Back to Browse
Free
Server data from the Official MCP Registry
A Snowflake MCP server — SQL queries, schema exploration, and data insights for AI assistants
About
A Snowflake MCP server — SQL queries, schema exploration, and data insights for AI assistants
Security Report
4.2
Use Caution4.2High RiskA well-structured Snowflake MCP server with strong authentication options (multiple methods, TOML configs, env vars) and good code quality (type hints, logging, error handling). Write operations are safely guarded by default. However, the server requires broad network and file permissions (appropriate for its purpose) and has some input validation gaps in SQL identifier checking that could enable SQL injection in edge cases. Supply chain analysis found 3 known vulnerabilities in dependencies (0 critical, 3 high severity). Package verification found 1 issue.
4 files analyzed · 9 issues found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
Permissions Required
This plugin requests these system permissions. Most are normal for its category.
What You'll Need
Set these up before or after installing:
Snowflake account identifier
Environment variable: SNOWFLAKE_ACCOUNT
Snowflake username
Environment variable: SNOWFLAKE_USER
Password (not required for key-pair / SSO)Required
Environment variable: SNOWFLAKE_PASSWORD
Virtual warehouse to use
Environment variable: SNOWFLAKE_WAREHOUSE
Default database
Environment variable: SNOWFLAKE_DATABASE
Default schema
Environment variable: SNOWFLAKE_SCHEMA
Role to assume
Environment variable: SNOWFLAKE_ROLE
Authentication type (e.g. snowflake, externalbrowser)
Environment variable: SNOWFLAKE_AUTHENTICATOR
Absolute path to .p8 private key file
Environment variable: SNOWFLAKE_PRIVATE_KEY_FILE
Passphrase for encrypted private keyRequired
Environment variable: SNOWFLAKE_PRIVATE_KEY_FILE_PWD
How to Install
Add this to your MCP configuration file:
{
"mcpServers": {
"io-github-nsphung-mcp-snowflake-server": {
"env": {
"SNOWFLAKE_ROLE": "your-snowflake-role-here",
"SNOWFLAKE_USER": "your-snowflake-user-here",
"SNOWFLAKE_SCHEMA": "your-snowflake-schema-here",
"SNOWFLAKE_ACCOUNT": "your-snowflake-account-here",
"SNOWFLAKE_DATABASE": "your-snowflake-database-here",
"SNOWFLAKE_PASSWORD": "your-snowflake-password-here",
"SNOWFLAKE_WAREHOUSE": "your-snowflake-warehouse-here",
"SNOWFLAKE_AUTHENTICATOR": "your-snowflake-authenticator-here",
"SNOWFLAKE_PRIVATE_KEY_FILE": "your-snowflake-private-key-file-here",
"SNOWFLAKE_PRIVATE_KEY_FILE_PWD": "your-snowflake-private-key-file-pwd-here"
},
"args": [
"mcp-snowflake-server-nsp"
],
"command": "uvx"
}
}
}Documentation
View on GitHubFrom the project's GitHub README.
Snowflake MCP Server
A Model Context Protocol (MCP) server / MCP server that connects AI assistants to Snowflake — enabling SQL queries, schema exploration, and data insights directly from your LLM client.
Highlights:
- Multiple authentication methods: password, key-pair, external browser, TOML connection files
- TOML multi-connection config — manage
production,staging, anddevelopmentenvironments in one file - Write-safety guard — write operations are disabled by default and must be explicitly enabled
- Exclusion patterns — filter out databases, schemas, or tables from discovery
--exclude-json-resultsflag — reduces LLM context window usage- Selective tool exclusion via
--exclude_tools - Prefetch mode — pre-load table schema as MCP resources
- Docker support
Table of Contents
- Snowflake MCP Server
Quick Start
The fastest way to try it — using uvx with a TOML connection file:
# 1. Create a connections file
cat > ~/snowflake_connections.toml << 'EOF'
[myconn]
account = "your_account"
user = "your_user"
password = "your_password"
warehouse = "COMPUTE_WH"
database = "MY_DB"
schema = "PUBLIC"
role = "MYROLE"
EOF
# 2. Run the server
uvx --python=3.13 --from mcp-snowflake-server-nsp mcp_snowflake_server \
--connections-file ~/snowflake_connections.toml \
--connection-name myconn
Claude Code
Add to your MCP client config (e.g. claude_desktop_config.json) using snowflake_connections.toml:
"mcpServers": {
"snowflake": {
"command": "uvx",
"args": [
"--python=3.13",
"--from", "mcp-snowflake-server-nsp",
"mcp_snowflake_server",
"--connections-file", "/absolute/path/to/snowflake_connections.toml",
"--connection-name", "myconn"
]
}
}
Visual Studio Code (VSCode)
Add to your MCP client config (e.g. .vscode/mcp.json) using .env file (see Authentication):
"snowflake": {
// Snowflake MCP server
"type": "stdio",
"command": "uvx",
"args": [
"--from", "mcp-snowflake-server-nsp",
"--python=3.13",
"mcp_snowflake_server"
],
"envFile": "${workspaceFolder}/.env"
}
OpenCode
Add to your MCP client config (e.g. opencode.jsonc) with .env file (see Authentication):
"snowflake": {
"type": "local",
"command": [
"uvx",
"--from",
"mcp-snowflake-server-nsp",
"--python=3.13",
"mcp_snowflake_server",
],
"enabled": true,
"timeout": 300000,
}
Components
Resources
| URI | Description |
|---|---|
memo://insights | A continuously updated memo aggregating data insights appended via append_insight. |
context://table/{table_name} | (Prefetch mode only) Per-table schema summaries including columns and comments. |
Tools
Query Tools
| Tool | Description | Requires |
|---|---|---|
read_query | Execute SELECT queries. Input: query (string). | — |
write_query | Execute INSERT, UPDATE, or DELETE queries. Input: query (string). | --allow_write |
create_table | Execute CREATE TABLE statements. Input: query (string). | --allow_write |
Schema Tools
| Tool | Description | Input |
|---|---|---|
list_databases | List all databases in the Snowflake instance. | — |
list_schemas | List all schemas within a database. | database (string) |
list_tables | List all tables within a database and schema. | database, schema (strings) |
describe_table | Describe columns of a table (name, type, nullability, default, comment). | table_name as database.schema.table |
Analysis Tools
| Tool | Description | Input |
|---|---|---|
append_insight | Add a data insight to the memo://insights resource. | insight (string) |
Authentication
Password
Set credentials via environment variables or CLI flags (see Configuration Reference):
SNOWFLAKE_USER="user@example.com"
SNOWFLAKE_ACCOUNT="myaccount"
SNOWFLAKE_PASSWORD="secret"
SNOWFLAKE_WAREHOUSE="COMPUTE_WH"
SNOWFLAKE_DATABASE="MY_DB"
SNOWFLAKE_SCHEMA="PUBLIC"
SNOWFLAKE_ROLE="MYROLE"
Key-Pair
SNOWFLAKE_USER="user@example.com"
SNOWFLAKE_ACCOUNT="myaccount"
SNOWFLAKE_PRIVATE_KEY_FILE="/absolute/path/to/key.p8"
SNOWFLAKE_PRIVATE_KEY_FILE_PWD="passphrase" # Optional — only if key is encrypted
SNOWFLAKE_WAREHOUSE="COMPUTE_WH"
SNOWFLAKE_DATABASE="MY_DB"
SNOWFLAKE_SCHEMA="PUBLIC"
SNOWFLAKE_ROLE="MYROLE"
Or via CLI: --private_key_file /path/to/key.p8 --private_key_file_pwd passphrase
External Browser
SNOWFLAKE_AUTHENTICATOR="externalbrowser"
Or in a TOML connection entry: authenticator = "externalbrowser"
TOML Connection File (Recommended)
Manage multiple environments in a single file. See example_connections.toml for a full template.
[production]
account = "your_account"
user = "your_user"
password = "your_password"
warehouse = "COMPUTE_WH"
database = "PROD_DB"
schema = "PUBLIC"
role = "ACCOUNTADMIN"
[development]
account = "your_account"
user = "dev_user"
authenticator = "externalbrowser"
warehouse = "DEV_WH"
database = "DEV_DB"
schema = "PUBLIC"
role = "DEVELOPER"
[reporting]
account = "your_account"
user = "reporting_user"
private_key_file = "/path/to/private_key.pem"
private_key_file_pwd = "passphrase" # Optional
warehouse = "REPORTING_WH"
database = "REPORTING_DB"
schema = "REPORTS"
role = "REPORTING_ROLE"
Pass the file with --connections-file and select a profile with --connection-name. Both flags are required together.
Installation
The package is published on PyPI as mcp-snowflake-server-nsp.
Via UVX
"mcpServers": {
"snowflake_production": {
"command": "uvx",
"args": [
"--python=3.13",
"--from", "mcp-snowflake-server-nsp",
"mcp_snowflake_server",
"--connections-file", "/path/to/snowflake_connections.toml",
"--connection-name", "production"
// Optional flags — see Configuration Reference
]
},
"snowflake_staging": {
"command": "uvx",
"args": [
"--python=3.13",
"--from", "mcp-snowflake-server-nsp",
"mcp_snowflake_server",
"--connections-file", "/path/to/snowflake_connections.toml",
"--connection-name", "staging"
]
}
}
"mcpServers": {
"snowflake": {
"command": "uvx",
"args": [
"--python=3.13",
"--from", "mcp-snowflake-server-nsp",
"mcp_snowflake_server",
"--account", "your_account",
"--warehouse", "your_warehouse",
"--user", "your_user",
"--password", "your_password",
"--role", "your_role",
"--database", "your_database",
"--schema", "your_schema"
// Optional: "--private_key_file", "/absolute/path/key.p8"
// Optional: "--private_key_file_pwd", "passphrase"
// Optional flags — see Configuration Reference
]
}
}
Locally from Source with VSCode
-
Install Visual Studio Code
-
Install
uv:curl -LsSf https://astral.sh/uv/install.sh | sh -
Create a
.envfile with your Snowflake credentials (or use a TOML connection file — see Authentication):SNOWFLAKE_USER="user@example.com" SNOWFLAKE_ACCOUNT="myaccount" SNOWFLAKE_ROLE="MYROLE" SNOWFLAKE_DATABASE="MY_DB" SNOWFLAKE_SCHEMA="PUBLIC" SNOWFLAKE_WAREHOUSE="COMPUTE_WH" SNOWFLAKE_PASSWORD="secret" # Key-pair alternative: # SNOWFLAKE_PRIVATE_KEY_FILE=/absolute/path/key.p8 # SNOWFLAKE_PRIVATE_KEY_FILE_PWD="passphrase" # Browser SSO alternative: # SNOWFLAKE_AUTHENTICATOR="externalbrowser" -
(Optional) Edit
runtime_config.jsonto exclude specific databases, schemas, or tables (see Exclusion Patterns). -
Test locally:
uv --directory /absolute/path/to/mcp_snowflake_server run mcp_snowflake_server -
Add to
.vscode/mcp.json:
"snowflake-local": {
"type": "stdio",
"command": "/absolute/path/to/uv",
"args": [
"--python=3.13",
"--directory", "/absolute/path/to/mcp_snowflake_server",
"run", "mcp_snowflake_server",
"--connections-file", "/absolute/path/to/snowflake_connections.toml",
"--connection-name", "development"
// Optional flags — see Configuration Reference
],
}
"snowflake-local": {
"type": "stdio",
"command": "/absolute/path/to/uv",
"args": [
"--python=3.13",
"--directory", "/absolute/path/to/mcp_snowflake_server",
"run", "mcp_snowflake_server",
// Optional flags — see Configuration Reference / .env.example file
],
"envFile": "/absolute/path/to/.env"
}
Locally from Source with Claude
-
Install Claude AI Desktop App
-
Install
uv:curl -LsSf https://astral.sh/uv/install.sh | sh -
Create a
.envfile with your Snowflake credentials (or use a TOML connection file — see Authentication):SNOWFLAKE_USER="user@example.com" SNOWFLAKE_ACCOUNT="myaccount" SNOWFLAKE_ROLE="MYROLE" SNOWFLAKE_DATABASE="MY_DB" SNOWFLAKE_SCHEMA="PUBLIC" SNOWFLAKE_WAREHOUSE="COMPUTE_WH" SNOWFLAKE_PASSWORD="secret" # Key-pair alternative: # SNOWFLAKE_PRIVATE_KEY_FILE=/absolute/path/key.p8 # SNOWFLAKE_PRIVATE_KEY_FILE_PWD="passphrase" # Browser SSO alternative: # SNOWFLAKE_AUTHENTICATOR="externalbrowser" -
(Optional) Edit
runtime_config.jsonto exclude specific databases, schemas, or tables (see Exclusion Patterns). -
Test locally:
uv --directory /absolute/path/to/mcp_snowflake_server run mcp_snowflake_server -
Add to
claude_desktop_config.json:
"mcpServers": {
"snowflake_local": {
"command": "/absolute/path/to/uv",
"args": [
"--python=3.13",
"--directory", "/absolute/path/to/mcp_snowflake_server",
"run", "mcp_snowflake_server",
"--connections-file", "/absolute/path/to/snowflake_connections.toml",
"--connection-name", "development"
// Optional flags — see Configuration Reference
]
}
}
"mcpServers": {
"snowflake_local": {
"command": "/absolute/path/to/uv",
"args": [
"--python=3.13",
"--directory", "/absolute/path/to/mcp_snowflake_server",
"run", "mcp_snowflake_server"
// Optional flags — see Configuration Reference
]
}
}
Docker
A Dockerfile is included for containerised deployments:
# Build
docker build -t mcp-snowflake-server .
# Run (pass credentials as environment variables)
docker run --rm \
-e SNOWFLAKE_USER="user@example.com" \
-e SNOWFLAKE_ACCOUNT="myaccount" \
-e SNOWFLAKE_PASSWORD="secret" \
-e SNOWFLAKE_WAREHOUSE="COMPUTE_WH" \
-e SNOWFLAKE_DATABASE="MY_DB" \
-e SNOWFLAKE_SCHEMA="PUBLIC" \
-e SNOWFLAKE_ROLE="MYROLE" \
mcp-snowflake-server
# Or override the entrypoint arguments directly
docker run --rm mcp-snowflake-server \
--account your_account \
--user your_user \
--password your_password \
--warehouse COMPUTE_WH \
--database MY_DB \
--schema PUBLIC \
--role MYROLE
Configuration Reference
All connection parameters can also be set as environment variables (SNOWFLAKE_<PARAM_UPPER>).
| Flag | Env var | Default | Description |
|---|---|---|---|
--account | SNOWFLAKE_ACCOUNT | — | Snowflake account identifier |
--user | SNOWFLAKE_USER | — | Snowflake username |
--password | SNOWFLAKE_PASSWORD | — | Password (not required for key-pair / SSO) |
--warehouse | SNOWFLAKE_WAREHOUSE | — | Virtual warehouse to use |
--database | SNOWFLAKE_DATABASE | (required) | Default database |
--schema | SNOWFLAKE_SCHEMA | (required) | Default schema |
--role | SNOWFLAKE_ROLE | — | Role to assume |
--private_key_file | SNOWFLAKE_PRIVATE_KEY_FILE | — | Absolute path to .p8 private key file |
--private_key_file_pwd | SNOWFLAKE_PRIVATE_KEY_FILE_PWD | — | Passphrase for encrypted private key |
--connections-file | — | — | Path to TOML connections file |
--connection-name | — | — | Connection profile name in TOML file (required with --connections-file) |
--allow_write | — | false | Enable write_query and create_table tools |
--prefetch / --no-prefetch | — | false | Pre-load table schema as context://table/* resources (disables list_tables / describe_table) |
--exclude_tools | — | [] | Space-separated list of tool names to disable |
--exclude-json-results | — | false | Omit embedded JSON resources from responses (reduces context window usage) |
--log_dir | — | — | Directory for log file output |
--log_level | — | INFO | Log verbosity: DEBUG, INFO, WARNING, ERROR, CRITICAL |
Exclusion Patterns
Edit runtime_config.json to exclude databases, schemas, or tables from all discovery tools. Patterns are matched case-insensitively as substrings.
{
"exclude_patterns": {
"databases": ["temp"],
"schemas": ["temp", "information_schema"],
"tables": ["temp"]
}
}
The server loads this file automatically at startup from the working directory.
Development
# Install dependencies (including dev tools)
make install
# Lint & auto-fix with Ruff
make ruff
# Run tests
make test
# Run tests with terminal coverage report
make coverage
# Run tests and open HTML coverage report
make coverage-html
# Run the server locally
make run
Requires uv. Dev dependencies include ruff, mypy, pytest, pytest-asyncio, pytest-cov, and pre-commit.
Documentation & Coverage
-
Full AI-generated documentation:
-
Test coverage sunburst:
License
This project is licensed under the GNU General Public License v3.0. See the LICENSE file for the full text.
Fork and Attribution
This repository is a fork of isaacwasserman/mcp-snowflake-server.
- Upstream authors and contributors retain copyright for their contributions.
- Fork-specific changes are maintained by
nsphung. - A summary of notable modifications is tracked in
NOTICE.
Reviews
No reviews yet
Be the first to review this server!
More Data & Analytics MCP Servers
Toleno
Freeby Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.
114
Stars
412
Installs
8.0
Security
4.8
Local
mcp-creator-python
Freeby mcp-marketplace · Developer Tools
Create, build, and publish Python MCP servers to PyPI — conversationally.
-
Stars
58
Installs
10.0
Security
5.0
Local
MarkItDown
Freeby Microsoft · Content & Media
Convert files (PDF, Word, Excel, images, audio) to Markdown for LLM consumption
116.1K
Stars
16
Installs
6.0
Security
5.0
Local
mcp-creator-typescript
Freeby mcp-marketplace · Developer Tools
Scaffold, build, and publish TypeScript MCP servers to npm — conversationally
-
Stars
14
Installs
10.0
Security
5.0
Local
Google Workspace MCP
Freeby Taylorwilsdon · Productivity
Control Gmail, Calendar, Docs, Sheets, Drive, and more from your AI
1.6K
Stars
13
Installs
7.0
Security
No ratings yet
Local
FinAgent
Freeby mcp-marketplace · Finance
Free stock data and market news for any MCP-compatible AI assistant.
-
Stars
13
Installs
10.0
Security
No ratings yet
Local