Flitch
Integrations

Snowflake

Connect a Snowflake warehouse with OAuth or key pair auth.

Reads tables and views. Two auth methods: Snowflake OAuth (per user) and key pair (service accounts).

Data connections

A workspace admin sets up authentication at Settings → Data connections. One-time setup per auth method:

  • Snowflake OAuth: create a Snowflake security integration, then register the Client ID and Client Secret.
  • Key pair: register the key pair credentials.

Add a source

After Data connections is set up, each team member can add a Snowflake connection from the Data page.

Open the form

Go to DataAddSnowflake, pick OAuth.

Enter the account

Format account.region.cloud (e.g. xy12345.eu-west-1.aws).

Enter the warehouse

Required.

Optional advanced fields

Database, Schema, Role scope visibility further. Leave blank to use account defaults.

Sign in with Snowflake

A popup completes OAuth.

Pick datasets

Tick the tables and views to expose.

OAuth uses your Snowflake user's permissions.

Use a dedicated user with an RSA key pair.

Generate the key pair

openssl genrsa 2048 | openssl pkcs8 -topk8 -inform PEM -out flitch_key.p8 -nocrypt
openssl rsa -in flitch_key.p8 -pubout -out flitch_key.pub

Create the Snowflake user

CREATE USER flitch_reader
  RSA_PUBLIC_KEY = 'MIIBIjANBgkq...'
  DEFAULT_ROLE = FLITCH_READER
  DEFAULT_WAREHOUSE = COMPUTE_WH;

Strip the BEGIN/END PUBLIC KEY lines and line breaks from the public key before pasting.

Grant read access

GRANT USAGE ON WAREHOUSE COMPUTE_WH TO ROLE FLITCH_READER;
GRANT USAGE ON DATABASE my_db TO ROLE FLITCH_READER;
GRANT USAGE ON SCHEMA my_db.public TO ROLE FLITCH_READER;
GRANT SELECT ON ALL TABLES IN SCHEMA my_db.public TO ROLE FLITCH_READER;
GRANT SELECT ON FUTURE TABLES IN SCHEMA my_db.public TO ROLE FLITCH_READER;
GRANT SELECT ON ALL VIEWS IN SCHEMA my_db.public TO ROLE FLITCH_READER;

Fill the Flitch form

Go to DataAddSnowflake, pick Key pair:

  • Account identifier: account.region.cloud.
  • Username: flitch_reader.
  • Warehouse: required.
  • Database, Schema, Role: optional.
  • Private key: full PEM, including BEGIN/END lines.
  • Key passphrase: only if you encrypted the key.

Test and save

Private key is encrypted at rest.

Refresh

Refresh is off by default. Every dashboard load runs a live query. Enable refresh to schedule a background refresh and serve from cache between runs. See Refresh.

Longer refresh intervals mean fewer warehouse wake-ups with AUTO SUSPEND, which keeps credit usage down.

Limits

  • VARIANT, OBJECT, ARRAY parsed as JSON.
  • TIME returned as strings.
  • Geographical types as text. For maps, expose latitude and longitude as separate columns.

Troubleshooting

Authentication failed. OAuth: integration may be disabled in Snowflake. Key pair: check the public key on the user and USAGE on the warehouse.

Insufficient privileges. Grant SELECT on the table to the role.

Slow first query. Suspended warehouse resuming. Subsequent queries are fast.

File upload

Drop CSV, Excel, JSON, JSONL, or XML files directly into Flitch.

BigQuery

Connect Google BigQuery with OAuth or a service account.

On this page

Data connectionsAdd a sourceOpen the formEnter the accountEnter the warehouseOptional advanced fieldsSign in with SnowflakePick datasetsGenerate the key pairCreate the Snowflake userGrant read accessFill the Flitch formTest and saveRefreshLimitsTroubleshooting