Are there poor practices in this use of python cryptography package to generate RSA keypair?

Question

Use case: I want to generate no-passphrase 2048-byte RSA keypairs I can use for service accounts to authenticate to Snowflake. I need to generate them programmatically to make key rotation practical.

Snowflake docs provide [a manual procedure using OpenSSL at this link](https://docs.snowflake.com/en/user-guide/key-pair-auth.

The code below creates keypairs, and they work with snowflake/snowflake connector for python. It is lightly modified from examples in the cryptography documents that create other formats.

Questions:

1. The standard python "cryptography" manual cautions about people like me who don't understand cryptography messing around with hazmat libraries. Do you see anything relevant to security problem with the way I am generating keys? Assuming I can securely get them from point of generation to the place where they are used, is this okay?

2. Would it be safer automate by running openssl in a subprocess, using the Snowflake documented procedures?

from cryptography.hazmat.primitives import serialization as crypto_serialization
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.backends import default_backend as crypto_default_backend

key = rsa.generate_private_key(
    backend=crypto_default_backend(),
    public_exponent=65537,
    key_size=2048
)

private_key = key.private_bytes(
    crypto_serialization.Encoding.PEM,
    crypto_serialization.PrivateFormat.PKCS8,
    crypto_serialization.NoEncryption()
)

public_key = key.public_key().public_bytes(
    crypto_serialization.Encoding.PEM,
    crypto_serialization.PublicFormat.SubjectPublicKeyInfo
)

with open("/tmp/pubkey.pub", "wt") as pub:
    pub.write(public_key.decode("utf-8"))

with open("/tmp/privkey.p8", "wt") as priv:
    priv.write(private_key.decode("utf-8"))