE` field empty will return an error - have a look at the examples below:
+3. To successfully fill in the Private Key field, you **must** include commented lines when you add the passphrase. Leaving the **Private Key Passphrase** field empty will return an error.  If you're receiving a `Could not deserialize key data` or `JWT token` error, refer to [Troubleshooting](#troubleshooting) for more info. 
 
 **Example:**
+
 ```sql
 -----BEGIN ENCRYPTED PRIVATE KEY-----
-< encrypted private key contents here >
+< encrypted private key contents here - line 1 >
+< encrypted private key contents here - line 2 >
+< ... >
 -----END ENCRYPTED PRIVATE KEY-----
 ```
-<Lightbox src="/img/docs/dbt-cloud/snowflake-keypair-auth.png" title="Snowflake keypair authentication"/>
+
+   <Lightbox src="/img/docs/dbt-cloud/snowflake-keypair-auth.png" width="60%" title="Snowflake keypair authentication"/>
 
 ### Snowflake OAuth
 
@@ -68,3 +71,36 @@ more information on configuring a Snowflake OAuth connection in dbt Cloud, pleas
 ## Configuration
 
 To learn how to optimize performance with data platform-specific configurations in dbt Cloud, refer to [Snowflake-specific configuration](/reference/resource-configs/snowflake-configs).
+
+## Troubleshooting
+<!--might need to turn this into details toggle if more troubleshooting items arise -->
+
+If you're receiving a `Could not deserialize key data` or `JWT token` error, refer to the following causes and solutions:
+
+<details>
+
+<summary>Error: <code>Could not deserialize key data</code></summary>
+
+  - <b>Possible cause</b>
+
+    - This could be because of mistakes like not copying correctly, missing dashes, or leaving out commented lines.
+  - <b>Solution</b> 
+
+    - You can copy the key from its source and paste it into a text editor to verify it before using it in dbt Cloud. 
+
+</details>
+
+<details>
+<summary>Error: <code>JWT token</code></summary>
+
+  - <b>Possible causes</b>
+
+    - This could be a transient issue between Snowflake and dbt Cloud. When connecting to Snowflake, dbt gets a JWT token valid for only 60 seconds. If there's no response from Snowflake within this time, you might see a `JWT token is invalid` error in dbt Cloud.
+    -  The public key was not entered correctly in Snowflake.
+
+  - <b>Solutions</b>
+
+    - dbt needs to retry connections to Snowflake.
+    -  Confirm and enter Snowflake's public key correctly. Additionally, you can reach out to Snowflake for help or refer to this Snowflake doc for more info: [Key-Based Authentication Failed with JWT token is invalid Error](https://community.snowflake.com/s/article/Key-Based-Authentication-Failed-with-JWT-token-is-invalid-Error).
+
+</details>