Connect to Snowflake

Snowflake connectivity is bundled with Omniscope -  you will be able to connect to Snowflake as seen here:

Key-pair authentication

The example above uses a password. If your Snowflake account prevents this, and you are unable to use a LEGACY_SERVICE user account type, you should configure key-pair authentication.

Follow the Snowflake docs on Key-pair authentication.  If using older builds of Omniscope 2025.1 or earlier, you will need to generate and store securely an unencrypted private key. From late March 2025, Omniscope 2025.1 supports password-protected private keys without any additional steps needed.

You'll need to add the public key to the user in Snowflake using an ALTER USER statement. It is recommended that you use a user of type SERVICE for this, too. 

You'll also need to be sure that you are using a recent Snowflake JDBC driver. Omniscope comes bundled with this unless you are using an older version. 

(If you are supplying the driver yourself, be sure to pick the regular Snowflake JDBC driver, and not the "thin" one. And be careful; their download page does not list the versions in natural order, you will need to hunt to find the latest one.)

In this example we're using a private key file on the Omniscope server. This should be outside of the sharing folder, perhaps in a special folder designated for private keys created using Project Resource Access in Admin.

Note the use of private_key_file rather than password, for authentication. The value is the full path on the Omniscope server to the private key created following the Snowflake documentation.

Encrypted private keys

The screenshot above is for an unencrypted private key. If it's encrypted, you'll also want to supply a private_key_file_pwd secret property, containing the password you entered when you generated the key pair:

Base64-encoded inline private keys

It is also possible to provide the contents of the private key inline, without needing to store the file on the server. The key must be stored encrypted, as a secret, within the project. (Note that when sharing projects by downloading them from the server, any embedded secrets such as this are cleared.) 

To do this you must use private_key_base64 instead of private_key_file, together with private_key_file_pwd if the key was encrypted. Be sure to tick the padlock for both options as shown below. 

To generate the base64 encoded private key, use a terminal command such as:

cat rsa_key.p8 | base64

or on Windows

type rsa_key.p8 | openssl base64

and copy the long gibberish output into the value option for private_key_base64.

Also see further documentation on these parameters.

Troubleshooting

Snowflake JDBC errors are very difficult to read. Here's a guide.

• If you see "Invalid parameter value null for parameter type {1}", it typically means the private key file is not present at the configured path. Double-check the private_key_file value is correct, from the perspective of the Omniscope server installation.
• If you see "JWT token is invalid", it typically means the private key is a different one to the user account in Snowflake. Either you have the wrong user account, or you have not performed the ALTER USER step to set the RSA public key correctly or for the latest key generation.
• If you see "Private key provided is invalid or not supported: java.security.InvalidKeyException: IOException : DER input, Integer tag error" or similar, it typically means you are using an encrypted key and have not supplied a password via the "private_key_file_pwd" parameter.
• If you see "Private key provided is invalid or not supported: PBE parameter parsing error: expecting the object identifier for AES cipher" it typically means you are using an encrypted key and need an updated version of Omniscope to support that. Encrypted keys were supported in 2025.1 from late March 2025.
• If you see "Private key provided is invalid or not supported: net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.io.InvalidCipherTextIOException: Error finalising cipher" it typically means you have entered an incorrect private key password.

Older instructions for Omniscope 2023 (JDBC driver configuration)

To make older versions of Omniscope able to connect to a Snowflake database it is first necessary to upload the jdbc driver in the admin app. This is a necessary step the first time Omniscope needs to connect to a Snowflake database, or when the Snowflake jdbc driver itself needs to be updated.

If the jdbc driver is not configured, Omniscope will be unable to connect to Snowflake, and it will show an error like in the in the image below.

To configure the jdbc driver for Snowflake navigate to the Admin app, then open the 'Database Drivers' section:

Next, scroll to the Snowflake section, and follow the download link:

In the new tab, scroll to the very bottom and follow the link associated to the latest version of the jdbc driver (3.9.2 at the time of writing ).

In the new tab you need to select the file called snowflake-jdbc-<version>.jar 

where <version> is the latest version of the jdbc driver. In the scenario below, the file needed is snowflake-jdbc-3.9.2.jar.

Important: Make sure to download the correct file here (i.e., the one with a jar extension, and not a -javadoc, -sources, -tests suffix) otherwise Omniscope will not be able to connect.  

To upload the jdbc driver to Omniscope go back to the 'Database Drivers' section of the Admin app, scroll to the top of the page, select 'Snowflake' in the 'Database' dropdown, and chose the file downloaded earlier.

Finally click 'Upload' to upload the driver:

After the jdbc driver has been uploaded, Omniscope will be able to use it to connect to Snowflake: