Agent skill

snowflake-install-auth

Install and configure Snowflake driver authentication for Node.js and Python. Use when setting up snowflake-sdk, snowflake-connector-python, key pair auth, OAuth, or SSO browser authentication. Trigger with phrases like "install snowflake", "setup snowflake", "snowflake auth", "snowflake connection", "snowflake key pair".

View SKILL.md on GitHub Repository
Stars 1,803
Forks 241

Install this agent skill to your Project

npx add-skill https://github.com/jeremylongshore/claude-code-plugins-plus-skills/tree/main/plugins/saas-packs/snowflake-pack/skills/snowflake-install-auth

SKILL.md

Snowflake Install & Auth

Overview

Set up Snowflake drivers and configure authentication for Node.js (snowflake-sdk) and Python (snowflake-connector-python).

Prerequisites

  • Node.js 18+ or Python 3.9+
  • Snowflake account (format: <orgname>-<account_name> or legacy <account_locator>.<region>)
  • User with appropriate role granted

Instructions

Step 1: Install the Driver

bash
# Node.js — official driver from snowflakedb
npm install snowflake-sdk

# Python — official connector
pip install snowflake-connector-python

# Python with pandas support
pip install "snowflake-connector-python[pandas]"

Step 2: Choose an Authentication Method

Method Use Case Env Vars Needed
Password Quick dev setup SNOWFLAKE_ACCOUNT, SNOWFLAKE_USER, SNOWFLAKE_PASSWORD
Key Pair CI/CD, service accounts SNOWFLAKE_ACCOUNT, SNOWFLAKE_USER, SNOWFLAKE_PRIVATE_KEY_PATH
External Browser SSO Interactive dev SNOWFLAKE_ACCOUNT, SNOWFLAKE_USER
OAuth Enterprise SSO integration SNOWFLAKE_ACCOUNT, SNOWFLAKE_OAUTH_TOKEN

Step 3a: Password Authentication

typescript
// src/snowflake/client.ts
import snowflake from 'snowflake-sdk';

const connection = snowflake.createConnection({
  account: process.env.SNOWFLAKE_ACCOUNT!,   // e.g. 'myorg-myaccount'
  username: process.env.SNOWFLAKE_USER!,
  password: process.env.SNOWFLAKE_PASSWORD!,
  warehouse: process.env.SNOWFLAKE_WAREHOUSE || 'COMPUTE_WH',
  database: process.env.SNOWFLAKE_DATABASE,
  schema: process.env.SNOWFLAKE_SCHEMA || 'PUBLIC',
  role: process.env.SNOWFLAKE_ROLE || 'PUBLIC',
});

connection.connect((err, conn) => {
  if (err) {
    console.error('Unable to connect:', err.message);
    return;
  }
  console.log('Connected as id:', conn.getId());
});
python
# src/snowflake_client.py
import snowflake.connector
import os

conn = snowflake.connector.connect(
    account=os.environ['SNOWFLAKE_ACCOUNT'],
    user=os.environ['SNOWFLAKE_USER'],
    password=os.environ['SNOWFLAKE_PASSWORD'],
    warehouse=os.environ.get('SNOWFLAKE_WAREHOUSE', 'COMPUTE_WH'),
    database=os.environ.get('SNOWFLAKE_DATABASE'),
    schema=os.environ.get('SNOWFLAKE_SCHEMA', 'PUBLIC'),
    role=os.environ.get('SNOWFLAKE_ROLE', 'PUBLIC'),
)
print(f"Connected: {conn.get_query_id()}")

Step 3b: Key Pair Authentication (Recommended for Automation)

bash
# Generate 2048-bit RSA key pair
openssl genrsa 2048 | openssl pkcs8 -topk8 -inform PEM -out rsa_key.p8 -nocrypt
openssl rsa -in rsa_key.p8 -pubout -out rsa_key.pub

# Assign public key to Snowflake user
# Run in Snowflake worksheet:
# ALTER USER my_service_user SET RSA_PUBLIC_KEY='MIIBIj...';
typescript
import snowflake from 'snowflake-sdk';
import fs from 'fs';
import path from 'path';

const privateKey = fs.readFileSync(
  path.resolve(process.env.SNOWFLAKE_PRIVATE_KEY_PATH!),
  'utf-8'
);

const connection = snowflake.createConnection({
  account: process.env.SNOWFLAKE_ACCOUNT!,
  username: process.env.SNOWFLAKE_USER!,
  authenticator: 'SNOWFLAKE_JWT',
  privateKey: privateKey,
  warehouse: 'COMPUTE_WH',
  database: 'MY_DB',
  schema: 'PUBLIC',
});
python
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.backends import default_backend

with open(os.environ['SNOWFLAKE_PRIVATE_KEY_PATH'], 'rb') as key_file:
    private_key = serialization.load_pem_private_key(
        key_file.read(), password=None, backend=default_backend()
    )

conn = snowflake.connector.connect(
    account=os.environ['SNOWFLAKE_ACCOUNT'],
    user=os.environ['SNOWFLAKE_USER'],
    private_key=private_key,
    warehouse='COMPUTE_WH',
    database='MY_DB',
    schema='PUBLIC',
)

Step 3c: External Browser SSO

typescript
const connection = snowflake.createConnection({
  account: process.env.SNOWFLAKE_ACCOUNT!,
  username: process.env.SNOWFLAKE_USER!,
  authenticator: 'EXTERNALBROWSER',
  warehouse: 'COMPUTE_WH',
});
// Opens browser for IdP login, returns token to driver

Step 4: Configure Environment

bash
# .env (NEVER commit — add to .gitignore)
SNOWFLAKE_ACCOUNT=myorg-myaccount
SNOWFLAKE_USER=my_user
SNOWFLAKE_PASSWORD=my_password
SNOWFLAKE_WAREHOUSE=COMPUTE_WH
SNOWFLAKE_DATABASE=MY_DB
SNOWFLAKE_SCHEMA=PUBLIC
SNOWFLAKE_ROLE=SYSADMIN
SNOWFLAKE_PRIVATE_KEY_PATH=./rsa_key.p8

# .gitignore additions
.env
.env.local
rsa_key.p8
rsa_key.pub

Step 5: Verify Connection

typescript
connection.connect((err, conn) => {
  if (err) { console.error(err.message); return; }
  conn.execute({
    sqlText: 'SELECT CURRENT_WAREHOUSE(), CURRENT_DATABASE(), CURRENT_ROLE()',
    complete: (err, stmt, rows) => {
      if (err) { console.error(err.message); return; }
      console.log('Context:', rows?.[0]);
    },
  });
});

Error Handling

Error Cause Solution
390100: Incorrect username or password Bad credentials Verify user/password in Snowflake console
390144: JWT token is invalid Wrong private key or expired Regenerate key pair, re-assign public key
390429: IP ... is not allowed to access Snowflake Network policy blocking Add IP to network policy allowlist
ECONNREFUSED / ENOTFOUND Wrong account identifier Use format orgname-accountname (not URL)
Could not connect to Snowflake backend Firewall or proxy Allow outbound HTTPS to *.snowflakecomputing.com

Resources

Next Steps

After successful auth, proceed to snowflake-hello-world for your first query.

Recommended Agent Skills

Expand your agent's capabilities with these related and highly-rated skills.

jeremylongshore/claude-code-plugins-plus-skills

dockerfile-generator

Dockerfile Generator - Auto-activating skill for DevOps Basics. Triggers on: dockerfile generator, dockerfile generator Part of the DevOps Basics skill category.

1,803 241
Explore
jeremylongshore/claude-code-plugins-plus-skills

branch-naming-helper

Branch Naming Helper - Auto-activating skill for DevOps Basics. Triggers on: branch naming helper, branch naming helper Part of the DevOps Basics skill category.

1,803 241
Explore
jeremylongshore/claude-code-plugins-plus-skills

readme-generator

Readme Generator - Auto-activating skill for DevOps Basics. Triggers on: readme generator, readme generator Part of the DevOps Basics skill category.

1,803 241
Explore
jeremylongshore/claude-code-plugins-plus-skills

makefile-generator

Makefile Generator - Auto-activating skill for DevOps Basics. Triggers on: makefile generator, makefile generator Part of the DevOps Basics skill category.

1,803 241
Explore
jeremylongshore/claude-code-plugins-plus-skills

gitignore-generator

Gitignore Generator - Auto-activating skill for DevOps Basics. Triggers on: gitignore generator, gitignore generator Part of the DevOps Basics skill category.

1,803 241
Explore
jeremylongshore/claude-code-plugins-plus-skills

pre-commit-hook-setup

Pre Commit Hook Setup - Auto-activating skill for DevOps Basics. Triggers on: pre commit hook setup, pre commit hook setup Part of the DevOps Basics skill category.

1,803 241
Explore

Didn't find tool you were looking for?

Be as detailed as possible for better results