Snowflake Is Forcing the Migration. Here's the Window You Don't Want to Miss.
Phase 1 is already done. If your team logs into Snowsight, they're on MFA. That part is behind you.
Here's where you are now (ref: Snowflake deprecation timeline):
Phase 3 picks your date — not you. Every existing password-based service account gets forcibly migrated on a date Snowflake assigns. If your ingestion tools, dbt runners, BI connectors, or custom pipelines still authenticate with passwords at that point, that authentication stops working.
The question isn't whether you'll migrate. It's whether you'll do it on your terms or Snowflake's.
The Missed Opportunity
Most teams will treat this as a credential rotation exercise. Generate a key pair, update the public key in Snowflake, rotate the secret, test, done.
That's the path of least resistance. It's also a missed opportunity.
When you're rotating credentials on a shared service account, you're implicitly endorsing everything that account can access. Most shared service accounts have accumulated grants over time — extra schemas, databases that were relevant to one workload and got attached because it was already there. The migration forces you to touch every service account anyway.
The incremental cost of getting the role structure right at the same time is low. The cost of doing it later, as a separate project, is much higher. Migrate and narrow simultaneously: one service account per integration, scoped to exactly what it needs, with private keys managed in a secrets manager rather than environment variables or config files. That's the right migration.
Most teams will treat this as a credential rotation. That's fine as far as it goes. But you're touching every service account anyway — the cost of getting your role structure right at the same time is low. The cost of doing it later, as a separate project, is much higher.
Migrating Snowflake service accounts before Phase 3?
I can help you migrate right and narrow simultaneously — or use it as an opportunity to get your role structure cleaned up at the same time.