SAP Snowflake Secrets is a feature in Snowflake that lets you securely store and manage sensitive information—like passwords, API keys, tokens, or credentials—directly inside Snowflake, instead of hardcoding them in scripts or applications.
As shown in below, if you need to bring your own data into SAP snowflake without Zero-copy concept. These secrets needs to be applied to pull the data from various SAP Applications. 
In SAP Snowflake, secrets are schema-level objects used to store sensitive information like API keys or passwords. If you need to create, update or delete a secret, follow the steps below.
CREATE OR REPLACE SECURITY INTEGRATION my_oauth2_integration
TYPE = API_AUTHENTICATION
AUTH_TYPE = OAUTH2
OAUTH_CLIENT_ID = '1234567890'
OAUTH_CLIENT_SECRET = '1234567890'
OAUTH_TOKEN_ENDPOINT = 'https://oauth.com/token'
OAUTH_AUTHORIZATION_ENDPOINT = 'https://oauth.com/authorize'
OAUTH_ALLOWED_SCOPES = ('scope1', 'scope2')
ENABLED = TRUE
COMMENT = 'OAuth2 integration for external API';- Ensure a security integration for OAuth2 exists.
- Create the secret:
- Use this for APIs requiring OAuth client credentials or authorization code grant flows.
CREATE OR REPLACE SECRET my_oauth2_secret
TYPE = OAUTH2
API_AUTHENTICATION = my_oauth2_integration
OAUTH_SCOPES = ('scope1', 'scope2')
COMMENT = 'OAuth2 credentials for external API';Basic Authentication Secret
CREATE OR REPLACE SECRET service_now_creds_pw
TYPE = PASSWORD
USERNAME = 'jsmith1'
PASSWORD = 'W3dr@fg*7B1c4j'
COMMENT = 'ServiceNow basic auth credentials';- Store any sensitive string (e.g., API key):
CREATE OR REPLACE SECRET my_string_secret
TYPE = GENERIC_STRING
SECRET_STRING = 'my-secret-api-key-123'
COMMENT = 'API key for service authentication';
Access Control (Privileges control usage:)
GRANT READ ON SECRET my_api_secret TO ROLE my_role;Only roles with permission can use the secret.
Steps to Delete a Secret
DROP SECRET ; 
SHOW SECRETS
