diff --git a/README.md b/README.md
index 7da8b33..e854e60 100644
--- a/README.md
+++ b/README.md
@@ -354,7 +354,7 @@ If you want to run your command on multiple stacks, you can predefine stacks and
 
 
 ## Set Storage Backend for Organization
-This commaand is rather specific to BYODB snowflake backend migration.
+This command is rather specific to BYODB snowflake backend migration.
 You can use it to set all projects of an organization to use a storage backend.
 
 - Run the command
@@ -362,6 +362,16 @@ You can use it to set all projects of an organization to use a storage backend.
     php ./cli.php manage:set-organization-storage-backend [--force/-f] <manage-token> <organization-id> <storage-backend-id> <hostname-suffix> 
     ```
 
+## Reset Workspace passwords for projects in an organization
+This command is rather specific to BYODB snowflake backend migration.
+It resets all legacy (not keypair type) Snowflake workspace passwords for all projects in an organization.
+
+- Run the command
+    ```
+    php ./cli.php manage:reset-organization-workspace-passwords [--force/-f] <manage-token> <organization-id> <snowflake-hostname> <hostname-suffix> 
+    ```
+It prints `command-01k3m9p324cae95c48rr23rqvh` for each project, you can track the progress in Datadog.
+
 ## Set a maintenance mode for the organization
 This command can be used to enable/disable all projects in an organization
 The usecase for this command is to set all projects into maintenance at once for byodb migration.
diff --git a/cli.php b/cli.php
index 1b44245..eecf6a7 100644
--- a/cli.php
+++ b/cli.php
@@ -15,6 +15,7 @@
 use Keboola\Console\Command\MassProjectEnableDynamicBackends;
 use Keboola\Console\Command\MassProjectExtendExpiration;
 use Keboola\Console\Command\OrganizationIntoMaintenanceMode;
+use Keboola\Console\Command\OrganizationResetWorkspacePasswords;
 use Keboola\Console\Command\OrganizationStorageBackend;
 use Keboola\Console\Command\QueueMassTerminateJobs;
 use Keboola\Console\Command\ReactivateSchedules;
@@ -51,4 +52,5 @@
 $application->add(new DescribeOrganizationWorkspaces());
 $application->add(new MassDeleteProjectWorkspaces());
 $application->add(new UpdateDataRetention());
+$application->add(new OrganizationResetWorkspacePasswords());
 $application->run();
diff --git a/src/Keboola/Console/Command/OrganizationResetWorkspacePasswords.php b/src/Keboola/Console/Command/OrganizationResetWorkspacePasswords.php
new file mode 100644
index 0000000..200d2a6
--- /dev/null
+++ b/src/Keboola/Console/Command/OrganizationResetWorkspacePasswords.php
@@ -0,0 +1,83 @@
+<?php
+
+namespace Keboola\Console\Command;
+
+use Keboola\ManageApi\Client;
+use Symfony\Component\Console\Command\Command;
+use Symfony\Component\Console\Input\InputArgument;
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Input\InputOption;
+use Symfony\Component\Console\Output\OutputInterface;
+
+class OrganizationResetWorkspacePasswords extends Command
+{
+    const ARGUMENT_MANAGE_TOKEN = 'manageToken';
+    const ARGUMENT_ORGANIZATION_ID = 'organizationId';
+    const ARGUMENT_HOSTNAME_SUFFIX = 'hostnameSuffix';
+    const ARGUMENT_SNOWFLAKE_HOSTNAME = 'snowflakeHostname';
+    const OPTION_FORCE = 'force';
+
+    protected function configure(): void
+    {
+        $this
+            ->setName('manage:reset-organization-workspace-passwords')
+            ->setDescription('Reset workspace passwords for all projects in an organization from sandboxes service -> Connection')
+            ->addOption(
+                self::OPTION_FORCE,
+                'f',
+                InputOption::VALUE_NONE,
+                'Use [--force, -f] to do it for real.'
+            )
+            ->addArgument(self::ARGUMENT_MANAGE_TOKEN, InputArgument::REQUIRED, 'Maname Api Token')
+            ->addArgument(self::ARGUMENT_ORGANIZATION_ID, InputArgument::REQUIRED, 'Organization Id')
+            ->addArgument(self::ARGUMENT_SNOWFLAKE_HOSTNAME, InputArgument::REQUIRED, 'Hostname of the target Snowflake account. Including https')
+            ->addArgument(
+                self::ARGUMENT_HOSTNAME_SUFFIX,
+                InputArgument::OPTIONAL,
+                'Keboola Connection Hostname Suffix',
+                'keboola.com'
+            )
+        ;
+    }
+
+
+    protected function execute(InputInterface $input, OutputInterface $output): void
+    {
+        $manageToken = $input->getArgument(self::ARGUMENT_MANAGE_TOKEN);
+        $snowflakeHostname = $input->getArgument(self::ARGUMENT_SNOWFLAKE_HOSTNAME);
+        $organizationId = $input->getArgument(self::ARGUMENT_ORGANIZATION_ID);
+        $kbcUrl = sprintf('https://connection.%s', $input->getArgument(self::ARGUMENT_HOSTNAME_SUFFIX));
+
+        $manageClient = new Client(['token' => $manageToken, 'url' => $kbcUrl]);
+
+        $organization = $manageClient->getOrganization($organizationId);
+        $projects = $organization['projects'];
+
+        $output->writeln(
+            sprintf(
+                'Will reset passwords for "%d" projects',
+                count($projects),
+            )
+        );
+        $force = $input->getOption(self::OPTION_FORCE);
+        $output->writeln($force ? 'FORCE MODE' : 'DRY RUN');
+        foreach ($projects as $project) {
+            $output->writeln(
+                sprintf(
+                    'Reseting workspace passwords for project %s',
+                    $project['id'],
+                )
+            );
+            $params = [(string) $project['id'], $snowflakeHostname];
+            if ($force) {
+                $params[] = '--force';
+                $response = $manageClient->runCommand([
+                    'command' => 'manage:storage-backend:byodb:reset-snowflake-sandboxes-password',
+                    'parameters' => $params
+                ]);
+                $output->writeln(sprintf('Password reset for project "%s" in progress using command "%s".', $project['id'], $response['commandExecutionId']));
+            }
+        }
+        $output->writeln('All done.');
+    }
+}