Snowflake Integration

Connecting Snowflake to Retool

1. Get Snowflake Details & Whitelist Retool IP Address

You can get your database connection details from whoever set up the database. You'll also need to get them to whitelist the Retool IP address.

2. Add to Retool

Create a new resource in Retool, and select "Snowflake" as the type.

Enter your database connection details.

3. Create Queries

You can now select your newly-created Snowflake resource from the Resource dropdown when creating queries in your Retool apps. You can toggle between SQL mode for raw SQL statements or the GUI mode for structured writes.

You can display the results of Snowflake queries as with any other query in Retool:

Configuring Per-User OAuth in Snowflake

Instead of providing one pair of credentials username and password into Snowflake, it may be useful to configure per-user authentication via logging into Snowflake.

OAuth allows database administrators to:

  • Audit Retool users who run queries against the database
  • Enforce role-based access controls using Snowflake permissions
  • Use OAuth tokens for all processes and actions that access Snowflake, instead of embedding Snowflake IDs and passwords in multiple places
  • Revoke authorization for a given user through Snowflake

With Snowflake connections that use OAuth, users must log in again periodically when their OAuth tokens expire. The duration of validity for Snowflake OAuth tokens is set through Snowflake itself.

In order to set up a Snowflake OAuth-based resource, you will need to follow some additional steps within your Snowflake instance.

Setting up Snowflake OAuth

📘

Note: Admin credentials required

Creating a SECURITY_INTEGRATION in Snowflake requires the ACCOUNTADMIN role or a global CREATE INTEGRATION privilege

  1. You'll need to create a SECURITY_INTEGRATION in Snowflake.
CREATE SECURITY INTEGRATION RETOOL
TYPE = OAUTH
ENABLED = TRUE
OAUTH_CLIENT = CUSTOM
OAUTH_CLIENT_TYPE = 'CONFIDENTIAL'
OAUTH_REDIRECT_URI = 'oauth.<your-retool-domain>/oauth/user/callback'

Where <your-retool-domain> is the hostname of your Retool instance. Verify that this domain matches the domain listed when creating a Snowflake resource with OAuth authentication in Retool.

More information on creating security integrations can be found in the Snowflake documentation

  1. Get the OAuth Client ID and Client Secret by running the command:
SELECT SYSTEM$SHOW_OAUTH_CLIENT_SECRETS('RETOOL');

You should see the OAUTH_CLIENT_ID and OAUTH_CLIENT_SECRET in the response of this query.

  1. In Retool, create a new Snowflake resource, and select OAuth as the authentication method.
  1. Input your Client ID and Client Secret in Step 2

  2. Click Test OAuth integration with your own account after filling out the Resource name, Account name, and Database name

  3. You should see the browser open up a Snowflake login page. After logging in, the page should successfully redirect back to the resource.

  4. You're all set! Try using your new Snowflake resource.

Updated about a month ago


Snowflake Integration


Connecting Snowflake to Retool

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.