Setup
Prerequisites
- A Snowflake account with key-pair authentication enabled for the connecting user.
- An RSA key pair generated for the user. The public key must be registered in Snowflake, and you will provide the private key to Duvo. See Snowflake’s key-pair authentication guide for setup steps.
- A compute warehouse available for the role you plan to use.
Required Permissions
- The Snowflake role you specify must have
USAGEon the target warehouse, database, and schema. - The role must have
SELECTprivileges on any tables or views your assignments need to read.
Connection Fields
| Field | Description |
|---|---|
| Private Key | The RSA private key for authentication, in PEM format. Include the full key including the -----BEGIN PRIVATE KEY----- and -----END PRIVATE KEY----- lines. |
| Account | Your Snowflake account identifier in either the orgname-accountname format (e.g., myorg-myaccount) or the legacy locator format (e.g., xy12345.us-east-1). Find this in your Snowflake account URL or under Admin > Accounts in the Snowflake UI. |
| Username | The Snowflake user configured with your public key. |
| Database | The default database to connect to. |
| Schema | The default schema within the database. |
| Warehouse | The compute warehouse to use for queries. |
| Role | The Snowflake role to assume for the session. This determines what data the assignment can access. |
Optional Fields
| Field | Description |
|---|---|
| Private Key Passphrase | The passphrase used to decrypt the private key, if the key is encrypted. |
Third-Party Documentation
- Snowflake key-pair authentication — generating RSA keys and assigning the public key to a user.
- Snowflake account identifiers — how to find your account identifier.
- Snowflake access control — understanding roles, privileges, and granting SELECT access.
Capabilities
- Run read-only SQL queries — execute SELECT, WITH (CTEs), SHOW, DESCRIBE, and EXPLAIN statements against your warehouse. Write operations are not permitted.
- Discover tables and schemas — list all tables in a given database and schema, including row counts and comments, so assignments can understand the data landscape before querying.
- Verify connection details — check the active user, role, database, schema, and warehouse to confirm the session is configured correctly.
- Export large result sets — query results exceeding 5,000 rows are automatically exported as CSV files for downstream analysis rather than returned inline.
Key Benefits
- Live warehouse data — assignments read directly from Snowflake instead of relying on stale exports or manual data pulls.
- Safe by design — only read-only operations are allowed, so your data cannot be modified through Duvo.
- Role-scoped access — the Snowflake role you specify controls exactly which databases, schemas, and tables the assignment can reach.
- Large-scale results — automatic CSV export handles result sets of any size without truncation.
- Key-pair authentication — no passwords are stored; authentication uses RSA key pairs for stronger security.
Works Well With
- Google Sheets — query Snowflake data and write the results into a spreadsheet for stakeholder review or recurring reports.
- Gmail or Outlook — pull warehouse metrics and include them in automated email summaries or alerts.
- Slack — monitor key business thresholds in Snowflake and post notifications to a channel when values change.