Set up Snowflake drivers and configure authentication for Node.js (snowflake-sdk) and Python (snowflake-connector-python).
<orgname>-<account_name> or legacy <account_locator>.<region>)# Node.js — official driver from snowflakedb
npm install snowflake-sdk
# Python — official connector
pip install snowflake-connector-python
# Python with pandas support
pip install "snowflake-connector-python[pandas]"
| Method | Use Case | Env Vars Needed |
|---|---|---|
| Password | Quick dev setup | SNOWFLAKE_ACCOUNT, SNOWFLAKE_USER, SNOWFLAKE_PASSWORD |
| Key Pair | CI/CD, service accounts | SNOWFLAKE_ACCOUNT, SNOWFLAKE_USER, SNOWFLAKE_PRIVATE_KEY_PATH |
| External Browser SSO | Interactive dev | SNOWFLAKE_ACCOUNT, SNOWFLAKE_USER |
| OAuth | Enterprise SSO integration | SNOWFLAKE_ACCOUNT, SNOWFLAKE_OAUTH_TOKEN |
// src/snowflake/client.ts
import snowflake from 'snowflake-sdk';
const connection = snowflake.createConnection({
account: process.env.SNOWFLAKE_ACCOUNT!, // e.g. 'myorg-myaccount'
username: process.env.SNOWFLAKE_USER!,
password: process.env.SNOWFLAKE_PASSWORD!,
warehouse: process.env.SNOWFLAKE_WAREHOUSE || 'COMPUTE_WH',
database: process.env.SNOWFLAKE_DATABASE,
schema: process.env.SNOWFLAKE_SCHEMA || 'PUBLIC',
role: process.env.SNOWFLAKE_ROLE || 'PUBLIC',
});
connection.connect((err, conn) => {
if (err) {
console.error('Unable to connect:', err.message);
return;
}
console.log('Connected as id:', conn.getId());
});
# src/snowflake_client.py
import snowflake.connector
import os
conn = snowflake.connector.connect(
account=os.environ['SNOWFLAKE_ACCOUNT'],
user=os.environ['SNOWFLAKE_USER'],
password=os.environ['SNOWFLAKE_PASSWORD'],
warehouse=os.environ.get('SNOWFLAKE_WAREHOUSE', 'COMPUTE_WH'),
database=os.environ.get('SNOWFLAKE_DATABASE'),
schema=os.environ.get('SNOWFLAKE_SCHEMA', 'PUBLIC'),
role=os.environ.get('SNOWFLAKE_ROLE', 'PUBLIC'),
)
print(f"Connected: {conn.get_query_id()}")
# Generate 2048-bit RSA key pair
openssl genrsa 2048 | openssl pkcs8 -topk8 -inform PEM -out rsa_key.p8 -nocrypt
openssl rsa -in rsa_key.p8 -pubout -out rsa_key.pub
# Assign public key to Snowflake user
# Run in Snowflake worksheet:
# ALTER USER my_service_user SET RSA_PUBLIC_KEY='MIIBIj...';
import snowflake from 'snowflake-sdk';
import fs from 'fs';
import path from 'path';
const privateKey = fs.readFileSync(
path.resolve(process.env.SNOWFLAKE_PRIVATE_KEY_PATH!),
'utf-8'
);
const connection = snowflake.createConnection({
account: process.env.SNOWFLAKE_ACCOUNT!,
username: process.env.SNOWFLAKE_USER!,
authenticator: 'SNOWFLAKE_JWT',
privateKey: privateKey,
warehouse: 'COMPUTE_WH',
database: 'MY_DB',
schema: 'PUBLIC',
});
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.backends import default_backend
with open(os.environ['SNOWFLAKE_PRIVATE_KEY_PATH'], 'rb') as key_file:
private_key = serialization.load_pem_private_key(
key_file.read(), password=None, backend=default_backend()
)
conn = snowflake.connector.connect(
account=os.environ['SNOWFLAKE_ACCOUNT'],
user=os.environ['SNOWFLAKE_USER'],
private_key=private_key,
warehouse='COMPUTE_WH',
database='MY_DB',
schema='PUBLIC',
)
const connection = snowflake.createConnection({
account: process.env.SNOWFLAKE_ACCOUNT!,
username: process.env.SNOWFLAKE_USER!,
authenticator: 'EXTERNALBROWSER',
warehouse: 'COMPUTE_WH',
});
// Opens browser for IdP login, returns token to driver
# .env (NEVER commit — add to .gitignore)
SNOWFLAKE_ACCOUNT=myorg-myaccount
SNOWFLAKE_USER=my_user
SNOWFLAKE_PASSWORD=my_password
SNOWFLAKE_WAREHOUSE=COMPUTE_WH
SNOWFLAKE_DATABASE=MY_DB
SNOWFLAKE_SCHEMA=PUBLIC
SNOWFLAKE_ROLE=SYSADMIN
SNOWFLAKE_PRIVATE_KEY_PATH=./rsa_key.p8
# .gitignore additions
.env
.env.local
rsa_key.p8
rsa_key.pub
connection.connect((err, conn) => {
if (err) { console.error(err.message); return; }
conn.execute({
sqlText: 'SELECT CURRENT_WAREHOUSE(), CURRENT_DATABASE(), CURRENT_ROLE()',
complete: (err, stmt, rows) => {
if (err) { console.error(err.message); return; }
console.log('Context:', rows?.[0]);
},
});
});
| Error | Cause | Solution |
|---|---|---|
390100: Incorrect username or password |
Bad credentials | Verify user/password in Snowflake console |
390144: JWT token is invalid |
Wrong private key or expired | Regenerate key pair, re-assign public key |
390429: IP ... is not allowed to access Snowflake |
Network policy blocking | Add IP to network policy allowlist |
ECONNREFUSED / ENOTFOUND |
Wrong account identifier | Use format orgname-accountname (not URL) |
Could not connect to Snowflake backend |
Firewall or proxy | Allow outbound HTTPS to *.snowflakecomputing.com |
After successful auth, proceed to snowflake-hello-world for your first query.