"JWT token invalid errors" due to multiple static roles assigned to a single snowflake user

[SaitejaChitti]

We have integrated Snowflake with HashiCorp Vault using a static role and key pair authentication. Vault is able to rotate the public key and generate the private key without any issues.

However, we observed that Vault currently allows multiple static roles to be mapped to the same Snowflake user, which leads to intermittent JWT token invalid errors. This happens because each static role attempts to rotate the public key at different intervals, causing the public key registered in Snowflake to be temporarily out of sync with the private key associated with the intended static role.

Ideally, the mapping between a static role and a Snowflake user should be one-to-one to avoid such conflicts.

I found this document mentioning that static roles are 1-to-1 mapping to the snowflake username.
https://www.hashicorp.com/en/blog/announcing-the-snowflake-secrets-engine

Could you please check if there’s a way to enforce this restriction within Vault, ensuring that only a single static role can be associated with a given (db_name, user_name) combination?

Ex:

Currently vault plugin supports multiple static roles to be assigned for a single username

static-role 1:
vault write /X/static-roles/XXXX--XXXXX--test_user db_name=Y username="test_user" rotation_period="1h" rotation_statements="ALTER USER {{name}} SET RSA_PUBLIC_KEY='{{public_key}}'" credential_type="rsa_private_key" credential_config=key_bits=2048

static-role 2:
vault write /X/static-roles/XXXX--XXXXX--test_user_20251410 db_name=Y username="test_user" rotation_period="1h" rotation_statements="ALTER USER {{name}} SET RSA_PUBLIC_KEY='{{public_key}}'" credential_type="rsa_private_key" credential_config=key_bits=2048

vault read /X/static-roles/XXXX--XXXXX--test_user
Key                     Value
---                     -----
credential_config       map[format:pkcs8 key_bits:2048]
credential_type         rsa_private_key
db_name                 Y
last_vault_rotation     2025-10-13T14:54:49.715794238-04:00
rotation_period         1h
rotation_statements     [ALTER USER {{name}} SET RSA_PUBLIC_KEY='{{public_key}}']
skip_import_rotation    false
username                test_user

vault read /X/static-roles/XXXX--XXXXX--test_user_20251410
Key                     Value
---                     -----
credential_config       map[format:pkcs8 key_bits:2048]
credential_type         rsa_private_key
db_name                 Y
last_vault_rotation     2025-10-13T14:55:58.590056766-04:00
rotation_period         1h
rotation_statements     [ALTER USER {{name}} SET RSA_PUBLIC_KEY='{{public_key}}']
skip_import_rotation    false
username                test_user