Connectors and Connections > Data Ingestion and Replication connection properties > Snowflake Data Cloud connection properties

Snowflake Data Cloud connection properties

When you set up a Snowflake Data Cloud connection, configure the connection properties.

You can use the following authentication methods to connect to Snowflake:

•Standard. Uses Snowflake account user name and password credentials to connect to Snowflake.

Note: For application ingestion and replication tasks, you can use only the Standard authentication method.

•Authorization Code. Uses the OAuth 2.0 protocol with Authorization Code grant type to connect to Snowflake. Authorization Code allows authorized access to Snowflake without sharing or storing your login credentials.
•KeyPair. Uses the private key file and private key file password, along with the existing Snowflake account user name to connect to Snowflake.
•Client Credentials. Uses the OAuth 2.0 protocol with the Client Credentials grant type to connect to Snowflake. Doesn't apply to application ingestion and replication and database ingestion and replication tasks.

You create a Snowflake Data Cloud connection on the Connections page. You can then use the connection when you read from or write data to Snowflake.

Standard authentication

When you set up a Snowflake Data Cloud connection, configure the connection properties.

The following table describes the Snowflake Data Cloud connection properties for the Standard authentication mode:

Property	Description
Connection Name	Name of the connection. Each connection name must be unique within the organization. Connection names can contain alphanumeric characters, spaces, and the following special characters: _ . + -, Maximum length is 255 characters.
Description	Description of the connection. Maximum length is 4000 characters.
Type	The Snowflake Data Cloud connection type.
Runtime Environment	The name of the runtime environment where you want to run the tasks. You cannot run application ingestion and replication tasks and database ingestion and replication tasks on a Hosted Agent or serverless runtime environment.
Authentication	The authentication method that the connector must use to log in to Snowflake. Select Standard. Default is Standard.
Username	The user name to connect to the Snowflake account.
Password	The password to connect to the Snowflake account.
Account	The name of the Snowflake account. For example, if the Snowflake URL is https://<123abc>.us-east-2.aws.snowflakecomputing.com/console/login#/, your account name is the first segment in the URL before snowflakecomputing.com. Here, 123abc.us-east-2.aws is your account name. If you use the Snowsight URL, for example, https://app.snowflake.com/us-east-2.aws/<123abc>/dashboard, your account name is 123abc.us-east-2.aws Note: Ensure that the account name doesn't contain underscores. To use an alias name, contact Snowflake Customer Support.
Warehouse	The Snowflake warehouse name.
Role	The Snowflake role assigned to the user.
Additional JDBC URL Parameters	The additional JDBC connection parameters. Enter one or more JDBC connection parameters in the following format: <param1>=<value>&<param2>=<value>&<param3>=<value>.... For example, pass the database and schema values when you connect to Snowflake: db=mydb&schema=public Important: Ensure that there is no space before and after the equal sign (=) when you add the parameters.

OAuth 2.0 authorization code authentication

The following table describes the Snowflake Data Cloud connection properties for an OAuth 2.0 - AuthorizationCode type connection:

Property	Description
Connection Name	Name of the connection. Each connection name must be unique within the organization. Connection names can contain alphanumeric characters, spaces, and the following special characters: _ . + -, Maximum length is 255 characters.
Description	Description of the connection. Maximum length is 4000 characters.
Type	The Snowflake Data Cloud connection type.
Runtime Environment	The name of the runtime environment where you want to run the tasks. You cannot run application ingestion and replication tasks and database ingestion and replication tasks on a Hosted Agent or serverless runtime environment.
Authentication	The authentication method that Snowflake Data Cloud Connector must use to log in to Snowflake. Select AuthorizationCode.
Account	The name of the Snowflake account. For example, if the Snowflake URL is https://<123abc>.us-east-2.aws.snowflakecomputing.com/console/login#/, your account name is the first segment in the URL before snowflakecomputing.com. Here, 123abc.us-east-2.aws is your account name. If you use the Snowsight URL, for example, https://app.snowflake.com/us-east-2.aws/<123abc>/dashboard, your account name is 123abc.us-east-2.aws Note: Ensure that the account name doesn't contain underscores. To use an alias name, contact Snowflake Customer Support.
Warehouse	The Snowflake warehouse name.
Additional JDBC URL Parameters	The additional JDBC connection parameters. Enter one or more JDBC connection parameters in the following format: <param1>=<value>&<param2>=<value>&<param3>=<value>.... For example, pass the database and schema values when you connect to Snowflake: db=mydb&schema=public Important: Ensure that there is no space before and after the equal sign (=) when you add the parameters.
Authorization URL	The Snowflake server endpoint that is used to authorize the user request. The authorization URL is https://<account name>.snowflakecomputing.com/oauth/authorize, where <account name> specifies the full name of your account provided by Snowflake. For example, https://<abc>.snowflakecomputing.com/oauth/authorize Note: If the account name contains underscores, use the alias name. You can also use the Authorization Code grant type that supports the authorization server in a Virtual Private Cloud network.
Access Token URL	The Snowflake access token endpoint that is used to exchange the authorization code for an access token. The access token URL is https://<account name>.snowflakecomputing.com/oauth/token-request, where <account name> specifies the full name of your account provided by Snowflake. For example, https://<abc>.snowflakecomputing.com/oauth/token-request Note: If the account name contains underscores, use the alias name.
Client ID	Client ID of your application generated when you create a security integration of type OAuth in Snowflake. For more information, see the Snowflake documentation. Not used by application ingestion and replication and database ingestion and replication tasks.
Client Secret	Client secret generated for the client ID. Not used by application ingestion and replication and database ingestion and replication tasks.
Scope	Determines the access control if the API endpoint has defined custom scopes. Enter space-separated scope attributes. For example, specify session:role:CQA_GCP as the scope to override the value of the default user role. The value must be one of the roles assigned in Security Integration. Not used by application ingestion and replication and database ingestion and replication tasks.
Access Token Parameters	Additional parameters to use with the access token URL. Define the parameters in the JSON format. For example, define the following parameters: [{"Name":"code_verifier","Value":"5PMddu6Zcg6Tc4sbg"}] Not used by application ingestion and replication and database ingestion and replication tasks.
Authorization Code Parameters	Additional parameters to use with the authorization token URL. Define the parameters in the JSON format. For example, define the following parameters: [{"Name":"code_challenge","Value":"Ikr-vv52th0UeVRi4"}, {"Name":"code_challenge_method","Value":"S256"}] Not used by application ingestion and replication tasks and database ingestion and replication tasks.
Access Token	The access token value. Enter the populated access token value, or click Generate Token to populate the access token value.
Generate Token	Generates the access token and refresh token based on the OAuth attributes you specified.
Refresh Token	The refresh token value. Enter the populated refresh token value, or click Generate Token to populate the refresh token value. If the access token is not valid or expires, the agent fetches a new access token with the help of the refresh token. Note: If the refresh token expires, provide a valid refresh token or regenerate a new refresh token by clicking Generate Token. Not used by application ingestion and replication and database ingestion and replication tasks.

Key pair authentication

The following table describes the Snowflake Data Cloud connection properties for the KeyPair authentication type connection:

Connection property	Description
Connection Name	Name of the connection. Each connection name must be unique within the organization. Connection names can contain alphanumeric characters, spaces, and the following special characters: _ . + -, Maximum length is 255 characters.
Description	Description of the connection. Maximum length is 4000 characters.
Type	The Snowflake Data Cloud connection type.
Runtime Environment	The name of the runtime environment where you want to run the tasks. You cannot run application ingestion and replication tasks and database ingestion and replication tasks on a Hosted Agent or serverless runtime environment.
Authentication	The authentication method to log in to Snowflake. Select KeyPair.
Username	The user name to connect to the Snowflake account.
Account	The name of the Snowflake account. For example, if the Snowflake URL is https://<123abc>.us-east-2.aws.snowflakecomputing.com/console/login#/, your account name is the first segment in the URL before snowflakecomputing.com. Here, 123abc.us-east-2.aws is your account name. If you use the Snowsight URL, for example, https://app.snowflake.com/us-east-2.aws/<123abc>/dashboard, your account name is 123abc.us-east-2.aws. Note: Ensure that the account name doesn't contain underscores. To use an alias name, contact Snowflake Customer Support.
Warehouse	The Snowflake warehouse name.
Additional JDBC URL Parameters	The additional JDBC connection parameters. Enter one or more JDBC connection parameters in the following format: <param1>=<value>&<param2>=<value>&<param3>=<value>.... For example, pass the database and schema values when you connect to Snowflake: db=mydb&schema=public Important: Ensure that there is no space before and after the equal sign (=) when you add the parameters.
Private Key File	Path to the private key file, including the private key file name, that the Secure Agent uses to access Snowflake. For example, specify the following path and key file name: - On Windows: C:\Users\path_to_key_file\rsa_key.p8 - On Linux: /export/home/user/path_to_key_file/rsa_key.p8 Note: Verify that the keystore is FIPS-certified.
Private Key Password	Password for the private key file.

Set JDBC URL Parameters

You can configure JDBC URL parameters in the Additional JDBC URL Parameters field in the Snowflake Data Cloud connection properties, regardless of which authentication type you select.

Data Ingestion and Replication tasks use only the following parameters:

•Required. To view only the specified database while importing a Snowflake table, enter the database name in the following format:

db=<database_name>

•Optional. To ignore double-quotation marks in object identifiers and treat all tables as case-insensitive, enter the following parameter:

QUOTED_IDENTIFIERS_IGNORE_CASE=true

When this property is set to true, Snowflake ignores double-quotation marks in object identifiers and treats all tables as case-insensitive.

Private links to access Snowflake

You can access Snowflake using Azure Private Link endpoints. When you create a Snowflake Data Cloud connection, specify the Snowflake private link account name.

The Azure Private Link setup ensures that the connection to Snowflake uses the Azure internal network and does not take place over the public Internet.

To connect to the Snowflake account over the private Azure network, see Azure Private Link and Snowflake.