Skip to content

Snowflake Logging in Snowflake

TruLens can log traces and evaluations to a Snowflake database. This page covers every supported authentication method.

You don't need a password

SnowflakeConnector supports SSO, key-pair auth, OAuth tokens, and existing Snowpark sessions -- no password required. Password-based auth is just one option.

Install

Install using pip

pip install trulens-connectors-snowflake

Auth Methods at a Glance

Method Key Parameter Password Required?
Browser-based SSO (recommended) authenticator="externalbrowser" No
Key-pair authentication private_key_file="rsa_key.p8" No
OAuth access token authenticator="oauth", token=... No
Existing Snowpark Session snowpark_session= No
Username / password password="..." Yes

Every method below results in a TruSession connected to Snowflake. Once connected, all traces and evaluations are logged automatically.

Browser-Based SSO

The easiest way to get started. Pass your connection details directly to SnowflakeConnector -- it creates the Snowpark session for you. Your browser opens for SSO via your identity provider (Okta, Azure AD, etc.), and you're done.

Connect with browser-based SSO

from trulens.connectors.snowflake import SnowflakeConnector
from trulens.core import TruSession

conn = SnowflakeConnector(
    account="<account>",
    user="<user>",
    database="<database>",
    schema="<schema>",
    warehouse="<warehouse>",
    role="<role>",
    authenticator="externalbrowser",
)
session = TruSession(connector=conn)

Key-Pair Authentication

Uses an RSA private key instead of a password. See the Snowflake key-pair auth docs for setup instructions.

Connect with key-pair auth

from trulens.connectors.snowflake import SnowflakeConnector
from trulens.core import TruSession

conn = SnowflakeConnector(
    account="<account>",
    user="<user>",
    database="<database>",
    schema="<schema>",
    warehouse="<warehouse>",
    role="<role>",
    private_key_file="/path/to/rsa_key.p8",
)
session = TruSession(connector=conn)
Generating a key pair 
# Generate an encrypted private key
openssl genrsa 2048 | openssl pkcs8 -topk8 -inform PEM -out rsa_key.p8 -nocrypt

# Generate the public key
openssl rsa -in rsa_key.p8 -pubout -out rsa_key.pub

# Assign the public key to your Snowflake user
# In Snowflake:
# ALTER USER <user> SET RSA_PUBLIC_KEY='<contents of rsa_key.pub without header/footer>';

OAuth Access Token

Use an existing OAuth token from a token endpoint, service account flow, or Snowpark Container Services (SPCS).

Connect with an OAuth token

from trulens.connectors.snowflake import SnowflakeConnector
from trulens.core import TruSession

conn = SnowflakeConnector(
    account="<account>",
    user="<user>",
    database="<database>",
    schema="<schema>",
    warehouse="<warehouse>",
    role="<role>",
    authenticator="oauth",
    token="<your-oauth-token>",
)
session = TruSession(connector=conn)

Existing Snowpark Session

If your app already has a Snowpark session, pass it directly. Works with any auth method that Snowpark supports.

Pass an existing Snowpark session

from trulens.connectors.snowflake import SnowflakeConnector
from trulens.core import TruSession

conn = SnowflakeConnector(snowpark_session=snowpark_session)
session = TruSession(connector=conn)

Username and Password

The traditional approach. Works but consider SSO or key-pair auth for better security.

Connect with username and password

from trulens.connectors.snowflake import SnowflakeConnector
from trulens.core import TruSession

conn = SnowflakeConnector(
    account="<account>",
    user="<user>",
    password="<password>",
    database="<database>",
    schema="<schema>",
    warehouse="<warehouse>",
    role="<role>",
)
session = TruSession(connector=conn)

Troubleshooting

I see a warning about password being required

If you're using non-password auth (SSO, key-pair, OAuth), you can safely ignore this warning. Use the Snowsight AI Observability page for dashboards.

paramstyle error: pyformat vs qmark

The Snowpark session must use paramstyle='qmark'. If you created the Snowflake connection manually, pass paramstyle='qmark' to snowflake.connector.connect().