Option to define private key passphrase as environment variable

[AttilaVM]

Is your feature request related to a problem? Please describe.

Following schemachange documentation to write both the encrypted private key and the encryption key (as part of the connections.toml) to disc is functionally the same as writing the unencrypted private key to dics. Even setting proper ACL is no protection from a malicious actor using forensic tools.

Describe the solution you'd like

An alternative way to define the private key passphrase by using an environment variable. Similarly, which you already do for SNOWFLAKE_PASSWORD here.

Describe alternatives you've considered

I am circumventing the issue by mounting a ramfs (in-memory filesystem on Linux) and using strict ACL (umask 0077), so only the user can interact with the enctyped private key and the connections.toml (containing passphrase) files and they will never be written to disc (ramfs won't write the disc not even by using swap unlike tmpfs). This circumvention is suitable for CI/CD pipelines, but not for developers using Windows as a development platform.

[sfc-gh-tmathew]

4.1.0 will have SNOWFLAKE_PRIVATE_KEY_PASSPHRASE (Deprecated) and SNOWFLAKE_PRIVATE_KEY_FILE_PWD as environment variables that can be used to set the passphrase to authenticate using encrypted key