Connect to Snowflake
Learn how to connect your Snowflake database to Retool.
You can use the Snowflake integration to create a resource and make it available in Retool. Once complete, your users can write queries that interact with Snowflake data.
Requirements
The Snowflake integration requirements depend on whether you have a cloud-hosted or self-hosted Retool organization. You may also need to make Snowflake configuration changes before creating the resource.
- Cloud-hosted organizations
- Self-hosted organizations
Sufficient user permissions to create resources
All users for Retool organizations on Free or Team plans have global Edit permissions and can add, edit, and remove resources. If your organization manages user permissions for resources, you must be a member of a group with Edit all permissions.
Allow Retool to access the data source
If the data source is behind a firewall or restricts access based on IP address, then you must ensure that your Retool organization can access it. If necessary, configure your data source to allow access from Retool's IP addresses.
3.77.79.248/30
35.90.103.132/30
44.208.168.68/30
3.77.79.249
3.77.79.250
35.90.103.132
35.90.103.133
35.90.103.134
35.90.103.135
44.208.168.68
44.208.168.69
44.208.168.70
44.208.168.71
Retool is building support for querying firewalled resources without allowlisting Retool’s IP address. To learn more or be considered for early access, contact cloud-connect@retool.com.
Snowflake settings and authentication
You must have sufficient access and familiarity with your Snowflake data source so you can provide:
- Required connection settings (e.g., URL and server variables).
- Authentication credentials (e.g., API keys).
In some cases, you may need to make changes to your Snowflake configuration, such as generating authentication credentials or allowing access through a firewall. Refer to the configuration and authentication sections to learn more.
Custom OAuth 2.0 client credentials
Authentication is performed using a custom OAuth 2.0 client app. You must create this client and then provide its credentials. Once configured, your users are redirected to Snowflake to sign in and authorize Retool to access data.
OAuth apps typically require the following values during creation:
- OAuth callback URL: The URL to which users are redirected once they have successfully signed in.
- Scopes : The permissions granted to Retool. Each scope defines a specific set of permissions (e.g.,
messages:read
to read messagesusers:write
to create new users). You must ensure that any scopes defined in your OAuth app matches the scopes you specify when configuring the resource.
Once you've created an OAuth app you can obtain its credentials, such as the Client ID and Client secret. You then provide these to configure Retool for OAuth authentication.
Refer to the Snowflake documentation for detailed instructions on creating an OAuth app.
Retool uses per-user authentication to connect to Snowflake using OAuth.
Sufficient user permissions to create resources
All users for Retool organizations on Free or Team plans have global Edit permissions and can add, edit, and remove resources. If your organization manages user permissions for resources, you must be a member of a group with Edit all permissions.
Allow your deployment to access the data source
Your self-hosted deployment must have access to the data source. Ensure that any potential firewall rules for either the data source or your deployment instance are updated to allow them to communicate.
Snowflake settings and authentication
You must have sufficient access and familiarity with your Snowflake data source so you can provide:
- Required connection settings (e.g., URL and server variables).
- Authentication credentials (e.g., API keys).
In some cases, you may need to make changes to your Snowflake configuration, such as generating authentication credentials or allowing access through a firewall. Refer to the configuration and authentication sections to learn more.
Custom OAuth 2.0 client credentials
Authentication is performed using a custom OAuth 2.0 client app. You must create this client and then provide its credentials. Once configured, your users are redirected to Snowflake to sign in and authorize Retool to access data.
OAuth apps typically require the following values during creation:
- OAuth callback URL: The URL to which users are redirected once they have successfully signed in.
- Scopes : The permissions granted to Retool. Each scope defines a specific set of permissions (e.g.,
messages:read
to read messagesusers:write
to create new users). You must ensure that any scopes defined in your OAuth app matches the scopes you specify when configuring the resource.
Once you've created an OAuth app you can obtain its credentials, such as the Client ID and Client secret. You then provide these to configure Retool for OAuth authentication.
Refer to the Snowflake documentation for detailed instructions on creating an OAuth app.
Retool uses per-user authentication to connect to Snowflake using OAuth.
Configure the resource
Sign in to your Retool organization and navigate to the Resources tab. Click Create new > Resource, then select Snowflake.
Configuration
Specify the name, location, and description to use for your Snowflake resource. Retool displays the resource name and type in query editors to help users identify them.
Provide the following configuration settings to create the resource. Depending on how your data source is configured, you may also need to provide optional settings for Retool to connect.
- Cloud-hosted organizations
- Self-hosted organizations
Name
The name to use for the resource.
Description
A description of the resource.
Account identifier
The account identifier to use.
Database name
The name of the database to use.
Schema
The default schema to use.
Warehouse
The warehouse to use.
User role
The user role.
Disable converting queries to prepared statements
Whether to disable SQL injection protection that allows dynamically generated SQL using JavaScript.
Show write GUI mode only
Whether to prevent users from writing raw SQL statements and only make changes using GUI mode queries.
Fetch Number and Integer column types as Big Int
Whether to retrieve number and integer columns with high-precision.
Use dynamic database names
Whether to override the database name with a dynamically generated value. This allows using Retool with a database that has been sharded into several different databases.
Use dynamic role names
Whether to override the warehouse name with a dynamically generated value.
Use dynamic warehouse names
Whether to override the warehouse name with a dynamically generated value.
Override default outbound Retool region
Retool connects to your data source from the us-west-2
region. Choosing a different outbound region can improve performance through geographic proximity.
Region | Location |
---|---|
us-west-2 | US West (Oregon) |
eu-central-1 | (Frankfurt, Germany) |
Name
The name to use for the resource.
Description
A description of the resource.
Account identifier
The account identifier to use.
Database name
The name of the database to use.
Schema
The default schema to use.
Warehouse
The warehouse to use.
User role
The user role.
Disable converting queries to prepared statements
Whether to disable SQL injection protection that allows dynamically generated SQL using JavaScript.
Show write GUI mode only
Whether to prevent users from writing raw SQL statements and only make changes using GUI mode queries.
Fetch Number and Integer column types as Big Int
Whether to retrieve number and integer columns with high-precision.
Use dynamic database names
Whether to override the database name with a dynamically generated value. This allows using Retool with a database that has been sharded into several different databases.
Use dynamic role names
Whether to override the warehouse name with a dynamically generated value.
Use dynamic warehouse names
Whether to override the warehouse name with a dynamically generated value.