Connection String Options
The connection string properties are the various options that can be used to establish a connection. This section provides a complete list of the options you can configure in the connection string for this provider. Click the links for further details.
For more information on establishing a connection, see Establishing a Connection.
| Property | Description |
| AuthScheme | Specifies the authentication scheme used to establish a connection to Snowflake. It determines the authentication mechanism required for validating the user's identity and allows integration with various SSO and OAuth providers. Accepted entries are Password, OKTA, AzureAD, AzureMSI, PingFederate, PrivateKey, OAuth, OAuthClient, OAuthAzureAD, OAuthClientAzureAD, OAuthOKTA, OAuthClientOKTA, OAuthOther, OAuthClientOther, OAuthJWT or ExternalBrowser. |
| Account | The Snowflake account identifier used to connect to a Snowflake instance. The account identifier is usually derived from the URL automatically. |
| Warehouse | Specifies the name of the Snowflake warehouse to be used for query execution. A warehouse in Snowflake is a virtual compute resource that provides the necessary processing power to perform operations such as data loading, querying, and analytics. |
| User | Specifies the username used for authenticating with the Snowflake database. The username is required for establishing a successful connection, regardless of the authentication method being used (Password, OKTA, PrivateKey, AzureAD, or OAuth). |
| Password | Specifies the user's password used for authenticating with Snowflake. This property is required when using password-based authentication methods, including Password, PingFederate, and OKTA. |
| URL | Set this property to the URL of your Snowflake database instance. This URL is required for establishing a connection to your Snowflake environment and should follow the standard format provided by Snowflake. The URL is typically structured as follows: https://orgname-myaccount.snowflakecomputing.com. |
| MFAPasscode | Provides a Multi-Factor Authentication (MFA) code when connecting to Snowflake. This code is required when MFA is enabled for your Snowflake account and you are using time-based one-time passwords (TOTP) or push-based authentication methods. |
| RoleName | Specifies the role assigned to the Snowflake user during authentication. This property determines the access privileges and permissions the user has when executing queries and managing resources in Snowflake. |
| CredentialsLocation | Specifies the location of the settings file where credentials are stored for authenticating with Snowflake. This property allows users to provide a custom path to a credentials file or use the default location if not specified. Storing credentials in a file ensures that sensitive information can be securely managed outside of the connection string. |
| AzureResource | Specifies the Azure Active Directory (Azure AD) resource identifier to authenticate against when using Azure Managed Service Identity (MSI) Authscheme . This property is required when the Azure VM or application is configured to use Azure MSI to access Snowflake. |
| Property | Description |
| UseVirtualHosting | If true (default), buckets will be referenced in the request using the hosted-style request: http://yourbucket.s3.amazonaws.com/yourobject. If set to false, the bean will use the path-style request: http://s3.amazonaws.com/yourbucket/yourobject. Note that this property will be set to false, in case of an S3 based custom service when the CustomURL is specified. |
| Property | Description |
| AzureTenant | Identifies the Snowflake tenant being used to access data. Accepts either the tenant's domain name (for example, contoso.onmicrosoft.com ) or its directory (tenant) ID. |
| Property | Description |
| ProofKey | Specifies the Proof Key used for Single Sign-On (SSO) authentication with Snowflake when integrating with external Identity Providers (IdPs) such as Azure AD and PingFederate. This value is typically generated during the OAuth 2.0 Authorization Code Flow. |
| ExternalToken | Specifies the OAuth or SSO token used for authentication with Snowflake. This property is required when performing Single Sign-On (SSO) or OAuth-based authentication with external identity providers like Azure AD or PingFederate. |
| SSOProperties | Specifies additional properties required to connect to the identity provider (IdP). These properties are provided as a semicolon-separated list of key-value pairs, and are commonly used for Single Sign-On (SSO) authentication with Okta or other providers. |
| Property | Description |
| PrivateKey | Specifies the private key used for Key Pair Authentication when connecting to Snowflake. This property allows authentication via a public-private key pair, providing a highly secure alternative to standard password-based authentication. The PrivateKeyType field specifies the type of the certificate store specified by PrivateKey . |
| PrivateKeyPassword | Specifies the password used to decrypt the private key when using Key Pair Authentication with Snowflake. This property is required when the private key file is encrypted with a password for added security. |
| PrivateKeyType | Specifies the type of key store or format containing the private key used for Key Pair Authentication with Snowflake. This property allows the user to choose from various formats and storage mechanisms for supplying the private key. |
| PrivateKeySubject | Specifies the subject name of the certificate containing the private key used for Key Pair Authentication with Snowflake. This property is necessary when the PrivateKeyType is set to USER or MACHINE, indicating that the private key is stored in a certificate store rather than a file or PEM blob. |
| Property | Description |
| InitiateOAuth | Specifies the process for obtaining or refreshing the OAuth access token, which maintains user access while an authenticated, authorized user is working. |
| OAuthClientId | Specifies the client ID (also known as the consumer key) assigned to your custom OAuth application. This ID is required to identify the application to the OAuth authorization server during authentication. |
| OAuthClientSecret | Specifies the client secret assigned to your custom OAuth application. This confidential value is used to authenticate the application to the OAuth authorization server. (Custom OAuth applications only.). |
| OAuthAccessToken | Specifies the OAuth access token used to authenticate requests to the data source. This token is issued by the authorization server after a successful OAuth exchange. |
| CallbackURL | The CallbackURL property specifies the redirect URI (callback URL) used in OAuth authentication flows when connecting to Snowflake. This property is required for external OAuth-based authentication, ensuring that after authentication, the user is redirected correctly. |
| State | Specifies an optional state parameter used during the OAuth authorization process. This value serves as a mechanism to preserve the application's state between the authorization request and the redirect response. It is commonly used to prevent Cross-Site Request Forgery (CSRF) attacks by validating the authenticity of the request upon receiving the callback. |
| OAuthSettingsLocation | Specifies the location of the settings file where OAuth values are saved. |
| Scope | Determines the OAuth scopes that the application requests from Snowflake. Setting appropriate scopes defines the permissions that the application will be granted during the OAuth authorization process. |
| OAuthAuthorizationURL | The authorization URL for the OAuth service. |
| OAuthAccessTokenURL | The URL from which the OAuth access token is retrieved. |
| OAuthVerifier | Specifies a verifier code returned from the OAuthAuthorizationURL . Used when authenticating to OAuth on a headless server, where a browser can't be launched. Requires both OAuthSettingsLocation and OAuthVerifier to be set. |
| PKCEVerifier | Specifies the Proof Key for Code Exchange (PKCE) Verifier used during the OAuth 2.0 PKCE authentication flow. It is used as input when calling GetOAuthAccessToken . This random value is required when obtaining an access token from the authorization server after the initial authorization code is provided. |
| OAuthRefreshToken | Specifies the OAuth refresh token used to request a new access token after the original has expired. |
| OAuthExpiresIn | Specifies the duration in seconds, of an OAuth Access Token's lifetime. The token can be reissued to keep access alive as long as the user keeps working. |
| OAuthTokenTimestamp | Displays a Unix epoch timestamp in milliseconds that shows how long ago the current access token was created. |
| Property | Description |
| OAuthJWTCert | Supplies the name of the client certificate's JWT Certificate store. |
| OAuthJWTCertType | Identifies the type of key store containing the JWT Certificate. |
| OAuthJWTCertPassword | Provides the password for the OAuth JWT certificate used to access a password-protected certificate store. If the certificate store does not require a password, leave this property blank. |
| OAuthJWTCertSubject | Identifies the subject of the OAuth JWT certificate used to locate a matching certificate in the store. Supports partial matches and the wildcard '*' to select the first certificate. |
| Property | Description |
| SSLServerCert | Specifies the certificate to be accepted from the server when connecting using TLS/SSL. |
| Property | Description |
| FirewallType | Specifies the protocol the provider uses to tunnel traffic through a proxy-based firewall. |
| FirewallServer | Identifies the IP address, DNS name, or host name of a proxy used to traverse a firewall and relay user queries to network resources. |
| FirewallPort | Specifies the TCP port to be used for a proxy-based firewall. |
| FirewallUser | Identifies the user ID of the account authenticating to a proxy-based firewall. |
| FirewallPassword | Specifies the password of the user account authenticating to a proxy-based firewall. |
| Property | Description |
| ProxyAutoDetect | Specifies whether the provider checks your system proxy settings for existing proxy server configurations, rather than using a manually specified proxy server. |
| ProxyServer | Identifies the hostname or IP address of the proxy server through which you want to route HTTP traffic. |
| ProxyPort | Identifies the TCP port on your specified proxy server that has been reserved for routing HTTP traffic to and from the client. |
| ProxyAuthScheme | Specifies the authentication method the provider uses when authenticating to the proxy server specified in the ProxyServer connection property. |
| ProxyUser | Provides the username of a user account registered with the proxy server specified in the ProxyServer connection property. |
| ProxyPassword | Specifies the password of the user specified in the ProxyUser connection property. |
| ProxySSLType | Specifies the SSL type to use when connecting to the proxy server specified in the ProxyServer connection property. |
| ProxyExceptions | Specifies a semicolon-separated list of destination hostnames or IPs that are exempt from connecting through the proxy server set in the ProxyServer connection property. |
| Property | Description |
| Logfile | Specifes the file path to the log file where the provider records its activities, such as authentication, query execution, and connection details. |
| Verbosity | Specifies the verbosity level of the log file, which controls the amount of detail logged. Supported values range from 1 to 5. |
| LogModules | Specifies the core modules to include in the log file. Use a semicolon-separated list of module names. By default, all modules are logged. |
| MaxLogFileSize | Specifies the maximum size of a single log file in bytes. For example, '10 MB'. When the file reaches the limit, the provider creates a new log file with the date and time appended to the name. |
| MaxLogFileCount | Specifies the maximum number of log files the provider retains. When the limit is reached, the oldest log file is deleted to make space for a new one. |
| Property | Description |
| Location | Specifies the location of a directory containing schema files that define tables, views, and stored procedures. Depending on your service's requirements, this may be expressed as either an absolute path or a relative path. |
| BrowsableSchemas | Optional setting that restricts the schemas reported to a subset of all available schemas. For example, BrowsableSchemas=SchemaA,SchemaB,SchemaC . |
| Tables | Optional setting that restricts the tables reported to a subset of all available tables. For example, Tables=TableA,TableB,TableC . |
| Views | Optional setting that restricts the views reported to a subset of the available tables. For example, Views=ViewA,ViewB,ViewC . |
| Database | The default database to use for the session when connecting to Snowflake. All SQL queries executed during the session target this database by default. |
| Schema | Specifies the schema within the Snowflake database to which the connection will be made. Providing a schema name helps narrow down the scope of database objects being accessed, improving performance when retrieving metadata and executing queries. |
| Property | Description |
| AutoCache | Specifies whether the content of tables targeted by SELECT queries is automatically cached to the specified cache database. |
| CacheProvider | The namespace of an ADO.NET provider. The specified provider is used as the target database for all caching operations. |
| CacheDriver | The driver class of a JDBC driver. The specified driver is used to connect to the target database for all caching operations. |
| CacheConnection | Specifies the connection string for the specified cache database. |
| CacheLocation | Specifies the path to the cache when caching to a file. |
| CacheTolerance | Notes the tolerance, in seconds, for stale data in the specified cache database. Requires AutoCache to be set to True. |
| Offline | Gets the data from the specified cache database instead of live Snowflake data. |
| CacheMetadata | Determines whether the provider caches table metadata to a file-based cache database. |
| Property | Description |
| AllowPreparedStatement | Determines whether prepared statements are allowed when executing queries in Snowflake. |
| AllowUserVariables | Determines whether user-defined variables (prefixed by an $) can be used in SQL queries executed through the connection. |
| ApplicationName | Specifies the name of the application making the connection to Snowflake. This property sets the HTTP User-Agent header for the connection, allowing Snowflake to identify and log queries by application name. |
| AsyncQueryTimeout | Specifies the maximum duration, in seconds, that the provider will wait for an asynchronous request to complete when downloading large result sets. Asynchronous requests are typically used for executing complex queries or retrieving large datasets where immediate results are not expected. This property ensures that long-running operations do not hang indefinitely. |
| BatchMode | Specifies the batch operation mode for executing bulk data operations in Snowflake. This property determines whether the connection should use Binding API or Upload API based on the size of the data being processed. |
| BindingType | Specifies the binding type used for handling Date, Time, and Timestamp_* data types during data insertion operations. This property ensures consistent handling of temporal data when using different APIs for data ingestion. |
| ClientTimestampNTZTimezone | Controls how to handle the Timestamp_NTZ value since the Timestamp_NTZ type is a value without time zone. |
| CustomStage | Specifies the name of a custom stage to be used during bulk write operations in Snowflake. This can be either an internal stage (stored within Snowflake) or an external stage (hosted on cloud services like AWS S3 or Azure Blob Storage). |
| ExternalStageAWSAccessKey | Specifies the AWS Access Key ID used to authenticate with an AWS S3 external stage during bulk write operations in Snowflake. This property is necessary when using a CustomStage that references an AWS S3 bucket. |
| ExternalStageAWSSecretKey | Specifies the AWS Secret Access Key associated with your AWS Access Key ID ( ExternalStageAWSAccessKey ). This property is required for authenticating access to AWS S3 external stages during bulk write operations in Snowflake. |
| ExternalStageAzureSASToken | Specifies the Azure Blob Storage Shared Access Signature (SAS) token used to authenticate access to an Azure Blob Storage external stage. This property allows Snowflake to interact with Azure Blob Storage containers or objects for bulk data operations. This property is necessary when using a CustomStage that references an Azure location. |
| IgnoreCase | Controls whether case sensitivity is ignored for object names (for example, databases, schemas, tables, and columns) when executing SQL queries. |
| IncludeTableTypes | Specifies whether the Snowflake connection reports the types of individual tables and views during metadata retrieval. When enabled, the connection returns detailed information about whether objects are standard tables, views, or materialized views. |
| MaxRows | Specifies the maximum number of rows returned for queries that do not include either aggregation or GROUP BY. |
| MaxThreads | Specifies the number of concurrent requests. |
| MergeDelete | A Boolean property that determines whether batch DELETE statements are automatically converted to MERGE statements. This applies only when the DELETE statement’s WHERE clause exclusively contains the table’s primary key fields combined using the AND logical operator. When enabled, Snowflake attempts to handle deletions more efficiently by using the MERGE mechanism instead of standard batch deletion. |
| MergeInsert | A Boolean property that determines whether INSERT statements are automatically converted to MERGE statements when executed. This property is applicable only when the INSERT operation includes a table’s primary key field. When enabled, Snowflake attempts to upsert records by merging incoming data with existing rows if a primary key conflict occurs, rather than performing a simple insert operation. |
| MergeUpdate | A Boolean property that determines whether batch UPDATE statements are automatically converted to MERGE statements. This applies only when the UPDATE statement’s WHERE clause exclusively includes the table’s primary key fields combined using the AND logical operator. When enabled, Snowflake optimizes updates by leveraging the MERGE mechanism instead of standard batch updates. |
| Other | Specifies additional hidden properties for specific use cases., to be used only when our Support team advises it, to address specific issues. See Remarks for details. |
| QueryPassthrough | This option passes the query to the Snowflake server as is. |
| Readonly | Toggles read-only access to Snowflake from the provider. |
| RetryOnChunkTimeout | Specifies whether the connection should retry downloading data chunks from Snowflake when a network issue or timeout occurs. |
| RTK | Specifies the runtime key for licensing the provider. If unset or invalid, the provider defaults to the standard licensing method. This property is only required in environments where the standard licensing method is unsupported or requires a runtime key. |
| S3Domain | Specifies the URI of the Amazon S3 bucket used as the Snowflake S3 stage. This property is required when defining external stages for data loading and unloading between Snowflake and S3. |
| SessionIdleTimeout | Specifies the timeout duration, in minutes, for idle sessions. This setting corresponds to Snowflake's session policy parameter 'SESSION_IDLE_TIMEOUT_MINS'. The default value is 240 minutes, meaning a session is terminated if it remains inactive for more than four hours. |
| SessionParameters | Specifies additional session parameters to customize the behavior of the Snowflake connection. These parameters are passed as a semicolon-separated list of key-value pairs. Common use cases include setting query tags or modifying identifier handling settings. |
| Timeout | Specifies the maximum time, in seconds, that the provider waits for a server response before throwing a timeout error. |