Skip to main content

SOLE Connection Parameters

To connect to the Snowflake account, SOLE requires the following details:

Account

This is the name of the Snowflake account where SOLE operates. Its value is set in the variable DATAOPS_SOLE_ACCOUNT. However, if there is no value in this variable, SOLE tries to obtain the value from the DataOps Vault at the path SNOWFLAKE.SOLE.ACCOUNT. As the Using the DataOps Vault section in the Core Concepts doc describes, SOLE can fetch the Snowflake account value from the DataOps Vault to prevent exposing credentials in the SOLE configuration.

tip

The full account name and region, such as eu-west-2 must be defined in DATAOPS_SOLE_ACCOUNT. You can also use organizational short names and region-less account names in DATAOPS_SOLE_ACCOUNT.

You can execute the following query to get the regionless account name for your Snowflake account:

SELECT system$whitelist()

This query returns a JSON result with a key SNOWFLAKE_DEPLOYMENT_REGIONLESS with its value formatted as abcdef-qwerty.snowflakecomputing.com.

note

The complete abcdef-qwerty part can also be specified as the DATAOPS_SOLE_ACCOUNT.

Role

The role which runs the Snowflake queries is the role associated with the Snowflake user, defined in DATAOPS_SOLE_USERNAME. This value is stored in the variable DATAOPS_SOLE_ROLE and must be specified even if the role is the default role for the Snowflake user.

If this value is not located in this variable, SOLE tries to retrieve the value from the DataOps vault path SNOWFLAKE.SOLE.ROLE.

As described in the account section, SOLE can fetch the Snowflake role from the DataOps Vault to prevent exposing credentials in the SOLE configuration.

Warehouse

The Snowflake warehouse used to run queries for SOLE Grant Management is defined in DATAOPS_SOLE_WAREHOUSE.

This is an optional configuration. If it is not defined, SOLE Grant Management assumes that the user specified in DATAOPS_SOLE_USERNAME has a default warehouse set.

This value is set in the variable DATAOPS_SOLE_WAREHOUSE. If the value is not stored in this variable, SOLE tries to retrieve it from the DataOps vault path SNOWFLAKE.SOLE.WAREHOUSE. If this vault path does not exist, SOLE Grant Management runs queries assuming that the default warehouse is set.

As described in the account section, SOLE can fetch the Snowflake warehouse from the DataOps Vault to prevent exposing credentials in the SOLE configuration.

Authentication

Password Based Authentication

Username

This variable is the username that SOLE uses to connect to the account specified in DATAOPS_SOLE_ACCOUNT.

Its value is stored in the variable DATAOPS_SOLE_USERNAME. And if the value is not present in this variable, SOLE tries to retrieve the value from the DataOps vault path SNOWFLAKE.SOLE.USERNAME.

As described in the account section, SOLE can fetch the Snowflake username from the DataOps Vault to prevent exposing credentials in the SOLE configuration.

Password

The password belonging to the specified username is stored in DATAOPS_SOLE_PASSWORD. If this value is not located in this variable, SOLE tries to retrieve the value from the DataOps vault path SNOWFLAKE.SOLE.PASSWORD.

As described in the account section, SOLE can fetch the Snowflake password from the DataOps Vault to prevent exposing credentials in the SOLE configuration.

Key Pair Based Authentication

SOLE implements Snowflake's key pair authentication rules and processes with the following as a foundation for SOLE and Snowflake key pair authentication:

In practice, key pair authentication support is enabled for SOLE and SOLE's grant management function.

Below is a quick summary of the supported parameters,

VariableRequiredDescription
DATAOPS_SNOWFLAKE_AUTHYesSet it to the KEY_PAIR value to enable key pair authentication support
DATAOPS_SNOWFLAKE_KEY_PAIRYesSpecify the key pair to be used
DATAOPS_SNOWFLAKE_PASSPHRASEOptionalThe passphrase for encrypted key-pair

To know more and how to configure it, see Key Pair Authentication