Skip to main content
Snowflake is a cloud-native data warehouse platform that enables scalable storage, processing, and analytics across AWS, Azure, and GCP. With BonData, you can connect to your Snowflake warehouse to read, enrich, and act on your data directly within Agent workflows. BonData supports two authentication methods for Snowflake.
We strongly recommend using Key Pair Authentication for a stable, long-lived connection. OAuth connections expire after a maximum of 90 days, after which you will need to reconnect. Key pair authentication does not have this limitation.

OAuth Authentication

Expires after up to 90 days

Key Pair Authentication

Recommended for stable, long-lived connections

OAuth Authentication

Follow these steps to configure OAuth authentication for BonData.

Step 1: Create a Security Integration

Run this SQL in Snowflake as an ACCOUNTADMIN: 
CREATE OR REPLACE SECURITY INTEGRATION bondata_oauth
  TYPE = OAUTH
  ENABLED = TRUE
  OAUTH_CLIENT = CUSTOM
  OAUTH_CLIENT_TYPE = 'CONFIDENTIAL'
  OAUTH_REDIRECT_URI = 'https://app.bondata.ai/auth/oauth2/callback'
  OAUTH_ISSUE_REFRESH_TOKENS = TRUE
  OAUTH_REFRESH_TOKEN_VALIDITY = 7776000;

Step 2: Get OAuth Credentials

Run these commands to retrieve your credentials: 
-- Get the Client ID
SELECT SYSTEM$SHOW_OAUTH_CLIENT_SECRETS('BONDATA_OAUTH');
This returns:
  • OAUTH_CLIENT_ID - your Client ID
  • OAUTH_CLIENT_SECRET - your Client Secret

Step 3: Get Your Account URL

Your Snowflake URL is in the format:
  • https://<account_identifier>.snowflakecomputing.com
Find your account identifier in Snowflake under AdminAccounts.

Step 4: Enter Credentials

Enter your Client ID, Client Secret, and Snowflake URL in BonData, then click Connect to authorize via OAuth.

Required Fields (OAuth)

FieldDescription
Client IDOAuth Client ID from security integration
Client SecretOAuth Client Secret from security integration
URLYour Snowflake account URL

Key Pair Authentication

Follow these steps to set up key pair authentication for Snowflake.

Step 1: Generate a Key Pair

Run these commands in your terminal: 
# Generate private key (encrypted)
openssl genrsa 2048 | openssl pkcs8 -topk8 -inform PEM -out rsa_key.p8

# Generate public key
openssl rsa -in rsa_key.p8 -pubout -out rsa_key.pub
You’ll be prompted to create a passphrase for the private key.

Step 2: Create a Snowflake User

Run this SQL in Snowflake: 
-- Create a user for BonData
CREATE USER bondata_user
  PASSWORD = 'temporary_password'
  DEFAULT_ROLE = PUBLIC
  MUST_CHANGE_PASSWORD = FALSE;

-- Assign the public key to the user
ALTER USER bondata_user SET RSA_PUBLIC_KEY='<paste public key content here>';

Step 3: Grant Permissions

-- Grant access to the warehouse
GRANT USAGE ON WAREHOUSE <your_warehouse> TO USER bondata_user;

-- Grant access to the database and schema
GRANT USAGE ON DATABASE <your_database> TO USER bondata_user;
GRANT USAGE ON SCHEMA <your_database>.<your_schema> TO USER bondata_user;

-- Grant SELECT on tables
GRANT SELECT ON ALL TABLES IN SCHEMA <your_database>.<your_schema> TO USER bondata_user;
GRANT SELECT ON FUTURE TABLES IN SCHEMA <your_database>.<your_schema> TO USER bondata_user;

Step 4: Get Your Account Identifier

Your account identifier is in your Snowflake URL:
  • URL: https://abc12345.us-east-1.snowflakecomputing.com
  • Account: abc12345.us-east-1

Step 5: Enter Credentials

Enter the URL, User, Account, and upload your private key file in BonData.

Required Fields (Key Pair)

FieldDescription
URLYour Snowflake account URL
UserThe Snowflake user with the public key
AccountYour Snowflake account identifier
Private KeyThe private key file (rsa_key.p8)
PassphraseThe passphrase for your private key