You can get your database connection details from whoever set up the database. You'll also need to get them to whitelist the Retool IP address.
Create a new resource in Retool, and select "Snowflake" as the type.
Enter your database connection details.
You can now select your newly-created Snowflake resource from the Resource dropdown when creating queries in your Retool apps. You can toggle between SQL mode for raw SQL statements or the GUI mode for structured writes.
You can display the results of Snowflake queries as with any other query in Retool:
Instead of providing one pair of credentials
password into Snowflake, it may be useful to configure per-user authentication via logging into Snowflake.
OAuth allows database administrators to:
- Audit Retool users who run queries against the database
- Enforce role-based access controls using Snowflake permissions
- Use OAuth tokens for all processes and actions that access Snowflake, instead of embedding Snowflake IDs and passwords in multiple places
- Revoke authorization for a given user through Snowflake
With Snowflake connections that use OAuth, users must log in again periodically when their OAuth tokens expire. The duration of validity for Snowflake OAuth tokens is set through Snowflake itself.
In order to set up a Snowflake OAuth-based resource, you will need to follow some additional steps within your Snowflake instance.
Note: Admin credentials required
SECURITY_INTEGRATIONin Snowflake requires the
ACCOUNTADMINrole or a global
- You'll need to create a
CREATE SECURITY INTEGRATION RETOOL TYPE = OAUTH ENABLED = TRUE OAUTH_CLIENT = CUSTOM OAUTH_CLIENT_TYPE = 'CONFIDENTIAL' OAUTH_REDIRECT_URI = 'oauth.<your-retool-domain>/oauth/user/callback'
<your-retool-domain> is the hostname of your Retool instance. Verify that this domain matches the domain listed when creating a Snowflake resource with OAuth authentication in Retool.
More information on creating security integrations can be found in the Snowflake documentation
- Get the OAuth Client ID and Client Secret by running the command:
You should see the
OAUTH_CLIENT_SECRET in the response of this query.
- In Retool, create a new Snowflake resource, and select
OAuthas the authentication method.
Input your Client ID and Client Secret in Step 2
Test OAuth integration with your own accountafter filling out the Resource name, Account name, and Database name
You should see the browser open up a Snowflake login page. After logging in, the page should successfully redirect back to the resource.
You're all set! Try using your new Snowflake resource.
Updated about a month ago