Snowflake

Snowflake is a powerful cloud-based data platform that allows you to store, analyze, and visualize various types of data, including spatial data. If you have geographic information in your Snowflake database Felt provides a simple way to connect, query, and visualize this data on a map.

  1. Create a new, read-only user on your database for Felt access

  2. Click on the Library in the toolbar

  3. Click + New Source

  4. Select Snowflake

  5. Enter Connection Details

    1. Source Name: name of the source in Felt

    2. Account ID: Snowflake account identifier. Must include the name of the account along with its organization (e.g. myorg-account123)

    3. Database: name of the Snowflake database

    4. Username : database user — preferably a user with read-only permissions created specifically for Felt access.

    5. Schema: (optional) the name of the database schema to read. If not provided, all schemas from the database will be read.

    6. Role : the role that the database user should use. If not provided, the default role for the user will be used.

    7. Warehouse : the warehouse for the session. If not provided, the default warehouse for the user will be used.

    8. Authentication method : the desired authentication method and credentials to programmatically access the Snowflake database (see Supported Authentication Methods to learn more).

    9. Who can see this source?: control access to this source within Felt

  6. Click Connect

  7. Once connected you will see a catalog of your data with previews for your new source

  8. From here you can add any of these layers to your spatial dashboards!

Supported Authentication Methods

Key-pair authentication

Snowflake supports authentication using a key pair — a combination of a public key (assigned to a specific user in the Snowflake UI) and a private key (uploaded to Felt), optionally protected by a passphrase.

Step-by-step guide
  1. In a terminal, run the following code to create a public-private key pair. Snowflake recommends using encrypted private keys (protected with a password)

# Encrypted private key (add -nocrypt flag for unencrypted version without password)
openssl genrsa 2048 | openssl pkcs8 -topk8 -v2 des3 -inform PEM -out snowflake_rsa_key.p8

# Public key
openssl rsa -in snowflake_rsa_key.p8 -pubout -out snowflake_rsa_key.pub

  1. Create a new read-only role in a new SQL Worksheet. Make sure the role has read access to the desired warehouse and database, as well as all the desired contents including:

    • Schemas

    • Tables

    • Views

    • Materialized Views

    • Dynamic Tables

    *Remember to replace MY_DATABASE and MY_WAREHOUSE with the actual values for your desired database and warehouse.

CREATE ROLE IF NOT EXISTS FELT_READONLY_ROLE;

GRANT USAGE ON DATABASE MY_DATABASE TO FELT_READONLY_ROLE READONLY_ROLE;
GRANT USAGE ON WAREHOUSE MY_WAREHOUSE TO ROLE FELT_READONLY_ROLE;
GRANT USAGE ON ALL SCHEMAS IN DATABASE MY_DATABASE TO ROLE FELT_READONLY_ROLE;

GRANT SELECT ON ALL TABLES IN DATABASE MY_DATABASE TO ROLE FELT_READONLY_ROLE;
GRANT SELECT ON ALL VIEWS IN DATABASE MY_DATABASE TO ROLE FELT_READONLY_ROLE;
GRANT SELECT ON ALL MATERIALIZED VIEWS IN DATABASE MY_DATABASE TO ROLE FELT_READONLY_ROLE;
GRANT SELECT ON ALL DYNAMIC TABLES IN DATABASE MY_DATABASE TO ROLE FELT_READONLY_ROLE;
  1. Create a new read-only user and assign the public key to it. This is the same username you'll use in the Username when setting up the source connection.

    1. When pasting the public key contents, make sure to remove all newlines in addition to the public key headers (start with ---)

CREATE OR REPLACE USER FELT_READONLY_USER 
    DEFAULT_ROLE = 'FELT_READONLY_ROLE' 
    TYPE = SERVICE DEFAULT_SECONDARY_ROLES = ('ALL') 
    RSA_PUBLIC_KEY='MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhgUzdrUxT7F5w1A6CVslBZ7dS37JunCnJxHkmnVk26FO6jl4yVWuFrk4b31NrnErcaKXeQqR18burBcz73xgDwZL/wplBLk1AZb76A/xYUlbS1L0+vKyuOPOJo8l1n9JyJ7UiyVdeVMCeFQIaDKYErzvCJ/9BO8+fNPPJr2AdAYHHFOw9HnfqyHA4j3jYdk2A9f8iYkEV5iAVdMyn6/iXqnfZDbcwXqgvfSPrrk56HrAZtSAhiW3VFhGzTnJq5ekSDBvK+fPoykdfnceV5nOQJSC41aFdsR9mUqVdbQsh78B4Ff1g+1ujqPjp+GJa8YaMOaYpQP43AkWBGjaS87F+wIDAQAB'
    COMMENT = 'Service User with read-only access and key-pair authentication';
    
GRANT ROLE READONLY_ROLE TO USER READONLY_USER;
  1. When creating a Snowflake source in Felt, fill in the connection details specified above, then select the Key pair authentication method and upload your private key file (in this example, called snowflake_rsa_key.p8). If you created an encrypted private key, also provide the encryption password.

Programmatic Access Token

Programmatic Access Tokens (or PATs, for short) allow you to connect your Snowflake source to Felt using a user-based, long-lived token. Read Snowflake’s guide to generating programmatic access tokens.

Password (deprecated)

Last updated

Was this helpful?