Snowflake connection

To access your data in Snowflake, create a connection asset for it.

Create a connection to Snowflake

Create a connection to Snowflake based on your deployment:

Common connectivity

To create the connection, you need the following connection details:

  • Account name: The full name of your account
  • Database name
  • Role: The default access control role to use in the Snowflake session
  • Warehouse: The virtual warehouse
  • Okta URL endpoint: If your company uses native Okta SSO authentication, enter the Okta URL endpoint for your Okta account. Example: https://<okta_account_name>.okta.com. Leave this field blank if you want to use the default authentication of Snowflake. For information about federated authentication provided by Okta, see Native SSO.

StreamSets

To create a connection to use in StreamSets flows, you need the following details:

  • Account name: When using the Include Organization and Organization properties, specify the account name. Otherwise, use the account locator.
  • Database name
  • Role: The default access control role to use in the Snowflake session
  • Warehouse: The virtual warehouse
  • Snowflake region: The region where the Snowflake warehouse is
  • Connection properties: Additional Snowflake connection properties to use. Specify property names and values as expected by Snowflake.
  • Use Custom JDBC URL: A custom URL to connect to Snowflake
  • Include Organization: Use the Snowflake organization name with the account to connect to the Snowflake connection
  • Use Private Link Snowflake URL

Credentials

Authentication method:

  • Username and password
  • Key-Pair: Enter the contents of the private key and the key passphrase (if configured). These properties must be set up by the Snowflake administrator. For information, see Key Pair Authentication & Key Pair Rotation in the Snowflake documentation.

For StreamSets, you have additional authentication methods:

  • Key-pair path: Enter the contents of the private key path and the key passphrase (if configured). These properties must be set up by the Snowflake administrator. For information, see Key Pair Authentication & Key Pair Rotation in the Snowflake documentation.
  • OAuth: Enter the OAuth client ID, secret and token

Federal Information Processing Standards (FIPS) compliance

This connection is FIPS-compliant and can be used on a FIPS-enabled cluster.

Note: For FIPS mode to function with the Snowflake connection that uses Key-pair authentication, you need to provide a decrypted private key.

Decrypting a private key

To decrypt a private key using its associated password, Run the following command. This process uses the openssl pkcs8 command to generate an unencrypted version of the private key.

openssl pkcs8 -in private_key.pem -passin file:pass.txt -out private_key_unencrypted.pem

The parameters used are:

private_key.pem
The encrypted private key that was generated and provided to you by Snowflake.
pass.txt
This file contains the password associated with the private key that was generated and provided to you by Snowflake.
private_key_unencrypted.pem
This is the output file that will contain the unencrypted private key after running the command.

Snowflake setup

General Configuration

Running SQL statements

To ensure that your SQL statements run correctly, refer to the Snowflake SQL Command Reference for the correct syntax.

Learn more