This guide walks you through configuring and authenticating the Snowflake SQL tools in Airia, enabling your agents to interact with your Snowflake database.

Airia provides the following Snowflake tools:

  • Snowflake SQL Query Tool: To execute SQL queries against your Snowflake database.
  • Snowflake Metadata Retrieval Tool: To retrieve schema metadata for your Snowflake database.

Both tools are required for comprehensive interaction with your Snowflake Database.

Prerequisites

To connect Airia to your Snowflake account, you will need the following details:

  • Account Identifier: Your Snowflake account ID (e.g., ORGANIZATION-ACCOUNT).
  • User name: The username for the Snowflake user account.
  • Database name: The name of the database you want to connect to.
  • Warehouse name: The name of the warehouse to use for queries.
  • Type of Authentication: Whether your Private Key is encrypted or unencrypted.

💡 Note: It is highly recommended to use a user account with the least necessary privileges for this integration. See the Required Snowflake Permissions section for details.

Retrieve Snowflake Connection Details

Follow these steps to obtain your Snowflake account identifier:

  1. Log in to your Snowflake account.
  2. Navigate to your profile menu (usually in the top right corner).
  3. Your Account identifier will typically be displayed there, following the format ORGANIZATION-ACCOUNT (e.g., ODWKPWH.QZE19753).

Setup Key-Pair Authentication

Snowflake tools in Airia utilize Key-Pair Authentication for secure connections. This requires generating a private key file and uploading its corresponding public key to Snowflake.

  1. Follow the instructions in the Snowflake documentation for Key Pair Authentication to generate your private key file (e.g., using OpenSSL).
  2. Upload the corresponding Public key file to your Snowflake user with the ALTER USER <username> SET RSA_PUBLIC_KEY='<public_key_content>'; command.
  3. Securely save your generated Private Key file.
  4. If your Private Key file is encrypted, also securely save the passphrase you used.

Add and Configure Snowflake Tools

Follow these steps to add and configure each Snowflake tool:

  1. Add the Snowflake SQL Query Tool:
    • Navigate to the Tools section in your Airia dashboard.
    • From the library, select Snowflake SQL Query to add it to your project.
  2. Provide Connection Details:
    • On the tool configuration page, provide the following values:
      • Account ID: Your Snowflake account identifier (e.g., ORGANIZATION-ACCOUNT).
      • User name: The Snowflake user account.
      • Database name: The target database.
      • Warehouse name: The warehouse to use.
    • For the Private Key, you must create a new Credentials object. Select the type that matches your private key (e.g., Encrypted Private Key or Unencrypted Private Key) and provide the private key content and passphrase (if applicable).
  3. Save the Tool:
    • Click Save to add the configured tool to your library.
  4. Repeat for Metadata Tool:
    • Repeat steps 1-3 for the Snowflake Metadata Retrieval Tool, providing the same connection values.

Required Snowflake Permissions

To connect your Snowflake tools to the Airia platform, it is recommended to use a User Account that has the least-privilege permissions necessary to interact with your data.

The Snowflake user account configured in the Airia tool needs a role with the following privileges:

  • USAGE privilege on the target Warehouse.
  • USAGE privilege on the target Database.
  • USAGE privilege on the target Schema(s) in the database.
  • SELECT privilege on the specific Tables in the schema(s) that you want the tools to query metadata for and run queries against.

The user must also have Key-Pair Authentication set up and configured with a public key in Snowflake (as described in the Setup Key-Pair Authentication section). The private key file is used within the Airia tool configuration.

A Snowflake administrator (using a role like ACCOUNTADMIN or SECURITYADMIN) can use the following SQL template to create a dedicated read-only role and user with the necessary grants:

USE ROLE ACCOUNTADMIN; -- Or SECURITYADMIN

-- 1. Create a dedicated role for Airia tool access (if it doesn't exist)
CREATE ROLE IF NOT EXISTS TOOL_READ_ONLY_ROLE
    COMMENT = 'Role for read-only access for Airia tool access';

-- 2. Grant USAGE privilege on the compute warehouse
GRANT USAGE ON WAREHOUSE <your_warehouse_name> TO ROLE TOOL_READ_ONLY_ROLE;

-- 3. Grant USAGE privilege on the target database
GRANT USAGE ON DATABASE <your_database_name> TO ROLE TOOL_READ_ONLY_ROLE;

-- 4. Grant USAGE privilege on the target schema
GRANT USAGE ON SCHEMA <your_database_name>.<your_schema_name> TO ROLE TOOL_READ_ONLY_ROLE;

-- 5. Grant SELECT privilege on tables within the schema (for existing and future tables)
GRANT SELECT ON ALL TABLES IN SCHEMA <your_database_name>.<your_schema_name> TO ROLE TOOL_READ_ONLY_ROLE;
GRANT SELECT ON FUTURE TABLES IN SCHEMA <your_database_name>.<your_schema_name> TO ROLE TOOL_READ_ONLY_ROLE;

-- 6. Create the dedicated user for Airia (if it doesn't exist)
CREATE USER IF NOT EXISTS <airia_service_user_name>
    RSA_PUBLIC_KEY = '<paste_public_key_content_here>' -- Content from your generated public key file
    MUST_CHANGE_PASSWORD = FALSE -- Required for key-pair authentication
    DEFAULT_WAREHOUSE = '<your_warehouse_name>' -- Recommended: Set default warehouse
    DEFAULT_ROLE = 'TOOL_READ_ONLY_ROLE' -- Recommended: Set default role
    COMMENT = 'Read only user account for Airia tool access';

-- 7. Grant the dedicated role to the user
GRANT ROLE TOOL_READ_ONLY_ROLE TO USER <airia_service_user_name>;

-- 8. Verify grants (Optional)
SHOW GRANTS TO ROLE TOOL_READ_ONLY_ROLE;
SHOW GRANTS ON USER <airia_service_user_name>;

⚠️ Warning: Ensure that these steps are carried out from an account with sufficient privileges (e.g., ACCOUNTADMIN or SECURITYADMIN) to create a new user account and manage grants.

Next Steps

Now that your Snowflake tools are added, you can integrate them into an agent to query your Snowflake database.