Skip to main content

Overview

This guide walks you through connecting TextQL to your Snowflake data warehouse using key-pair authentication. You’ll need to generate an RSA key pair and configure your Snowflake account to complete the setup.
Important Authentication UpdateAs of September 2024, Snowflake announced the deprecation of single-factor password authentication for service users (programmatic/API connections). By October 2026, all service connections to Snowflake must use key-pair authentication.TextQL connects to Snowflake as a service user and only supports key-pair authentication going forward. Some legacy connectors may still use username/password authentication, but all new Snowflake connectors must be configured with key-pair authentication.Learn more: Snowflake’s MFA Rollout Documentation

Prerequisites

To connect TextQL with your Snowflake instance, you will need:
  • Account identifier (your Snowflake locator)
  • Database name and Schema
  • Warehouse name (optional)
  • Username for the Snowflake user
  • RSA private key for key-pair authentication
  • Role name (optional)

Generating Your RSA Key Pair

Before creating the connector in TextQL, you need to generate an RSA key pair and register the public key with Snowflake.

Step 1: Generate Private and Public Keys

Use OpenSSL to generate a 2048-bit RSA key pair: 
# Generate private key
openssl genrsa 2048 | openssl pkcs8 -topk8 -inform PEM -out rsa_key.p8 -nocrypt

# Generate public key from private key
openssl rsa -in rsa_key.p8 -pubout -out rsa_key.pub

Step 2: Register Public Key with Snowflake

Copy the public key content (excluding the header and footer lines) and assign it to your Snowflake user: 
ALTER USER <username> SET RSA_PUBLIC_KEY='<public_key_content>';
For detailed instructions, see the video tutorial or Snowflake’s Key-Pair Authentication Guide.

Creating the Connector in TextQL

Step 1: Navigate to Connectors Page

  1. Go to the TextQL Connectors Page
  2. Click New Connector

Step 2: Select Snowflake

Select Snowflake from the available connectors to open the configuration form.

Step 3: Enter Connection Details

The form requires the following information:
FieldDescriptionExample
Connector NameA descriptive name to identify this connectionMy Snowflake Warehouse
Account IdentifierYour Snowflake account locatorxy12345.us-east-1
DatabaseThe name of your target Snowflake databaseANALYTICS_DB
SchemaThe schema name within your database (optional)PUBLIC
WarehouseThe compute warehouse to use for queries (optional)COMPUTE_WH
RoleThe Snowflake role to assume for this connection (optional)ANALYST_ROLE

Step 4: Configure Key-Pair Authentication

Username: Your Snowflake username (the user with the registered public key) Private Key: Paste the contents of your RSA private key file (the entire content including the header and footer lines) 
-----BEGIN PRIVATE KEY-----
<your private key content>
-----END PRIVATE KEY-----
Keep your private key secure and never share it. The private key should only be stored in secure locations and used for authentication purposes.

Step 5: Test and Create

  1. Click Test Connection to verify your credentials and network access
  2. Once the test succeeds, click Create Connector to save the connection

Troubleshooting

Connection Fails

Verify the following:
  • Account identifier is correct (including region)
  • Database and schema names are accurate
  • Warehouse is running or can be auto-resumed
  • Snowflake account is accessible
Having trouble connecting? See the Network Configuration Guide for firewall and IP whitelisting setup.

Authentication Errors

Check:
  • Username is correct and matches the user with the registered public key
  • Private key is properly formatted (includes header and footer)
  • Public key is correctly registered in Snowflake (DESCRIBE USER <username> should show RSA_PUBLIC_KEY)
  • User has appropriate permissions and role access

Public Key Registration Issues

Common problems:
  • Public key content includes header/footer lines (should only be the key content)
  • Extra whitespace or line breaks in the public key
  • Public key not matching the private key being used
To verify public key registration: 
DESCRIBE USER <username>;
-- Check that RSA_PUBLIC_KEY is populated

Timeout Errors

Possible causes:
  • Warehouse is suspended and taking time to resume
  • Network connectivity issues
  • Firewall blocking connection
  • Incorrect account identifier

What’s Next

Once your Snowflake connector is set up, you can:
  • Ask Ana natural language questions about your data
  • Generate SQL queries and visualizations
  • Create reports and dashboards
  • Share insights with your team
The connector automatically handles session management and warehouse resumption. For optimal performance:
  • Configure an appropriate warehouse size for your workload
  • Set up a dedicated role with appropriate privileges
  • Use schema specification to limit data access scope
  • Rotate your key pairs periodically for enhanced security