Snowflake
Loads data directly into Snowflake tables.
For a full end-to-end walkthrough, see the Snowflake Quick Start.
Configuration
warehouse:
kind: snowflake
database: ANALYTICS
schema: RAW
warehouse: COMPUTE_WH
role: ACCOUNTADMIN| Field | Default | Description |
|---|---|---|
database | (required) | Snowflake database |
schema | (required) | Target schema |
warehouse | Compute warehouse | |
role | Snowflake role |
CLI
skippr connect warehouse snowflake \
--database ANALYTICS \
--schema RAW \
--warehouse COMPUTE_WH \
--role ACCOUNTADMINOr run without flags to be prompted interactively.
| Flag | Description |
|---|---|
--database | Snowflake database name |
--schema | Bronze/raw schema where extracted data lands |
--warehouse | Compute warehouse |
--role | Role with appropriate grants |
Config output
Running connect warehouse snowflake writes the following to skippr.yaml:
warehouse:
kind: snowflake
database: ANALYTICS
schema: RAW
warehouse: COMPUTE_WH
role: ACCOUNTADMINAuthentication
Authentication is always via environment variables — credentials are never stored in the config file.
| Variable | Description |
|---|---|
SNOWFLAKE_ACCOUNT | Account identifier (e.g. MYORG-MYACCOUNT or xy12345.us-east-1) |
SNOWFLAKE_USER | Login username (or service account name) |
SNOWFLAKE_PRIVATE_KEY_PATH | Path to .p8 private key file (key-pair auth, recommended) |
SNOWFLAKE_PASSWORD | Password (only when MFA is not enforced) |
Key-pair authentication (recommended)
Key-pair auth is recommended and required when MFA is enabled on the Snowflake account. It works with both regular user accounts and service accounts.
Install OpenSSL (Windows)
OpenSSL is pre-installed on macOS and most Linux distributions. On Windows, install it first:
winget install OpenSSLRestart your terminal after installing so the openssl command is available.
Generate the key pair
openssl genrsa 2048 | openssl pkcs8 -topk8 -inform PEM -out snowflake_key.p8 -nocrypt
openssl rsa -in snowflake_key.p8 -pubout -out snowflake_key.pubAssign the public key
For a regular user account:
ALTER USER myuser SET RSA_PUBLIC_KEY='MIIBIjANBgkqh...';For a service account (see below):
ALTER USER skippr_svc SET RSA_PUBLIC_KEY='MIIBIjANBgkqh...';Set the environment variable
export SNOWFLAKE_PRIVATE_KEY_PATH="/path/to/snowflake_key.p8"$env:SNOWFLAKE_PRIVATE_KEY_PATH = "C:\path\to\snowflake_key.p8"Service account authentication
A Snowflake service account is a dedicated, non-interactive user designed for automated workloads like Skippr. Using a service account means:
- No impact on personal accounts — the service user is separate from human users, so MFA policies, password rotations, and account lockouts don't interrupt pipelines.
- Least-privilege by default — grant only the specific roles and warehouses Skippr needs.
- Audit clarity — all Skippr activity appears under a distinct user in Snowflake's query history.
Create the service account
CREATE USER skippr_svc
TYPE = SERVICE
DEFAULT_ROLE = SKIPPR_ROLE
DEFAULT_WAREHOUSE = COMPUTE_WH
RSA_PUBLIC_KEY = 'MIIBIjANBgkqh...';
CREATE ROLE SKIPPR_ROLE;
GRANT ROLE SKIPPR_ROLE TO USER skippr_svc;Then grant the required privileges to SKIPPR_ROLE.
Environment variables
export SNOWFLAKE_ACCOUNT="MYORG-MYACCOUNT"
export SNOWFLAKE_USER="skippr_svc"
export SNOWFLAKE_PRIVATE_KEY_PATH="/path/to/snowflake_key.p8"Everything else works the same — skippr connect warehouse snowflake, skippr run, etc.
Required grants
The role needs:
USAGEon the warehouseUSAGEon the databaseUSAGEandCREATE TABLEon the raw schemaCREATE SCHEMAon the database (for silver/gold schema creation)
Example grants for a dedicated role:
GRANT USAGE ON WAREHOUSE COMPUTE_WH TO ROLE SKIPPR_ROLE;
GRANT USAGE ON DATABASE ANALYTICS TO ROLE SKIPPR_ROLE;
GRANT USAGE ON SCHEMA ANALYTICS.RAW TO ROLE SKIPPR_ROLE;
GRANT CREATE TABLE ON SCHEMA ANALYTICS.RAW TO ROLE SKIPPR_ROLE;
GRANT CREATE SCHEMA ON DATABASE ANALYTICS TO ROLE SKIPPR_ROLE;Troubleshooting
| Symptom | Fix |
|---|---|
Failed to connect: 250001 | Check the SNOWFLAKE_ACCOUNT format — use the org-account form (e.g. MYORG-MYACCOUNT) or include the region (e.g. xy12345.us-east-1) |
Incorrect username or password | Verify SNOWFLAKE_USER and auth env vars |
Insufficient privileges | Ensure the role has the grants listed above |
390197 — Multi-factor authentication is required | Switch to key-pair auth — password auth cannot work when MFA is enforced |
openssl: command not found | Install OpenSSL — on Windows: winget install OpenSSL, then restart your terminal |
Further reading
- Install Skippr — full install guide including Windows
- Quick Start: Snowflake — end-to-end MSSQL → Snowflake walkthrough
- Snowflake service accounts — Snowflake documentation
- Snowflake key-pair authentication — Snowflake documentation
CDC
Snowflake supports CDC with exactly-once MERGE semantics. Skippr automatically creates _skippr_order_token columns and tombstone tables.
See CDC Destinations -- Snowflake for details.