# Snowflake

Snowflake is a cloud data warehouse used to store and analyze large volumes of structured data. Connecting Snowflake to Duvo lets your assignments query your warehouse directly, pulling metrics, exploring tables, and using live data to inform decisions and reports.

## Setup

### Prerequisites

* A Snowflake account with key-pair authentication enabled for the connecting user.
* An RSA key pair generated for the user. The public key must be registered in Snowflake, and you will provide the private key to Duvo. See [Snowflake's key-pair authentication guide](https://docs.snowflake.com/en/user-guide/key-pair-auth) for setup steps.
* A compute warehouse available for the role you plan to use.

### Required Permissions

* The Snowflake role you specify must have `USAGE` on the target warehouse, database, and schema.
* The role must have `SELECT` privileges on any tables or views your assignments need to read.

### Connection Fields

| Field           | Description                                                                                                                                                                                                                                                 |
| --------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Private Key** | The RSA private key for authentication, in PEM format. Include the full key including the `-----BEGIN PRIVATE KEY-----` and `-----END PRIVATE KEY-----` lines.                                                                                              |
| **Account**     | Your Snowflake account identifier in either the `orgname-accountname` format (e.g., `myorg-myaccount`) or the legacy locator format (e.g., `xy12345.us-east-1`). Find this in your Snowflake account URL or under **Admin > Accounts** in the Snowflake UI. |
| **Username**    | The Snowflake user configured with your public key.                                                                                                                                                                                                         |
| **Database**    | The default database to connect to.                                                                                                                                                                                                                         |
| **Schema**      | The default schema within the database.                                                                                                                                                                                                                     |
| **Warehouse**   | The compute warehouse to use for queries.                                                                                                                                                                                                                   |
| **Role**        | The Snowflake role to assume for the session. This determines what data the assignment can access.                                                                                                                                                          |

### Optional Fields

| Field                      | Description                                                              |
| -------------------------- | ------------------------------------------------------------------------ |
| **Private Key Passphrase** | The passphrase used to decrypt the private key, if the key is encrypted. |

### Third-Party Documentation

* [Snowflake key-pair authentication](https://docs.snowflake.com/en/user-guide/key-pair-auth) — generating RSA keys and assigning the public key to a user.
* [Snowflake account identifiers](https://docs.snowflake.com/en/user-guide/admin-account-identifier) — how to find your account identifier.
* [Snowflake access control](https://docs.snowflake.com/en/user-guide/security-access-control-overview) — understanding roles, privileges, and granting SELECT access.

## Capabilities

* **Run read-only SQL queries** — execute SELECT, WITH (CTEs), SHOW, DESCRIBE, and EXPLAIN statements against your warehouse. Write operations are not permitted.
* **Discover tables and schemas** — list all tables in a given database and schema, including row counts and comments, so assignments can understand the data landscape before querying.
* **Verify connection details** — check the active user, role, database, schema, and warehouse to confirm the session is configured correctly.
* **Export large result sets** — query results exceeding 5,000 rows are automatically exported as CSV files for downstream analysis rather than returned inline.

## Key Benefits

* **Live warehouse data** — assignments read directly from Snowflake instead of relying on stale exports or manual data pulls.
* **Safe by design** — only read-only operations are allowed, so your data cannot be modified through Duvo.
* **Role-scoped access** — the Snowflake role you specify controls exactly which databases, schemas, and tables the assignment can reach.
* **Large-scale results** — automatic CSV export handles result sets of any size without truncation.
* **Key-pair authentication** — no passwords are stored; authentication uses RSA key pairs for stronger security.

## Works Well With

* **Google Sheets** — query Snowflake data and write the results into a spreadsheet for stakeholder review or recurring reports.
* **Gmail or Outlook** — pull warehouse metrics and include them in automated email summaries or alerts.
* **Slack** — monitor key business thresholds in Snowflake and post notifications to a channel when values change.