Protecting Sensitive Information with Secure UDFs

To help ensure that sensitive information is concealed from users who should not have access to it, you can use the SECURE keyword when creating an external user-defined function (UDF).

For a UDF or stored procedure, you can prevent users from seeing definition specifics. When you specify that the UDF or procedure is secure, these details are visible only to authorized users – in other words, to users who are granted a role that owns the function.

The below example illustrates use of SECURE keyword:

create or replace SECURE external function geocode(address object)
returns variant
IMMUTABLE
api_integration = API_INTEGRATION
HEADERS = ('headers-api-key'= '<<DIS API KEY>>', 'headers-api-secret'='<<DIS API SECRET>>',
 'application'= 'dis-geoaddressing')
MAX_BATCH_ROWS = 25
as 'https://9a3cydoxrc.execute-api.us-east-1.amazonaws.com/v1/geocode';

create or replace SECURE external function verify(address object)
returns variant
IMMUTABLE
api_integration = API_INTEGRATION
HEADERS = ('headers-api-key'= '<<DIS API KEY>>', 'headers-api-secret'='<<DIS API SECRET>>',
 'application'= 'dis-geoaddressing')
MAX_BATCH_ROWS = 25
as 'https://9a3cydoxrc.execute-api.us-east-1.amazonaws.com/v1/verify';

Below is an example for the usage of SECURE keyword in Geocode:

Below is an example for the usage of SECURE keyword in Verify:

For more details on protecting sensitive information with secure UDF see Protecting Sensitive Information with Secure UDFs by snowflake.