@@ -4,7 +4,12 @@ A Model Context Protocol (MCP) server for performing read-only operations agains
44
55## Features
66
7- - Secure connection to Snowflake using service account authentication with private key
7+ - Flexible authentication to Snowflake using either:
8+ - Service account authentication with private key
9+ - External browser authentication for interactive sessions
10+ - Connection pooling with automatic background refresh to maintain persistent connections
11+ - Support for querying multiple views and databases in a single session
12+ - Support for multiple SQL statement types (SELECT, SHOW, DESCRIBE, EXPLAIN, WITH)
813- MCP-compatible handlers for querying Snowflake data
914- Read-only operations with security checks to prevent data modification
1015- Support for Python 3.12+
@@ -18,14 +23,16 @@ The server provides the following tools for querying Snowflake:
1823- ** list_views** : List all views in a specified database and schema
1924- ** describe_view** : Get detailed information about a specific view including columns and SQL definition
2025- ** query_view** : Query data from a view with an optional row limit
21- - ** execute_query** : Execute custom read-only SQL queries (SELECT only ) with results formatted as markdown tables
26+ - ** execute_query** : Execute custom read-only SQL queries (SELECT, SHOW, DESCRIBE, EXPLAIN, WITH ) with results formatted as markdown tables
2227
2328## Installation
2429
2530### Prerequisites
2631
2732- Python 3.12 or higher
28- - A Snowflake account with a configured service account (username + private key)
33+ - A Snowflake account with either:
34+ - A configured service account (username + private key), or
35+ - A regular user account for browser-based authentication
2936- [ uv] ( https://github.com/astral-sh/uv ) package manager (recommended)
3037
3138### Steps
@@ -41,16 +48,21 @@ The server provides the following tools for querying Snowflake:
4148 uv pip install -e .
4249```
4350
44- 3 . Create a ` .env ` file based on ` .env.example ` with your Snowflake credentials:
51+ 3 . Create a ` .env ` file with your Snowflake credentials:
52+
53+ Choose one of the provided example files based on your preferred authentication method:
54+
55+ ** For private key authentication** :
56+ ```
57+ cp .env.private_key.example .env
4558```
46- SNOWFLAKE_ACCOUNT=youraccount.region
47- SNOWFLAKE_USER=your_service_account_username
48- SNOWFLAKE_PRIVATE_KEY_PATH=/absolute/path/to/your/rsa_key.p8
49- SNOWFLAKE_WAREHOUSE=your_warehouse
50- SNOWFLAKE_DATABASE=your_database
51- SNOWFLAKE_SCHEMA=your_schema
52- SNOWFLAKE_ROLE=your_role
59+ Then edit the ` .env ` file to set your Snowflake account details and path to your private key.
60+
61+ ** For external browser authentication** :
62+ ```
63+ cp .env.browser.example .env
5364```
65+ Then edit the ` .env ` file to set your Snowflake account details.
5466
5567## Usage
5668
@@ -64,6 +76,8 @@ uv run snowflake-mcp
6476
6577This will start the stdio-based MCP server, which can be connected to Claude Desktop or any MCP client that supports stdio communication.
6678
79+ When using external browser authentication, a browser window will automatically open prompting you to log in to your Snowflake account.
80+
6781### Claude Desktop Integration
6882
69831 . In Claude Desktop, go to Settings → MCP Servers
@@ -92,13 +106,44 @@ When using with Claude, you can ask questions like:
92106- "Show me sample data from the REVENUE_BY_REGION view in the FINANCE database"
93107- "Run this SQL query: SELECT customer_id, SUM(order_total) as total_spend FROM SALES.ORDERS GROUP BY customer_id ORDER BY total_spend DESC LIMIT 10"
94108- "Query the MARKETING database to find the top 5 performing campaigns by conversion rate"
109+ - "Compare data from views in different databases by querying SALES.CUSTOMER_METRICS and MARKETING.CAMPAIGN_RESULTS"
110+
111+ ### Configuration
112+
113+ Connection pooling behavior can be configured through environment variables:
114+
115+ - ` SNOWFLAKE_CONN_REFRESH_HOURS ` : Time interval in hours between connection refreshes (default: 8)
116+
117+ Example ` .env ` configuration:
118+ ```
119+ # Set connection to refresh every 4 hours
120+ SNOWFLAKE_CONN_REFRESH_HOURS=4
121+ ```
122+
123+ ## Authentication Methods
124+
125+ ### Private Key Authentication
126+
127+ This method uses a service account and private key for non-interactive authentication, ideal for automated processes.
128+
129+ 1 . Create a key pair for your Snowflake user following [ Snowflake documentation] ( https://docs.snowflake.com/en/user-guide/key-pair-auth )
130+ 2 . Set ` SNOWFLAKE_AUTH_TYPE=private_key ` in your ` .env ` file
131+ 3 . Provide the path to your private key in ` SNOWFLAKE_PRIVATE_KEY_PATH `
132+
133+ ### External Browser Authentication
134+
135+ This method opens a browser window for interactive authentication.
136+
137+ 1 . Set ` SNOWFLAKE_AUTH_TYPE=external_browser ` in your ` .env ` file
138+ 2 . When you start the server, a browser window will open asking you to log in
139+ 3 . After authentication, the session will remain active for the duration specified by your Snowflake account settings
95140
96141## Security Considerations
97142
98143This server:
99- - Enforces read-only operations (only SELECT statements are allowed)
144+ - Enforces read-only operations (only SELECT, SHOW, DESCRIBE, EXPLAIN, and WITH statements are allowed)
100145- Automatically adds LIMIT clauses to prevent large result sets
101- - Uses service account authentication for secure connections
146+ - Uses secure authentication methods for connections to Snowflake
102147- Validates inputs to prevent SQL injection
103148
104149⚠️ ** Important** : Keep your ` .env ` file secure and never commit it to version control. The ` .gitignore ` file is configured to exclude it.
@@ -123,6 +168,12 @@ ruff check .
123168ruff format .
124169```
125170
171+ ### Running Tests
172+
173+ ```
174+ pytest
175+ ```
176+
126177## Contributing
127178
128179Contributions are welcome! Please feel free to submit a Pull Request.
0 commit comments