Snowflake Connector
Connect DB Audit to Snowflake for comprehensive query monitoring, access tracking, and compliance reporting with native ACCOUNT_USAGE schema integration.
ACCOUNT_USAGE Native
Direct access to Snowflake audit views
Key Pair Auth
Secure RSA key authentication
Zero Performance Impact
Reads from system views only
What You Can Monitor
Query History Monitoring
Track every SQL query with full query text, execution stats, warehouse usage, and user attribution.
Access Control Tracking
Monitor role grants, user creation, privilege changes, and authentication events.
Data Access Patterns
Analyze which users are accessing which tables and detect unusual data access patterns.
Cost & Usage Analysis
Track warehouse usage, credit consumption, and data transfer for security and cost correlation.
Requirements
Configuration Reference
Basic Connection
| Field | Type | Required | Description |
|---|---|---|---|
name | string | Yes | A unique name to identify this connection |
account | string | Yes | Snowflake account identifier (e.g., xy12345.us-east-1) |
warehouse | string | Yes | Default warehouse for running queries |
database | string | No | Default database to connect to |
schema | string | No | Default schema |
username | string | Yes | Snowflake username |
password | password | No | Snowflake password (if using password auth) |
Key Pair Authentication (Recommended)
| Field | Type | Description |
|---|---|---|
private_key | password | RSA private key for key pair authentication |
private_key_path | string | Path to RSA private key file |
private_key_passphrase | password | Passphrase for encrypted private key |
Log Collection
| Field | Type | Default | Description |
|---|---|---|---|
log_collection_type | select | native_audit | Method for collecting audit logs |
polling_interval | number | 60 | Seconds between log collection polls |
history_days | number | 7 | Days of query history to retain |
Log Collection Methods
DB Audit collects audit data from Snowflake's built-in ACCOUNT_USAGE views.
QUERY_HISTORY View
RecommendedCollect query metadata from Snowflake's QUERY_HISTORY view in ACCOUNT_USAGE schema.
ACCESS_HISTORY View
Track column-level access patterns using ACCESS_HISTORY (Enterprise Edition required).
Create Audit User & Role
Create a dedicated read-only user with access to ACCOUNT_USAGE schema.
-- Create a dedicated role for DB Audit
USE ROLE ACCOUNTADMIN;
CREATE ROLE IF NOT EXISTS DBAUDIT_READER;
-- Grant access to ACCOUNT_USAGE schema (query history, access history)
GRANT IMPORTED PRIVILEGES ON DATABASE SNOWFLAKE TO ROLE DBAUDIT_READER;
-- Create the audit user
CREATE USER IF NOT EXISTS DBAUDIT_USER
PASSWORD = 'your_secure_password'
DEFAULT_ROLE = DBAUDIT_READER
DEFAULT_WAREHOUSE = COMPUTE_WH
MUST_CHANGE_PASSWORD = FALSE;
-- Grant the role to the user
GRANT ROLE DBAUDIT_READER TO USER DBAUDIT_USER;
-- Grant warehouse usage (use a small warehouse for cost efficiency)
CREATE WAREHOUSE IF NOT EXISTS DBAUDIT_WH
WAREHOUSE_SIZE = 'X-SMALL'
AUTO_SUSPEND = 60
AUTO_RESUME = TRUE
INITIALLY_SUSPENDED = TRUE;
GRANT USAGE ON WAREHOUSE DBAUDIT_WH TO ROLE DBAUDIT_READER;Configure Key Pair Auth (Recommended)
For production, use RSA key pair authentication instead of passwords.
# Generate RSA key pair for authentication (recommended)
# Generate private key
openssl genrsa 2048 | openssl pkcs8 -topk8 -inform PEM -out rsa_key.p8 -nocrypt
# Generate public key
openssl rsa -in rsa_key.p8 -pubout -out rsa_key.pub
# Assign public key to Snowflake user
# In Snowflake:
ALTER USER DBAUDIT_USER SET RSA_PUBLIC_KEY='MIIBIjANBgkq...';
# Verify key assignment
DESC USER DBAUDIT_USER;Configure DB Audit Collector
Add your Snowflake account to the DB Audit configuration.
databases:
- name: production-snowflake
type: snowflake
account: xy12345.us-east-1
warehouse: DBAUDIT_WH
database: SNOWFLAKE
schema: ACCOUNT_USAGE
username: DBAUDIT_USER
# Authentication (use key pair for production)
# Option 1: Password
password: ${SNOWFLAKE_PASSWORD}
# Option 2: Key Pair (recommended)
# private_key_path: /etc/dbaudit/certs/rsa_key.p8
# private_key_passphrase: ${SNOWFLAKE_KEY_PASSPHRASE}
# Connection settings
connect_timeout: 30
query_timeout: 300
# Monitoring options
options:
track_queries: true
track_logins: true
track_access_history: true
history_days: 7Test Connection
Verify your configuration before deploying.
# Test connection with SnowSQL
snowsql -a xy12345.us-east-1 -u DBAUDIT_USER -w DBAUDIT_WH
# Test query history access
SELECT COUNT(*) FROM SNOWFLAKE.ACCOUNT_USAGE.QUERY_HISTORY
WHERE START_TIME >= DATEADD(day, -1, CURRENT_TIMESTAMP());
# Test with key pair
snowsql -a xy12345.us-east-1 -u DBAUDIT_USER \
--private-key-path rsa_key.p8 -w DBAUDIT_WH
# Verify DB Audit collector can connect
dbaudit-collector test-connections --config /etc/dbaudit/config.yamlCompliance Support
DB Audit's Snowflake connector helps you meet audit requirements for major compliance frameworks.
Troubleshooting
Incorrect username or password
Verify credentials. If using key pair auth, ensure the public key is correctly assigned to the user.
Access denied to ACCOUNT_USAGE
Ensure the role has IMPORTED PRIVILEGES on the SNOWFLAKE database. Run: GRANT IMPORTED PRIVILEGES ON DATABASE SNOWFLAKE TO ROLE role_name;
Query returns no data
ACCOUNT_USAGE views have a latency of up to 45 minutes. For real-time data, use INFORMATION_SCHEMA views (limited history).
Ready to Audit Your Snowflake Data Cloud?
Start monitoring your Snowflake account in minutes with native ACCOUNT_USAGE integration.