About UsCustomersResourcesGet Started for Free

Using Key Pair Authentication

Before you start

To connect Snowflake to Select Star, you will need:

  • Admin access to your Snowflake instance via the ACCOUNTADMIN role.

Complete the following steps to enable metadata, lineage, and popularity for your Snowflake data in Select Star.

  1. Get Public Key from Select Star

  2. Create a Select Star role and user in Snowflake

  3. Grant optional permissions

  4. Connect Snowflake to Select Star

  5. Choose databases and schemas

1. Get Public Key from Select Star

  1. Go to Data Sources in Select Star

    • Navigate to Settings > Data.

    • Click + Add to create a new data source.

  1. Select Snowflake as the Source Type

    • In the Source Type dropdown, choose Snowflake.

  1. Fill in the Connection Details Provide the following information:

    • Display Name:

      • Default is Snowflake. You can customize it if desired.

    • Account:

      • Your Snowflake account name (the part before .snowflakecomputing.com in your Snowflake URL).

    • Role:

      • The role you will grant to the service account user.

    • Warehouse:

      • The name of the data warehouse you will give us access to.

  2. Choose Key Pair Authentication

    • Select Key Pair as the authentication method.

  1. Copy the Public Key

    • Select Star generates a pair of keys: a public key and a private key.

    • The public key will be displayed on the screen along with a copy button. Use this button to copy the public key.

    • This public key is required for creating a user in Snowflake.

    • You can leave the form open, as you’ll return to it to complete the connection details after creating the Snowflake user.

2. Create Select Star Role and User in Snowflake

Use the ACCOUNTADMIN role and run the following SQL in your Snowflake instance. Replace <PUBLIC_KEY> with the copied public key from Select Star.

-- Required for basic metadata & query history access
CREATE ROLE selectstar_role;
GRANT IMPORTED PRIVILEGES ON DATABASE snowflake TO ROLE selectstar_role;
CREATE USER selectstar
    DEFAULT_ROLE = 'selectstar_role'
    TYPE = 'SERVICE'
    RSA_PUBLIC_KEY = '<PUBLIC_KEY>';  -- Replace with the copied public key
GRANT ROLE selectstar_role TO USER selectstar;
GRANT USAGE ON WAREHOUSE MED TO ROLE selectstar_role;

These are the minimum permissions required for Select Star to collect basic metadata and query history. Query history is also used to generate lineage.

3. Grant optional permissions

To enable Select Star’s Preview feature and access additional metadata—such as Primary Keys (PK) and Foreign Keys (FK) —you’ll need to grant the following permissions.

Using the ACCOUNTADMIN role, execute the following SQL for each database you want to ingest (example uses DWH as the database name):

use role ACCOUNTADMIN;
grant usage on database DWH to role selectstar_role;
grant usage on all schemas in database DWH to role selectstar_role;
grant select on all tables in database DWH to role selectstar_role;
grant select on all views in database DWH to role selectstar_role;
grant usage on future schemas in database DWH to role selectstar_role;
grant select on future tables in database DWH to role selectstar_role;
grant select on future views in database DWH to role selectstar_role;

If the latency of updates in ACCOUNT_USAGE is too high for your needs (see Snowflake documentation on data latency), you can switch to INFORMATION_SCHEMA instead, providing faster updates in the UI.

Enhanced Lineage for Dynamic Tables

To see lineage for dynamic tables, we recommend granting permission to read dynamic table definitions. Without this, lineage can only be inferred from query logs, which may not be fully reliable.

Using the ACCOUNTADMIN role, execute the following SQL for each database you want to ingest (example uses DWH as the database name):

use role ACCOUNTADMIN;
grant usage on database DWH to role selectstar_role;
grant usage on all schemas in database DWH to role selectstar_role;
grant monitor on all dynamic tables in database DWH to role selectstar_role;
grant monitor on future dynamic tables in database DWH to role selectstar_role;

If you're granting these permissions after your Snowflake metadata has already been synced, you'll need to re-sync it.

  1. Go to Settings > Data

  2. Click on Sync metadata on your Snowflake Data source.

4. Connect Snowflake to Select Star

  1. Complete the Setup in Select Star Once the role has been created in Snowflake, return to Select Star to complete the setup.

  2. Fill in the Authentication Details Provide the following information:

    • Authentication:

      • You already selected Key Pair authentication.

    • Username:

      • The name of the service account user you created earlier. In the example above, it is selectstar

  3. Test the Connection and Proceed

    • Once all fields are filled, click Next to proceed.

5. Choose databases and schemas

After you fill in the information, you'll be asked to select the databases you'd like to load into Select Star.

Select Star will not read queries or metadata or generate lineage for databases, schemas, or tables that are not loaded. Please load all data for which you expect to see lineage.

You can change the databases and schemas you have loaded if needed.

Select the database and click Next.

For each database you selected, you'll be able to select the schemas.

Your metadata should start loading automatically. Please allow 24-48 hours to completely generate popularity and lineage.

When the sync is complete, you'll be able to explore Snowflake in Select Star. See the link below for more information on Snowflake in Select Star.

Note: To change an existing data source's configuration, go to Settings > Admin > Data Sources and click Configure on your Snowflake data source. Click Back to get to the credential screen to update credentials.

Getting Started: Snowflake
PreviousSnowflakeNextUsing Password Authentication

Last updated

Was this helpful?