Snowflake v2.4.0, Aug 8 25

Snowflake v2.4.0 published on Friday, Aug 8, 2025 by Pulumi

snowflake.UserProgrammaticAccessToken

Explore with Pulumi AI

Snowflake v2.4.0 published on Friday, Aug 8, 2025 by Pulumi

Import

$ pulumi import snowflake:index/userProgrammaticAccessToken:UserProgrammaticAccessToken example '"<user_name>"|"<token_name>"'

Create UserProgrammaticAccessToken Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new UserProgrammaticAccessToken(name: string, args: UserProgrammaticAccessTokenArgs, opts?: CustomResourceOptions);

@overload
def UserProgrammaticAccessToken(resource_name: str,
                                args: UserProgrammaticAccessTokenArgs,
                                opts: Optional[ResourceOptions] = None)

@overload
def UserProgrammaticAccessToken(resource_name: str,
                                opts: Optional[ResourceOptions] = None,
                                user: Optional[str] = None,
                                comment: Optional[str] = None,
                                days_to_expiry: Optional[int] = None,
                                disabled: Optional[str] = None,
                                expire_rotated_token_after_hours: Optional[int] = None,
                                keeper: Optional[str] = None,
                                mins_to_bypass_network_policy_requirement: Optional[int] = None,
                                name: Optional[str] = None,
                                role_restriction: Optional[str] = None)

func NewUserProgrammaticAccessToken(ctx *Context, name string, args UserProgrammaticAccessTokenArgs, opts ...ResourceOption) (*UserProgrammaticAccessToken, error)

public UserProgrammaticAccessToken(string name, UserProgrammaticAccessTokenArgs args, CustomResourceOptions? opts = null)

public UserProgrammaticAccessToken(String name, UserProgrammaticAccessTokenArgs args)
public UserProgrammaticAccessToken(String name, UserProgrammaticAccessTokenArgs args, CustomResourceOptions options)

type: snowflake:UserProgrammaticAccessToken
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args UserProgrammaticAccessTokenArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args UserProgrammaticAccessTokenArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args UserProgrammaticAccessTokenArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args UserProgrammaticAccessTokenArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args UserProgrammaticAccessTokenArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var userProgrammaticAccessTokenResource = new Snowflake.UserProgrammaticAccessToken("userProgrammaticAccessTokenResource", new()
{
    User = "string",
    Comment = "string",
    DaysToExpiry = 0,
    Disabled = "string",
    ExpireRotatedTokenAfterHours = 0,
    Keeper = "string",
    MinsToBypassNetworkPolicyRequirement = 0,
    Name = "string",
    RoleRestriction = "string",
});

example, err := snowflake.NewUserProgrammaticAccessToken(ctx, "userProgrammaticAccessTokenResource", &snowflake.UserProgrammaticAccessTokenArgs{
	User:                                 pulumi.String("string"),
	Comment:                              pulumi.String("string"),
	DaysToExpiry:                         pulumi.Int(0),
	Disabled:                             pulumi.String("string"),
	ExpireRotatedTokenAfterHours:         pulumi.Int(0),
	Keeper:                               pulumi.String("string"),
	MinsToBypassNetworkPolicyRequirement: pulumi.Int(0),
	Name:                                 pulumi.String("string"),
	RoleRestriction:                      pulumi.String("string"),
})

var userProgrammaticAccessTokenResource = new UserProgrammaticAccessToken("userProgrammaticAccessTokenResource", UserProgrammaticAccessTokenArgs.builder()
    .user("string")
    .comment("string")
    .daysToExpiry(0)
    .disabled("string")
    .expireRotatedTokenAfterHours(0)
    .keeper("string")
    .minsToBypassNetworkPolicyRequirement(0)
    .name("string")
    .roleRestriction("string")
    .build());

user_programmatic_access_token_resource = snowflake.UserProgrammaticAccessToken("userProgrammaticAccessTokenResource",
    user="string",
    comment="string",
    days_to_expiry=0,
    disabled="string",
    expire_rotated_token_after_hours=0,
    keeper="string",
    mins_to_bypass_network_policy_requirement=0,
    name="string",
    role_restriction="string")

const userProgrammaticAccessTokenResource = new snowflake.UserProgrammaticAccessToken("userProgrammaticAccessTokenResource", {
    user: "string",
    comment: "string",
    daysToExpiry: 0,
    disabled: "string",
    expireRotatedTokenAfterHours: 0,
    keeper: "string",
    minsToBypassNetworkPolicyRequirement: 0,
    name: "string",
    roleRestriction: "string",
});

type: snowflake:UserProgrammaticAccessToken
properties:
    comment: string
    daysToExpiry: 0
    disabled: string
    expireRotatedTokenAfterHours: 0
    keeper: string
    minsToBypassNetworkPolicyRequirement: 0
    name: string
    roleRestriction: string
    user: string

UserProgrammaticAccessToken Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The UserProgrammaticAccessToken resource accepts the following input properties:

User string: The name of the user that the token is associated with. A user cannot use another user's programmatic access token to authenticate. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
Comment string: Descriptive comment about the programmatic access token.
DaysToExpiry int
Disabled string: (Default: fallback to Snowflake default - uses special value that cannot be set in the configuration manually (default)) Disables or enables the programmatic access token. Available options are: "true" or "false". When the value is not set in the configuration the provider will put "default" there which means to use the Snowflake default for this value.
ExpireRotatedTokenAfterHours int: (Default: fallback to Snowflake default - uses special value that cannot be set in the configuration manually (-1)) This field is only used when the token is rotated by changing the keeper field. Sets the expiration time of the existing token secret to expire after the specified number of hours. You can set this to a value of 0 to expire the current token secret immediately.
Keeper string: Arbitrary string that, if and only if, changed from a non-empty to a different non-empty value (or known after apply), will trigger a key to be rotated. When you add this field to the configuration, or remove it from the configuration, the rotation is not triggered. When the token is rotated, the token and rotated_token_name fields are marked as computed.
MinsToBypassNetworkPolicyRequirement int
Name string: Specifies the name for the programmatic access token; must be unique for the user. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
RoleRestriction string: The name of the role used for privilege evaluation and object creation. This must be one of the roles that has already been granted to the user. Due to technical limitations (read more here), avoid using the following characters: |, ., ".

User string: The name of the user that the token is associated with. A user cannot use another user's programmatic access token to authenticate. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
Comment string: Descriptive comment about the programmatic access token.
DaysToExpiry int
Disabled string: (Default: fallback to Snowflake default - uses special value that cannot be set in the configuration manually (default)) Disables or enables the programmatic access token. Available options are: "true" or "false". When the value is not set in the configuration the provider will put "default" there which means to use the Snowflake default for this value.
ExpireRotatedTokenAfterHours int: (Default: fallback to Snowflake default - uses special value that cannot be set in the configuration manually (-1)) This field is only used when the token is rotated by changing the keeper field. Sets the expiration time of the existing token secret to expire after the specified number of hours. You can set this to a value of 0 to expire the current token secret immediately.
Keeper string: Arbitrary string that, if and only if, changed from a non-empty to a different non-empty value (or known after apply), will trigger a key to be rotated. When you add this field to the configuration, or remove it from the configuration, the rotation is not triggered. When the token is rotated, the token and rotated_token_name fields are marked as computed.
MinsToBypassNetworkPolicyRequirement int
Name string: Specifies the name for the programmatic access token; must be unique for the user. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
RoleRestriction string: The name of the role used for privilege evaluation and object creation. This must be one of the roles that has already been granted to the user. Due to technical limitations (read more here), avoid using the following characters: |, ., ".

user String: The name of the user that the token is associated with. A user cannot use another user's programmatic access token to authenticate. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
comment String: Descriptive comment about the programmatic access token.
daysToExpiry Integer
disabled String: (Default: fallback to Snowflake default - uses special value that cannot be set in the configuration manually (default)) Disables or enables the programmatic access token. Available options are: "true" or "false". When the value is not set in the configuration the provider will put "default" there which means to use the Snowflake default for this value.
expireRotatedTokenAfterHours Integer: (Default: fallback to Snowflake default - uses special value that cannot be set in the configuration manually (-1)) This field is only used when the token is rotated by changing the keeper field. Sets the expiration time of the existing token secret to expire after the specified number of hours. You can set this to a value of 0 to expire the current token secret immediately.
keeper String: Arbitrary string that, if and only if, changed from a non-empty to a different non-empty value (or known after apply), will trigger a key to be rotated. When you add this field to the configuration, or remove it from the configuration, the rotation is not triggered. When the token is rotated, the token and rotated_token_name fields are marked as computed.
minsToBypassNetworkPolicyRequirement Integer
name String: Specifies the name for the programmatic access token; must be unique for the user. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
roleRestriction String: The name of the role used for privilege evaluation and object creation. This must be one of the roles that has already been granted to the user. Due to technical limitations (read more here), avoid using the following characters: |, ., ".

user string: The name of the user that the token is associated with. A user cannot use another user's programmatic access token to authenticate. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
comment string: Descriptive comment about the programmatic access token.
daysToExpiry number
disabled string: (Default: fallback to Snowflake default - uses special value that cannot be set in the configuration manually (default)) Disables or enables the programmatic access token. Available options are: "true" or "false". When the value is not set in the configuration the provider will put "default" there which means to use the Snowflake default for this value.
expireRotatedTokenAfterHours number: (Default: fallback to Snowflake default - uses special value that cannot be set in the configuration manually (-1)) This field is only used when the token is rotated by changing the keeper field. Sets the expiration time of the existing token secret to expire after the specified number of hours. You can set this to a value of 0 to expire the current token secret immediately.
keeper string: Arbitrary string that, if and only if, changed from a non-empty to a different non-empty value (or known after apply), will trigger a key to be rotated. When you add this field to the configuration, or remove it from the configuration, the rotation is not triggered. When the token is rotated, the token and rotated_token_name fields are marked as computed.
minsToBypassNetworkPolicyRequirement number
name string: Specifies the name for the programmatic access token; must be unique for the user. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
roleRestriction string: The name of the role used for privilege evaluation and object creation. This must be one of the roles that has already been granted to the user. Due to technical limitations (read more here), avoid using the following characters: |, ., ".

user str: The name of the user that the token is associated with. A user cannot use another user's programmatic access token to authenticate. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
comment str: Descriptive comment about the programmatic access token.
days_to_expiry int
disabled str: (Default: fallback to Snowflake default - uses special value that cannot be set in the configuration manually (default)) Disables or enables the programmatic access token. Available options are: "true" or "false". When the value is not set in the configuration the provider will put "default" there which means to use the Snowflake default for this value.
expire_rotated_token_after_hours int: (Default: fallback to Snowflake default - uses special value that cannot be set in the configuration manually (-1)) This field is only used when the token is rotated by changing the keeper field. Sets the expiration time of the existing token secret to expire after the specified number of hours. You can set this to a value of 0 to expire the current token secret immediately.
keeper str: Arbitrary string that, if and only if, changed from a non-empty to a different non-empty value (or known after apply), will trigger a key to be rotated. When you add this field to the configuration, or remove it from the configuration, the rotation is not triggered. When the token is rotated, the token and rotated_token_name fields are marked as computed.
mins_to_bypass_network_policy_requirement int
name str: Specifies the name for the programmatic access token; must be unique for the user. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
role_restriction str: The name of the role used for privilege evaluation and object creation. This must be one of the roles that has already been granted to the user. Due to technical limitations (read more here), avoid using the following characters: |, ., ".

user String: The name of the user that the token is associated with. A user cannot use another user's programmatic access token to authenticate. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
comment String: Descriptive comment about the programmatic access token.
daysToExpiry Number
disabled String: (Default: fallback to Snowflake default - uses special value that cannot be set in the configuration manually (default)) Disables or enables the programmatic access token. Available options are: "true" or "false". When the value is not set in the configuration the provider will put "default" there which means to use the Snowflake default for this value.
expireRotatedTokenAfterHours Number: (Default: fallback to Snowflake default - uses special value that cannot be set in the configuration manually (-1)) This field is only used when the token is rotated by changing the keeper field. Sets the expiration time of the existing token secret to expire after the specified number of hours. You can set this to a value of 0 to expire the current token secret immediately.
keeper String: Arbitrary string that, if and only if, changed from a non-empty to a different non-empty value (or known after apply), will trigger a key to be rotated. When you add this field to the configuration, or remove it from the configuration, the rotation is not triggered. When the token is rotated, the token and rotated_token_name fields are marked as computed.
minsToBypassNetworkPolicyRequirement Number
name String: Specifies the name for the programmatic access token; must be unique for the user. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
roleRestriction String: The name of the role used for privilege evaluation and object creation. This must be one of the roles that has already been granted to the user. Due to technical limitations (read more here), avoid using the following characters: |, ., ".

Outputs

All input properties are implicitly available as output properties. Additionally, the UserProgrammaticAccessToken resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.
RotatedTokenName string: Name of the token that represents the prior secret. This field is updated only when the token is rotated. In this case, the field is marked as computed.
ShowOutputs List<UserProgrammaticAccessTokenShowOutput>: Outputs the result of SHOW USER PROGRAMMATIC ACCESS TOKENS for the given user programmatic access token.
Token string: The token itself. Use this to authenticate to an endpoint. The data in this field is updated only when the token is created or rotated. In this case, the field is marked as computed.

Id string: The provider-assigned unique ID for this managed resource.
RotatedTokenName string: Name of the token that represents the prior secret. This field is updated only when the token is rotated. In this case, the field is marked as computed.
ShowOutputs []UserProgrammaticAccessTokenShowOutput: Outputs the result of SHOW USER PROGRAMMATIC ACCESS TOKENS for the given user programmatic access token.
Token string: The token itself. Use this to authenticate to an endpoint. The data in this field is updated only when the token is created or rotated. In this case, the field is marked as computed.

id String: The provider-assigned unique ID for this managed resource.
rotatedTokenName String: Name of the token that represents the prior secret. This field is updated only when the token is rotated. In this case, the field is marked as computed.
showOutputs List<UserProgrammaticAccessTokenShowOutput>: Outputs the result of SHOW USER PROGRAMMATIC ACCESS TOKENS for the given user programmatic access token.
token String: The token itself. Use this to authenticate to an endpoint. The data in this field is updated only when the token is created or rotated. In this case, the field is marked as computed.

id string: The provider-assigned unique ID for this managed resource.
rotatedTokenName string: Name of the token that represents the prior secret. This field is updated only when the token is rotated. In this case, the field is marked as computed.
showOutputs UserProgrammaticAccessTokenShowOutput[]: Outputs the result of SHOW USER PROGRAMMATIC ACCESS TOKENS for the given user programmatic access token.
token string: The token itself. Use this to authenticate to an endpoint. The data in this field is updated only when the token is created or rotated. In this case, the field is marked as computed.

id str: The provider-assigned unique ID for this managed resource.
rotated_token_name str: Name of the token that represents the prior secret. This field is updated only when the token is rotated. In this case, the field is marked as computed.
show_outputs Sequence[UserProgrammaticAccessTokenShowOutput]: Outputs the result of SHOW USER PROGRAMMATIC ACCESS TOKENS for the given user programmatic access token.
token str: The token itself. Use this to authenticate to an endpoint. The data in this field is updated only when the token is created or rotated. In this case, the field is marked as computed.

id String: The provider-assigned unique ID for this managed resource.
rotatedTokenName String: Name of the token that represents the prior secret. This field is updated only when the token is rotated. In this case, the field is marked as computed.
showOutputs List<Property Map>: Outputs the result of SHOW USER PROGRAMMATIC ACCESS TOKENS for the given user programmatic access token.
token String: The token itself. Use this to authenticate to an endpoint. The data in this field is updated only when the token is created or rotated. In this case, the field is marked as computed.

Look up Existing UserProgrammaticAccessToken Resource

Get an existing UserProgrammaticAccessToken resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: UserProgrammaticAccessTokenState, opts?: CustomResourceOptions): UserProgrammaticAccessToken

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        comment: Optional[str] = None,
        days_to_expiry: Optional[int] = None,
        disabled: Optional[str] = None,
        expire_rotated_token_after_hours: Optional[int] = None,
        keeper: Optional[str] = None,
        mins_to_bypass_network_policy_requirement: Optional[int] = None,
        name: Optional[str] = None,
        role_restriction: Optional[str] = None,
        rotated_token_name: Optional[str] = None,
        show_outputs: Optional[Sequence[UserProgrammaticAccessTokenShowOutputArgs]] = None,
        token: Optional[str] = None,
        user: Optional[str] = None) -> UserProgrammaticAccessToken

func GetUserProgrammaticAccessToken(ctx *Context, name string, id IDInput, state *UserProgrammaticAccessTokenState, opts ...ResourceOption) (*UserProgrammaticAccessToken, error)

public static UserProgrammaticAccessToken Get(string name, Input<string> id, UserProgrammaticAccessTokenState? state, CustomResourceOptions? opts = null)

public static UserProgrammaticAccessToken get(String name, Output<String> id, UserProgrammaticAccessTokenState state, CustomResourceOptions options)

resources:  _:    type: snowflake:UserProgrammaticAccessToken    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Comment string: Descriptive comment about the programmatic access token.
DaysToExpiry int
Disabled string: (Default: fallback to Snowflake default - uses special value that cannot be set in the configuration manually (default)) Disables or enables the programmatic access token. Available options are: "true" or "false". When the value is not set in the configuration the provider will put "default" there which means to use the Snowflake default for this value.
ExpireRotatedTokenAfterHours int: (Default: fallback to Snowflake default - uses special value that cannot be set in the configuration manually (-1)) This field is only used when the token is rotated by changing the keeper field. Sets the expiration time of the existing token secret to expire after the specified number of hours. You can set this to a value of 0 to expire the current token secret immediately.
Keeper string: Arbitrary string that, if and only if, changed from a non-empty to a different non-empty value (or known after apply), will trigger a key to be rotated. When you add this field to the configuration, or remove it from the configuration, the rotation is not triggered. When the token is rotated, the token and rotated_token_name fields are marked as computed.
MinsToBypassNetworkPolicyRequirement int
Name string: Specifies the name for the programmatic access token; must be unique for the user. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
RoleRestriction string: The name of the role used for privilege evaluation and object creation. This must be one of the roles that has already been granted to the user. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
RotatedTokenName string: Name of the token that represents the prior secret. This field is updated only when the token is rotated. In this case, the field is marked as computed.
ShowOutputs List<UserProgrammaticAccessTokenShowOutput>: Outputs the result of SHOW USER PROGRAMMATIC ACCESS TOKENS for the given user programmatic access token.
Token string: The token itself. Use this to authenticate to an endpoint. The data in this field is updated only when the token is created or rotated. In this case, the field is marked as computed.
User string: The name of the user that the token is associated with. A user cannot use another user's programmatic access token to authenticate. Due to technical limitations (read more here), avoid using the following characters: |, ., ".

Comment string: Descriptive comment about the programmatic access token.
DaysToExpiry int
Disabled string: (Default: fallback to Snowflake default - uses special value that cannot be set in the configuration manually (default)) Disables or enables the programmatic access token. Available options are: "true" or "false". When the value is not set in the configuration the provider will put "default" there which means to use the Snowflake default for this value.
ExpireRotatedTokenAfterHours int: (Default: fallback to Snowflake default - uses special value that cannot be set in the configuration manually (-1)) This field is only used when the token is rotated by changing the keeper field. Sets the expiration time of the existing token secret to expire after the specified number of hours. You can set this to a value of 0 to expire the current token secret immediately.
Keeper string: Arbitrary string that, if and only if, changed from a non-empty to a different non-empty value (or known after apply), will trigger a key to be rotated. When you add this field to the configuration, or remove it from the configuration, the rotation is not triggered. When the token is rotated, the token and rotated_token_name fields are marked as computed.
MinsToBypassNetworkPolicyRequirement int
Name string: Specifies the name for the programmatic access token; must be unique for the user. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
RoleRestriction string: The name of the role used for privilege evaluation and object creation. This must be one of the roles that has already been granted to the user. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
RotatedTokenName string: Name of the token that represents the prior secret. This field is updated only when the token is rotated. In this case, the field is marked as computed.
ShowOutputs []UserProgrammaticAccessTokenShowOutputArgs: Outputs the result of SHOW USER PROGRAMMATIC ACCESS TOKENS for the given user programmatic access token.
Token string: The token itself. Use this to authenticate to an endpoint. The data in this field is updated only when the token is created or rotated. In this case, the field is marked as computed.
User string: The name of the user that the token is associated with. A user cannot use another user's programmatic access token to authenticate. Due to technical limitations (read more here), avoid using the following characters: |, ., ".

comment String: Descriptive comment about the programmatic access token.
daysToExpiry Integer
disabled String: (Default: fallback to Snowflake default - uses special value that cannot be set in the configuration manually (default)) Disables or enables the programmatic access token. Available options are: "true" or "false". When the value is not set in the configuration the provider will put "default" there which means to use the Snowflake default for this value.
expireRotatedTokenAfterHours Integer: (Default: fallback to Snowflake default - uses special value that cannot be set in the configuration manually (-1)) This field is only used when the token is rotated by changing the keeper field. Sets the expiration time of the existing token secret to expire after the specified number of hours. You can set this to a value of 0 to expire the current token secret immediately.
keeper String: Arbitrary string that, if and only if, changed from a non-empty to a different non-empty value (or known after apply), will trigger a key to be rotated. When you add this field to the configuration, or remove it from the configuration, the rotation is not triggered. When the token is rotated, the token and rotated_token_name fields are marked as computed.
minsToBypassNetworkPolicyRequirement Integer
name String: Specifies the name for the programmatic access token; must be unique for the user. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
roleRestriction String: The name of the role used for privilege evaluation and object creation. This must be one of the roles that has already been granted to the user. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
rotatedTokenName String: Name of the token that represents the prior secret. This field is updated only when the token is rotated. In this case, the field is marked as computed.
showOutputs List<UserProgrammaticAccessTokenShowOutput>: Outputs the result of SHOW USER PROGRAMMATIC ACCESS TOKENS for the given user programmatic access token.
token String: The token itself. Use this to authenticate to an endpoint. The data in this field is updated only when the token is created or rotated. In this case, the field is marked as computed.
user String: The name of the user that the token is associated with. A user cannot use another user's programmatic access token to authenticate. Due to technical limitations (read more here), avoid using the following characters: |, ., ".

comment string: Descriptive comment about the programmatic access token.
daysToExpiry number
disabled string: (Default: fallback to Snowflake default - uses special value that cannot be set in the configuration manually (default)) Disables or enables the programmatic access token. Available options are: "true" or "false". When the value is not set in the configuration the provider will put "default" there which means to use the Snowflake default for this value.
expireRotatedTokenAfterHours number: (Default: fallback to Snowflake default - uses special value that cannot be set in the configuration manually (-1)) This field is only used when the token is rotated by changing the keeper field. Sets the expiration time of the existing token secret to expire after the specified number of hours. You can set this to a value of 0 to expire the current token secret immediately.
keeper string: Arbitrary string that, if and only if, changed from a non-empty to a different non-empty value (or known after apply), will trigger a key to be rotated. When you add this field to the configuration, or remove it from the configuration, the rotation is not triggered. When the token is rotated, the token and rotated_token_name fields are marked as computed.
minsToBypassNetworkPolicyRequirement number
name string: Specifies the name for the programmatic access token; must be unique for the user. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
roleRestriction string: The name of the role used for privilege evaluation and object creation. This must be one of the roles that has already been granted to the user. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
rotatedTokenName string: Name of the token that represents the prior secret. This field is updated only when the token is rotated. In this case, the field is marked as computed.
showOutputs UserProgrammaticAccessTokenShowOutput[]: Outputs the result of SHOW USER PROGRAMMATIC ACCESS TOKENS for the given user programmatic access token.
token string: The token itself. Use this to authenticate to an endpoint. The data in this field is updated only when the token is created or rotated. In this case, the field is marked as computed.
user string: The name of the user that the token is associated with. A user cannot use another user's programmatic access token to authenticate. Due to technical limitations (read more here), avoid using the following characters: |, ., ".

comment str: Descriptive comment about the programmatic access token.
days_to_expiry int
disabled str: (Default: fallback to Snowflake default - uses special value that cannot be set in the configuration manually (default)) Disables or enables the programmatic access token. Available options are: "true" or "false". When the value is not set in the configuration the provider will put "default" there which means to use the Snowflake default for this value.
expire_rotated_token_after_hours int: (Default: fallback to Snowflake default - uses special value that cannot be set in the configuration manually (-1)) This field is only used when the token is rotated by changing the keeper field. Sets the expiration time of the existing token secret to expire after the specified number of hours. You can set this to a value of 0 to expire the current token secret immediately.
keeper str: Arbitrary string that, if and only if, changed from a non-empty to a different non-empty value (or known after apply), will trigger a key to be rotated. When you add this field to the configuration, or remove it from the configuration, the rotation is not triggered. When the token is rotated, the token and rotated_token_name fields are marked as computed.
mins_to_bypass_network_policy_requirement int
name str: Specifies the name for the programmatic access token; must be unique for the user. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
role_restriction str: The name of the role used for privilege evaluation and object creation. This must be one of the roles that has already been granted to the user. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
rotated_token_name str: Name of the token that represents the prior secret. This field is updated only when the token is rotated. In this case, the field is marked as computed.
show_outputs Sequence[UserProgrammaticAccessTokenShowOutputArgs]: Outputs the result of SHOW USER PROGRAMMATIC ACCESS TOKENS for the given user programmatic access token.
token str: The token itself. Use this to authenticate to an endpoint. The data in this field is updated only when the token is created or rotated. In this case, the field is marked as computed.
user str: The name of the user that the token is associated with. A user cannot use another user's programmatic access token to authenticate. Due to technical limitations (read more here), avoid using the following characters: |, ., ".

comment String: Descriptive comment about the programmatic access token.
daysToExpiry Number
disabled String: (Default: fallback to Snowflake default - uses special value that cannot be set in the configuration manually (default)) Disables or enables the programmatic access token. Available options are: "true" or "false". When the value is not set in the configuration the provider will put "default" there which means to use the Snowflake default for this value.
expireRotatedTokenAfterHours Number: (Default: fallback to Snowflake default - uses special value that cannot be set in the configuration manually (-1)) This field is only used when the token is rotated by changing the keeper field. Sets the expiration time of the existing token secret to expire after the specified number of hours. You can set this to a value of 0 to expire the current token secret immediately.
keeper String: Arbitrary string that, if and only if, changed from a non-empty to a different non-empty value (or known after apply), will trigger a key to be rotated. When you add this field to the configuration, or remove it from the configuration, the rotation is not triggered. When the token is rotated, the token and rotated_token_name fields are marked as computed.
minsToBypassNetworkPolicyRequirement Number
name String: Specifies the name for the programmatic access token; must be unique for the user. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
roleRestriction String: The name of the role used for privilege evaluation and object creation. This must be one of the roles that has already been granted to the user. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
rotatedTokenName String: Name of the token that represents the prior secret. This field is updated only when the token is rotated. In this case, the field is marked as computed.
showOutputs List<Property Map>: Outputs the result of SHOW USER PROGRAMMATIC ACCESS TOKENS for the given user programmatic access token.
token String: The token itself. Use this to authenticate to an endpoint. The data in this field is updated only when the token is created or rotated. In this case, the field is marked as computed.
user String: The name of the user that the token is associated with. A user cannot use another user's programmatic access token to authenticate. Due to technical limitations (read more here), avoid using the following characters: |, ., ".