Claude-code-plugins-plus-skills snowflake-install-auth

install

source · Clone the upstream repo

git clone https://github.com/jeremylongshore/claude-code-plugins-plus-skills

Claude Code · Install into ~/.claude/skills/

T=$(mktemp -d) && git clone --depth=1 https://github.com/jeremylongshore/claude-code-plugins-plus-skills "$T" && mkdir -p ~/.claude/skills && cp -r "$T/plugins/saas-packs/snowflake-pack/skills/snowflake-install-auth" ~/.claude/skills/jeremylongshore-claude-code-plugins-plus-skills-snowflake-install-auth && rm -rf "$T"

manifest: plugins/saas-packs/snowflake-pack/skills/snowflake-install-auth/SKILL.md

Snowflake Install & Auth

Overview

Set up Snowflake drivers and configure authentication for Node.js (

snowflake-sdk

) and Python (

snowflake-connector-python

Prerequisites

Node.js 18+ or Python 3.9+

Snowflake account (format:

<orgname>-<account_name>

or legacy

<account_locator>.<region>

)

User with appropriate role granted

Instructions

Step 1: Install the Driver

# Node.js — official driver from snowflakedb
npm install snowflake-sdk

# Python — official connector
pip install snowflake-connector-python

# Python with pandas support
pip install "snowflake-connector-python[pandas]"

Step 2: Choose an Authentication Method

Method	Use Case	Env Vars Needed
Password	Quick dev setup	`SNOWFLAKE_ACCOUNT` , `SNOWFLAKE_USER` , `SNOWFLAKE_PASSWORD`
Key Pair	CI/CD, service accounts	`SNOWFLAKE_ACCOUNT` , `SNOWFLAKE_USER` , `SNOWFLAKE_PRIVATE_KEY_PATH`
External Browser SSO	Interactive dev	`SNOWFLAKE_ACCOUNT` , `SNOWFLAKE_USER`
OAuth	Enterprise SSO integration	`SNOWFLAKE_ACCOUNT` , `SNOWFLAKE_OAUTH_TOKEN`

Step 3a: Password Authentication

// src/snowflake/client.ts
import snowflake from 'snowflake-sdk';

const connection = snowflake.createConnection({
  account: process.env.SNOWFLAKE_ACCOUNT!,   // e.g. 'myorg-myaccount'
  username: process.env.SNOWFLAKE_USER!,
  password: process.env.SNOWFLAKE_PASSWORD!,
  warehouse: process.env.SNOWFLAKE_WAREHOUSE || 'COMPUTE_WH',
  database: process.env.SNOWFLAKE_DATABASE,
  schema: process.env.SNOWFLAKE_SCHEMA || 'PUBLIC',
  role: process.env.SNOWFLAKE_ROLE || 'PUBLIC',
});

connection.connect((err, conn) => {
  if (err) {
    console.error('Unable to connect:', err.message);
    return;
  }
  console.log('Connected as id:', conn.getId());
});

# src/snowflake_client.py
import snowflake.connector
import os

conn = snowflake.connector.connect(
    account=os.environ['SNOWFLAKE_ACCOUNT'],
    user=os.environ['SNOWFLAKE_USER'],
    password=os.environ['SNOWFLAKE_PASSWORD'],
    warehouse=os.environ.get('SNOWFLAKE_WAREHOUSE', 'COMPUTE_WH'),
    database=os.environ.get('SNOWFLAKE_DATABASE'),
    schema=os.environ.get('SNOWFLAKE_SCHEMA', 'PUBLIC'),
    role=os.environ.get('SNOWFLAKE_ROLE', 'PUBLIC'),
)
print(f"Connected: {conn.get_query_id()}")

Step 3b: Key Pair Authentication (Recommended for Automation)

# Generate 2048-bit RSA key pair
openssl genrsa 2048 | openssl pkcs8 -topk8 -inform PEM -out rsa_key.p8 -nocrypt
openssl rsa -in rsa_key.p8 -pubout -out rsa_key.pub

# Assign public key to Snowflake user
# Run in Snowflake worksheet:
# ALTER USER my_service_user SET RSA_PUBLIC_KEY='MIIBIj...';

import snowflake from 'snowflake-sdk';
import fs from 'fs';
import path from 'path';

const privateKey = fs.readFileSync(
  path.resolve(process.env.SNOWFLAKE_PRIVATE_KEY_PATH!),
  'utf-8'
);

const connection = snowflake.createConnection({
  account: process.env.SNOWFLAKE_ACCOUNT!,
  username: process.env.SNOWFLAKE_USER!,
  authenticator: 'SNOWFLAKE_JWT',
  privateKey: privateKey,
  warehouse: 'COMPUTE_WH',
  database: 'MY_DB',
  schema: 'PUBLIC',
});

from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.backends import default_backend

with open(os.environ['SNOWFLAKE_PRIVATE_KEY_PATH'], 'rb') as key_file:
    private_key = serialization.load_pem_private_key(
        key_file.read(), password=None, backend=default_backend()
    )

conn = snowflake.connector.connect(
    account=os.environ['SNOWFLAKE_ACCOUNT'],
    user=os.environ['SNOWFLAKE_USER'],
    private_key=private_key,
    warehouse='COMPUTE_WH',
    database='MY_DB',
    schema='PUBLIC',
)

Step 3c: External Browser SSO

const connection = snowflake.createConnection({
  account: process.env.SNOWFLAKE_ACCOUNT!,
  username: process.env.SNOWFLAKE_USER!,
  authenticator: 'EXTERNALBROWSER',
  warehouse: 'COMPUTE_WH',
});
// Opens browser for IdP login, returns token to driver

Step 4: Configure Environment

# .env (NEVER commit — add to .gitignore)
SNOWFLAKE_ACCOUNT=myorg-myaccount
SNOWFLAKE_USER=my_user
SNOWFLAKE_PASSWORD=my_password
SNOWFLAKE_WAREHOUSE=COMPUTE_WH
SNOWFLAKE_DATABASE=MY_DB
SNOWFLAKE_SCHEMA=PUBLIC
SNOWFLAKE_ROLE=SYSADMIN
SNOWFLAKE_PRIVATE_KEY_PATH=./rsa_key.p8

# .gitignore additions
.env
.env.local
rsa_key.p8
rsa_key.pub

Step 5: Verify Connection

connection.connect((err, conn) => {
  if (err) { console.error(err.message); return; }
  conn.execute({
    sqlText: 'SELECT CURRENT_WAREHOUSE(), CURRENT_DATABASE(), CURRENT_ROLE()',
    complete: (err, stmt, rows) => {
      if (err) { console.error(err.message); return; }
      console.log('Context:', rows?.[0]);
    },
  });
});

Error Handling

Error	Cause	Solution
`390100: Incorrect username or password`	Bad credentials	Verify user/password in Snowflake console
`390144: JWT token is invalid`	Wrong private key or expired	Regenerate key pair, re-assign public key
`390429: IP ... is not allowed to access Snowflake`	Network policy blocking	Add IP to network policy allowlist
`ECONNREFUSED` / `ENOTFOUND`	Wrong account identifier	Use format `orgname-accountname` (not URL)
`Could not connect to Snowflake backend`	Firewall or proxy	Allow outbound HTTPS to `*.snowflakecomputing.com`

Resources

Next Steps

After successful auth, proceed to

snowflake-hello-world

for your first query.