Snowflake v2.9.0, Nov 1 25

Snowflake v2.9.0 published on Saturday, Nov 1, 2025 by Pulumi

snowflake.Provider

Snowflake v2.9.0 published on Saturday, Nov 1, 2025 by Pulumi

The provider type for the snowflake package. By default, resources use package-wide configuration settings, however an explicit Provider instance may be created and passed during resource construction to achieve fine-grained programmatic control over provider settings. See the documentation for more information.

Create Provider Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Provider(name: string, args?: ProviderArgs, opts?: CustomResourceOptions);

@overload
def Provider(resource_name: str,
             args: Optional[ProviderArgs] = None,
             opts: Optional[ResourceOptions] = None)

@overload
def Provider(resource_name: str,
             opts: Optional[ResourceOptions] = None,
             account_name: Optional[str] = None,
             authenticator: Optional[str] = None,
             client_ip: Optional[str] = None,
             client_request_mfa_token: Optional[str] = None,
             client_store_temporary_credential: Optional[str] = None,
             client_timeout: Optional[int] = None,
             disable_console_login: Optional[str] = None,
             disable_query_context_cache: Optional[bool] = None,
             disable_telemetry: Optional[bool] = None,
             driver_tracing: Optional[str] = None,
             enable_single_use_refresh_tokens: Optional[bool] = None,
             experimental_features_enableds: Optional[Sequence[str]] = None,
             external_browser_timeout: Optional[int] = None,
             host: Optional[str] = None,
             include_retry_reason: Optional[str] = None,
             insecure_mode: Optional[bool] = None,
             jwt_client_timeout: Optional[int] = None,
             jwt_expire_timeout: Optional[int] = None,
             keep_session_alive: Optional[bool] = None,
             login_timeout: Optional[int] = None,
             max_retry_count: Optional[int] = None,
             oauth_authorization_url: Optional[str] = None,
             oauth_client_id: Optional[str] = None,
             oauth_client_secret: Optional[str] = None,
             oauth_redirect_uri: Optional[str] = None,
             oauth_scope: Optional[str] = None,
             oauth_token_request_url: Optional[str] = None,
             ocsp_fail_open: Optional[str] = None,
             okta_url: Optional[str] = None,
             organization_name: Optional[str] = None,
             params: Optional[Mapping[str, str]] = None,
             passcode: Optional[str] = None,
             passcode_in_password: Optional[bool] = None,
             password: Optional[str] = None,
             port: Optional[int] = None,
             preview_features_enabled: Optional[Sequence[str]] = None,
             private_key: Optional[str] = None,
             private_key_passphrase: Optional[str] = None,
             profile: Optional[str] = None,
             protocol: Optional[str] = None,
             request_timeout: Optional[int] = None,
             role: Optional[str] = None,
             skip_toml_file_permission_verification: Optional[bool] = None,
             tmp_directory_path: Optional[str] = None,
             token: Optional[str] = None,
             token_accessor: Optional[ProviderTokenAccessorArgs] = None,
             use_legacy_toml_file: Optional[bool] = None,
             user: Optional[str] = None,
             validate_default_parameters: Optional[str] = None,
             warehouse: Optional[str] = None,
             workload_identity_entra_resource: Optional[str] = None,
             workload_identity_provider: Optional[str] = None)

func NewProvider(ctx *Context, name string, args *ProviderArgs, opts ...ResourceOption) (*Provider, error)

public Provider(string name, ProviderArgs? args = null, CustomResourceOptions? opts = null)

public Provider(String name, ProviderArgs args)
public Provider(String name, ProviderArgs args, CustomResourceOptions options)

type: pulumi:providers:snowflake
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args ProviderArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args ProviderArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args ProviderArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args ProviderArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args ProviderArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Provider Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Provider resource accepts the following input properties:

AccountName string: Specifies your Snowflake account name assigned by Snowflake. For information about account identifiers, see the Snowflake documentation. Required unless using profile. Can also be sourced from the SNOWFLAKE_ACCOUNT_NAME environment variable.
Authenticator string: Specifies the authentication type to use when connecting to Snowflake. Valid options are: SNOWFLAKE | OAUTH | EXTERNALBROWSER | OKTA | SNOWFLAKE_JWT | TOKENACCESSOR | USERNAMEPASSWORDMFA | PROGRAMMATIC_ACCESS_TOKEN | OAUTH_CLIENT_CREDENTIALS | OAUTH_AUTHORIZATION_CODE | WORKLOAD_IDENTITY. Can also be sourced from the SNOWFLAKE_AUTHENTICATOR environment variable.
ClientIp string: IP address for network checks. Can also be sourced from the SNOWFLAKE_CLIENT_IP environment variable.
ClientRequestMfaToken string: When true the MFA token is cached in the credential manager. True by default in Windows/OSX. False for Linux. Can also be sourced from the SNOWFLAKE_CLIENT_REQUEST_MFA_TOKEN environment variable.
ClientStoreTemporaryCredential string: When true the ID token is cached in the credential manager. True by default in Windows/OSX. False for Linux. Can also be sourced from the SNOWFLAKE_CLIENT_STORE_TEMPORARY_CREDENTIAL environment variable.
ClientTimeout int: The timeout in seconds for the client to complete the authentication. Can also be sourced from the SNOWFLAKE_CLIENT_TIMEOUT environment variable.
DisableConsoleLogin string: Indicates whether console login should be disabled in the driver. Can also be sourced from the SNOWFLAKE_DISABLE_CONSOLE_LOGIN environment variable.
DisableQueryContextCache bool: Disables HTAP query context cache in the driver. Can also be sourced from the SNOWFLAKE_DISABLE_QUERY_CONTEXT_CACHE environment variable.
DisableTelemetry bool: Disables telemetry in the driver. Can also be sourced from the DISABLE_TELEMETRY environment variable.
DriverTracing string: Specifies the logging level to be used by the driver. Valid options are: trace | debug | info | print | warning | error | fatal | panic. Can also be sourced from the SNOWFLAKE_DRIVER_TRACING environment variable.
EnableSingleUseRefreshTokens bool: Enables single use refresh tokens for Snowflake IdP. Can also be sourced from the SNOWFLAKE_ENABLE_SINGLE_USE_REFRESH_TOKENS environment variable.
ExperimentalFeaturesEnableds List<string>: A list of experimental features. Similarly to preview features, they are not yet stable features of the provider. Enabling given experiment is still considered a preview feature, even when applied to the stable resource. These switches offer experiments altering the provider behavior. If the given experiment is successful, it can be considered an addition in the future provider versions. This field can not be set with environmental variables. Valid options are: WAREHOUSE_SHOW_IMPROVED_PERFORMANCE.
ExternalBrowserTimeout int: The timeout in seconds for the external browser to complete the authentication. Can also be sourced from the SNOWFLAKE_EXTERNAL_BROWSER_TIMEOUT environment variable.
Host string: Specifies a custom host value used by the driver for privatelink connections. Can also be sourced from the SNOWFLAKE_HOST environment variable. It can also be sourced from the following environment variable: SNOWFLAKE_HOST
IncludeRetryReason string: Should retried request contain retry reason. Can also be sourced from the SNOWFLAKE_INCLUDE_RETRY_REASON environment variable.
InsecureMode bool: If true, bypass the Online Certificate Status Protocol (OCSP) certificate revocation check. IMPORTANT: Change the default value for testing or emergency situations only. Can also be sourced from the SNOWFLAKE_INSECURE_MODE environment variable.
JwtClientTimeout int: The timeout in seconds for the JWT client to complete the authentication. Can also be sourced from the SNOWFLAKE_JWT_CLIENT_TIMEOUT environment variable.
JwtExpireTimeout int: JWT expire after timeout in seconds. Can also be sourced from the SNOWFLAKE_JWT_EXPIRE_TIMEOUT environment variable.
KeepSessionAlive bool: Enables the session to persist even after the connection is closed. Can also be sourced from the SNOWFLAKE_KEEP_SESSION_ALIVE environment variable.
LoginTimeout int: Login retry timeout in seconds EXCLUDING network roundtrip and read out http response. Can also be sourced from the SNOWFLAKE_LOGIN_TIMEOUT environment variable.
MaxRetryCount int: Specifies how many times non-periodic HTTP request can be retried by the driver. Can also be sourced from the SNOWFLAKE_MAX_RETRY_COUNT environment variable.
OauthAuthorizationUrl string: Authorization URL of OAuth2 external IdP. See Snowflake OAuth documentation. Can also be sourced from the SNOWFLAKE_OAUTH_AUTHORIZATION_URL environment variable.
OauthClientId string: Client id for OAuth2 external IdP. See Snowflake OAuth documentation. Can also be sourced from the SNOWFLAKE_OAUTH_CLIENT_ID environment variable.
OauthClientSecret string: Client secret for OAuth2 external IdP. See Snowflake OAuth documentation. Can also be sourced from the SNOWFLAKE_OAUTH_CLIENT_SECRET environment variable.
OauthRedirectUri string: Redirect URI registered in IdP. See Snowflake OAuth documentation. Can also be sourced from the SNOWFLAKE_OAUTH_REDIRECT_URI environment variable.
OauthScope string: Comma separated list of scopes. If empty it is derived from role. See Snowflake OAuth documentation. Can also be sourced from the SNOWFLAKE_OAUTH_SCOPE environment variable.
OauthTokenRequestUrl string: Token request URL of OAuth2 external IdP. See Snowflake OAuth documentation. Can also be sourced from the SNOWFLAKE_OAUTH_TOKEN_REQUEST_URL environment variable.
OcspFailOpen string: True represents OCSP fail open mode. False represents OCSP fail closed mode. Fail open true by default. Can also be sourced from the SNOWFLAKE_OCSP_FAIL_OPEN environment variable.
OktaUrl string: The URL of the Okta server. e.g. https://example.okta.com. Okta URL host needs to to have a suffix okta.com. Read more in Snowflake docs. Can also be sourced from the SNOWFLAKE_OKTA_URL environment variable.
OrganizationName string: Specifies your Snowflake organization name assigned by Snowflake. For information about account identifiers, see the Snowflake documentation. Required unless using profile. Can also be sourced from the SNOWFLAKE_ORGANIZATION_NAME environment variable.
Params Dictionary<string, string>: Sets other connection (i.e. session) parameters. Parameters. This field can not be set with environmental variables.
Passcode string: Specifies the passcode provided by Duo when using multi-factor authentication (MFA) for login. Can also be sourced from the SNOWFLAKE_PASSCODE environment variable.
PasscodeInPassword bool: False by default. Set to true if the MFA passcode is embedded to the configured password. Can also be sourced from the SNOWFLAKE_PASSCODE_IN_PASSWORD environment variable.
Password string: Password for user + password or token for PAT auth. Cannot be used with private_key and private_key_passphrase. Can also be sourced from the SNOWFLAKE_PASSWORD environment variable. It can also be sourced from the following environment variable: SNOWFLAKE_PASSWORD
Port int: Specifies a custom port value used by the driver for privatelink connections. Can also be sourced from the SNOWFLAKE_PORT environment variable. It can also be sourced from the following environment variable: SNOWFLAKE_PORT
PreviewFeaturesEnabled List<string>
PrivateKey string: Private Key for username+private-key auth. Cannot be used with password. Can also be sourced from the SNOWFLAKE_PRIVATE_KEY environment variable.
PrivateKeyPassphrase string: Supports the encryption ciphers aes-128-cbc, aes-128-gcm, aes-192-cbc, aes-192-gcm, aes-256-cbc, aes-256-gcm, and des-ede3-cbc. Can also be sourced from the SNOWFLAKE_PRIVATE_KEY_PASSPHRASE environment variable. It can also be sourced from the following environment variable: SNOWFLAKE_PRIVATE_KEY_PASSPHRASE
Profile string: Sets the profile to read from ~/.snowflake/config file. Can also be sourced from the SNOWFLAKE_PROFILE environment variable.
Protocol string: A protocol used in the connection. Valid options are: http | https. Can also be sourced from the SNOWFLAKE_PROTOCOL environment variable. It can also be sourced from the following environment variable: SNOWFLAKE_PROTOCOL
RequestTimeout int: request retry timeout in seconds EXCLUDING network roundtrip and read out http response. Can also be sourced from the SNOWFLAKE_REQUEST_TIMEOUT environment variable.
Role string: Specifies the role to use by default for accessing Snowflake objects in the client session. Can also be sourced from the SNOWFLAKE_ROLE environment variable. It can also be sourced from the following environment variable: SNOWFLAKE_ROLE
SkipTomlFilePermissionVerification bool: False by default. Skips TOML configuration file permission verification. This flag has no effect on Windows systems, as the permissions are not checked on this platform. Instead of skipping the permissions verification, we recommend setting the proper privileges - see the section below. Can also be sourced from the SNOWFLAKE_SKIP_TOML_FILE_PERMISSION_VERIFICATION environment variable.
TmpDirectoryPath string: Sets temporary directory used by the driver for operations like encrypting, compressing etc. Can also be sourced from the SNOWFLAKE_TMP_DIRECTORY_PATH environment variable.
Token string: Token to use for OAuth and other forms of token based auth. When this field is set here, or in the TOML file, the provider sets the authenticator to OAUTH. Optionally, set the authenticator field to the authenticator you want to use. Can also be sourced from the SNOWFLAKE_TOKEN environment variable.
TokenAccessor ProviderTokenAccessor: If you are using the OAuth authentication flows, use the dedicated authenticator and oauth... fields instead. See our authentication methods guide for more information.
UseLegacyTomlFile bool: False by default. When this is set to true, the provider expects the legacy TOML format. Otherwise, it expects the new format. See more in the section below Can also be sourced from the SNOWFLAKE_USE_LEGACY_TOML_FILE environment variable.
User string: Username. Required unless using profile. Can also be sourced from the SNOWFLAKE_USER environment variable.
ValidateDefaultParameters string: True by default. If false, disables the validation checks for Database, Schema, Warehouse and Role at the time a connection is established. Can also be sourced from the SNOWFLAKE_VALIDATE_DEFAULT_PARAMETERS environment variable.
Warehouse string: Specifies the virtual warehouse to use by default for queries, loading, etc. in the client session. Can also be sourced from the SNOWFLAKE_WAREHOUSE environment variable. It can also be sourced from the following environment variable: SNOWFLAKE_WAREHOUSE
WorkloadIdentityEntraResource string: The resource to use for WIF authentication on Azure environment. Can also be sourced from the SNOWFLAKE_WORKLOAD_IDENTITY_ENTRA_RESOURCE environment variable.
WorkloadIdentityProvider string: The workload identity provider to use for WIF authentication. Can also be sourced from the SNOWFLAKE_WORKLOAD_IDENTITY_PROVIDER environment variable.

AccountName string: Specifies your Snowflake account name assigned by Snowflake. For information about account identifiers, see the Snowflake documentation. Required unless using profile. Can also be sourced from the SNOWFLAKE_ACCOUNT_NAME environment variable.
Authenticator string: Specifies the authentication type to use when connecting to Snowflake. Valid options are: SNOWFLAKE | OAUTH | EXTERNALBROWSER | OKTA | SNOWFLAKE_JWT | TOKENACCESSOR | USERNAMEPASSWORDMFA | PROGRAMMATIC_ACCESS_TOKEN | OAUTH_CLIENT_CREDENTIALS | OAUTH_AUTHORIZATION_CODE | WORKLOAD_IDENTITY. Can also be sourced from the SNOWFLAKE_AUTHENTICATOR environment variable.
ClientIp string: IP address for network checks. Can also be sourced from the SNOWFLAKE_CLIENT_IP environment variable.
ClientRequestMfaToken string: When true the MFA token is cached in the credential manager. True by default in Windows/OSX. False for Linux. Can also be sourced from the SNOWFLAKE_CLIENT_REQUEST_MFA_TOKEN environment variable.
ClientStoreTemporaryCredential string: When true the ID token is cached in the credential manager. True by default in Windows/OSX. False for Linux. Can also be sourced from the SNOWFLAKE_CLIENT_STORE_TEMPORARY_CREDENTIAL environment variable.
ClientTimeout int: The timeout in seconds for the client to complete the authentication. Can also be sourced from the SNOWFLAKE_CLIENT_TIMEOUT environment variable.
DisableConsoleLogin string: Indicates whether console login should be disabled in the driver. Can also be sourced from the SNOWFLAKE_DISABLE_CONSOLE_LOGIN environment variable.
DisableQueryContextCache bool: Disables HTAP query context cache in the driver. Can also be sourced from the SNOWFLAKE_DISABLE_QUERY_CONTEXT_CACHE environment variable.
DisableTelemetry bool: Disables telemetry in the driver. Can also be sourced from the DISABLE_TELEMETRY environment variable.
DriverTracing string: Specifies the logging level to be used by the driver. Valid options are: trace | debug | info | print | warning | error | fatal | panic. Can also be sourced from the SNOWFLAKE_DRIVER_TRACING environment variable.
EnableSingleUseRefreshTokens bool: Enables single use refresh tokens for Snowflake IdP. Can also be sourced from the SNOWFLAKE_ENABLE_SINGLE_USE_REFRESH_TOKENS environment variable.
ExperimentalFeaturesEnableds []string: A list of experimental features. Similarly to preview features, they are not yet stable features of the provider. Enabling given experiment is still considered a preview feature, even when applied to the stable resource. These switches offer experiments altering the provider behavior. If the given experiment is successful, it can be considered an addition in the future provider versions. This field can not be set with environmental variables. Valid options are: WAREHOUSE_SHOW_IMPROVED_PERFORMANCE.
ExternalBrowserTimeout int: The timeout in seconds for the external browser to complete the authentication. Can also be sourced from the SNOWFLAKE_EXTERNAL_BROWSER_TIMEOUT environment variable.
Host string: Specifies a custom host value used by the driver for privatelink connections. Can also be sourced from the SNOWFLAKE_HOST environment variable. It can also be sourced from the following environment variable: SNOWFLAKE_HOST
IncludeRetryReason string: Should retried request contain retry reason. Can also be sourced from the SNOWFLAKE_INCLUDE_RETRY_REASON environment variable.
InsecureMode bool: If true, bypass the Online Certificate Status Protocol (OCSP) certificate revocation check. IMPORTANT: Change the default value for testing or emergency situations only. Can also be sourced from the SNOWFLAKE_INSECURE_MODE environment variable.
JwtClientTimeout int: The timeout in seconds for the JWT client to complete the authentication. Can also be sourced from the SNOWFLAKE_JWT_CLIENT_TIMEOUT environment variable.
JwtExpireTimeout int: JWT expire after timeout in seconds. Can also be sourced from the SNOWFLAKE_JWT_EXPIRE_TIMEOUT environment variable.
KeepSessionAlive bool: Enables the session to persist even after the connection is closed. Can also be sourced from the SNOWFLAKE_KEEP_SESSION_ALIVE environment variable.
LoginTimeout int: Login retry timeout in seconds EXCLUDING network roundtrip and read out http response. Can also be sourced from the SNOWFLAKE_LOGIN_TIMEOUT environment variable.
MaxRetryCount int: Specifies how many times non-periodic HTTP request can be retried by the driver. Can also be sourced from the SNOWFLAKE_MAX_RETRY_COUNT environment variable.
OauthAuthorizationUrl string: Authorization URL of OAuth2 external IdP. See Snowflake OAuth documentation. Can also be sourced from the SNOWFLAKE_OAUTH_AUTHORIZATION_URL environment variable.
OauthClientId string: Client id for OAuth2 external IdP. See Snowflake OAuth documentation. Can also be sourced from the SNOWFLAKE_OAUTH_CLIENT_ID environment variable.
OauthClientSecret string: Client secret for OAuth2 external IdP. See Snowflake OAuth documentation. Can also be sourced from the SNOWFLAKE_OAUTH_CLIENT_SECRET environment variable.
OauthRedirectUri string: Redirect URI registered in IdP. See Snowflake OAuth documentation. Can also be sourced from the SNOWFLAKE_OAUTH_REDIRECT_URI environment variable.
OauthScope string: Comma separated list of scopes. If empty it is derived from role. See Snowflake OAuth documentation. Can also be sourced from the SNOWFLAKE_OAUTH_SCOPE environment variable.
OauthTokenRequestUrl string: Token request URL of OAuth2 external IdP. See Snowflake OAuth documentation. Can also be sourced from the SNOWFLAKE_OAUTH_TOKEN_REQUEST_URL environment variable.
OcspFailOpen string: True represents OCSP fail open mode. False represents OCSP fail closed mode. Fail open true by default. Can also be sourced from the SNOWFLAKE_OCSP_FAIL_OPEN environment variable.
OktaUrl string: The URL of the Okta server. e.g. https://example.okta.com. Okta URL host needs to to have a suffix okta.com. Read more in Snowflake docs. Can also be sourced from the SNOWFLAKE_OKTA_URL environment variable.
OrganizationName string: Specifies your Snowflake organization name assigned by Snowflake. For information about account identifiers, see the Snowflake documentation. Required unless using profile. Can also be sourced from the SNOWFLAKE_ORGANIZATION_NAME environment variable.
Params map[string]string: Sets other connection (i.e. session) parameters. Parameters. This field can not be set with environmental variables.
Passcode string: Specifies the passcode provided by Duo when using multi-factor authentication (MFA) for login. Can also be sourced from the SNOWFLAKE_PASSCODE environment variable.
PasscodeInPassword bool: False by default. Set to true if the MFA passcode is embedded to the configured password. Can also be sourced from the SNOWFLAKE_PASSCODE_IN_PASSWORD environment variable.
Password string: Password for user + password or token for PAT auth. Cannot be used with private_key and private_key_passphrase. Can also be sourced from the SNOWFLAKE_PASSWORD environment variable. It can also be sourced from the following environment variable: SNOWFLAKE_PASSWORD
Port int: Specifies a custom port value used by the driver for privatelink connections. Can also be sourced from the SNOWFLAKE_PORT environment variable. It can also be sourced from the following environment variable: SNOWFLAKE_PORT
PreviewFeaturesEnabled []string
PrivateKey string: Private Key for username+private-key auth. Cannot be used with password. Can also be sourced from the SNOWFLAKE_PRIVATE_KEY environment variable.
PrivateKeyPassphrase string: Supports the encryption ciphers aes-128-cbc, aes-128-gcm, aes-192-cbc, aes-192-gcm, aes-256-cbc, aes-256-gcm, and des-ede3-cbc. Can also be sourced from the SNOWFLAKE_PRIVATE_KEY_PASSPHRASE environment variable. It can also be sourced from the following environment variable: SNOWFLAKE_PRIVATE_KEY_PASSPHRASE
Profile string: Sets the profile to read from ~/.snowflake/config file. Can also be sourced from the SNOWFLAKE_PROFILE environment variable.
Protocol string: A protocol used in the connection. Valid options are: http | https. Can also be sourced from the SNOWFLAKE_PROTOCOL environment variable. It can also be sourced from the following environment variable: SNOWFLAKE_PROTOCOL
RequestTimeout int: request retry timeout in seconds EXCLUDING network roundtrip and read out http response. Can also be sourced from the SNOWFLAKE_REQUEST_TIMEOUT environment variable.
Role string: Specifies the role to use by default for accessing Snowflake objects in the client session. Can also be sourced from the SNOWFLAKE_ROLE environment variable. It can also be sourced from the following environment variable: SNOWFLAKE_ROLE
SkipTomlFilePermissionVerification bool: False by default. Skips TOML configuration file permission verification. This flag has no effect on Windows systems, as the permissions are not checked on this platform. Instead of skipping the permissions verification, we recommend setting the proper privileges - see the section below. Can also be sourced from the SNOWFLAKE_SKIP_TOML_FILE_PERMISSION_VERIFICATION environment variable.
TmpDirectoryPath string: Sets temporary directory used by the driver for operations like encrypting, compressing etc. Can also be sourced from the SNOWFLAKE_TMP_DIRECTORY_PATH environment variable.
Token string: Token to use for OAuth and other forms of token based auth. When this field is set here, or in the TOML file, the provider sets the authenticator to OAUTH. Optionally, set the authenticator field to the authenticator you want to use. Can also be sourced from the SNOWFLAKE_TOKEN environment variable.
TokenAccessor ProviderTokenAccessorArgs: If you are using the OAuth authentication flows, use the dedicated authenticator and oauth... fields instead. See our authentication methods guide for more information.
UseLegacyTomlFile bool: False by default. When this is set to true, the provider expects the legacy TOML format. Otherwise, it expects the new format. See more in the section below Can also be sourced from the SNOWFLAKE_USE_LEGACY_TOML_FILE environment variable.
User string: Username. Required unless using profile. Can also be sourced from the SNOWFLAKE_USER environment variable.
ValidateDefaultParameters string: True by default. If false, disables the validation checks for Database, Schema, Warehouse and Role at the time a connection is established. Can also be sourced from the SNOWFLAKE_VALIDATE_DEFAULT_PARAMETERS environment variable.
Warehouse string: Specifies the virtual warehouse to use by default for queries, loading, etc. in the client session. Can also be sourced from the SNOWFLAKE_WAREHOUSE environment variable. It can also be sourced from the following environment variable: SNOWFLAKE_WAREHOUSE
WorkloadIdentityEntraResource string: The resource to use for WIF authentication on Azure environment. Can also be sourced from the SNOWFLAKE_WORKLOAD_IDENTITY_ENTRA_RESOURCE environment variable.
WorkloadIdentityProvider string: The workload identity provider to use for WIF authentication. Can also be sourced from the SNOWFLAKE_WORKLOAD_IDENTITY_PROVIDER environment variable.

accountName String: Specifies your Snowflake account name assigned by Snowflake. For information about account identifiers, see the Snowflake documentation. Required unless using profile. Can also be sourced from the SNOWFLAKE_ACCOUNT_NAME environment variable.
authenticator String: Specifies the authentication type to use when connecting to Snowflake. Valid options are: SNOWFLAKE | OAUTH | EXTERNALBROWSER | OKTA | SNOWFLAKE_JWT | TOKENACCESSOR | USERNAMEPASSWORDMFA | PROGRAMMATIC_ACCESS_TOKEN | OAUTH_CLIENT_CREDENTIALS | OAUTH_AUTHORIZATION_CODE | WORKLOAD_IDENTITY. Can also be sourced from the SNOWFLAKE_AUTHENTICATOR environment variable.
clientIp String: IP address for network checks. Can also be sourced from the SNOWFLAKE_CLIENT_IP environment variable.
clientRequestMfaToken String: When true the MFA token is cached in the credential manager. True by default in Windows/OSX. False for Linux. Can also be sourced from the SNOWFLAKE_CLIENT_REQUEST_MFA_TOKEN environment variable.
clientStoreTemporaryCredential String: When true the ID token is cached in the credential manager. True by default in Windows/OSX. False for Linux. Can also be sourced from the SNOWFLAKE_CLIENT_STORE_TEMPORARY_CREDENTIAL environment variable.
clientTimeout Integer: The timeout in seconds for the client to complete the authentication. Can also be sourced from the SNOWFLAKE_CLIENT_TIMEOUT environment variable.
disableConsoleLogin String: Indicates whether console login should be disabled in the driver. Can also be sourced from the SNOWFLAKE_DISABLE_CONSOLE_LOGIN environment variable.
disableQueryContextCache Boolean: Disables HTAP query context cache in the driver. Can also be sourced from the SNOWFLAKE_DISABLE_QUERY_CONTEXT_CACHE environment variable.
disableTelemetry Boolean: Disables telemetry in the driver. Can also be sourced from the DISABLE_TELEMETRY environment variable.
driverTracing String: Specifies the logging level to be used by the driver. Valid options are: trace | debug | info | print | warning | error | fatal | panic. Can also be sourced from the SNOWFLAKE_DRIVER_TRACING environment variable.
enableSingleUseRefreshTokens Boolean: Enables single use refresh tokens for Snowflake IdP. Can also be sourced from the SNOWFLAKE_ENABLE_SINGLE_USE_REFRESH_TOKENS environment variable.
experimentalFeaturesEnableds List<String>: A list of experimental features. Similarly to preview features, they are not yet stable features of the provider. Enabling given experiment is still considered a preview feature, even when applied to the stable resource. These switches offer experiments altering the provider behavior. If the given experiment is successful, it can be considered an addition in the future provider versions. This field can not be set with environmental variables. Valid options are: WAREHOUSE_SHOW_IMPROVED_PERFORMANCE.
externalBrowserTimeout Integer: The timeout in seconds for the external browser to complete the authentication. Can also be sourced from the SNOWFLAKE_EXTERNAL_BROWSER_TIMEOUT environment variable.
host String: Specifies a custom host value used by the driver for privatelink connections. Can also be sourced from the SNOWFLAKE_HOST environment variable. It can also be sourced from the following environment variable: SNOWFLAKE_HOST
includeRetryReason String: Should retried request contain retry reason. Can also be sourced from the SNOWFLAKE_INCLUDE_RETRY_REASON environment variable.
insecureMode Boolean: If true, bypass the Online Certificate Status Protocol (OCSP) certificate revocation check. IMPORTANT: Change the default value for testing or emergency situations only. Can also be sourced from the SNOWFLAKE_INSECURE_MODE environment variable.
jwtClientTimeout Integer: The timeout in seconds for the JWT client to complete the authentication. Can also be sourced from the SNOWFLAKE_JWT_CLIENT_TIMEOUT environment variable.
jwtExpireTimeout Integer: JWT expire after timeout in seconds. Can also be sourced from the SNOWFLAKE_JWT_EXPIRE_TIMEOUT environment variable.
keepSessionAlive Boolean: Enables the session to persist even after the connection is closed. Can also be sourced from the SNOWFLAKE_KEEP_SESSION_ALIVE environment variable.
loginTimeout Integer: Login retry timeout in seconds EXCLUDING network roundtrip and read out http response. Can also be sourced from the SNOWFLAKE_LOGIN_TIMEOUT environment variable.
maxRetryCount Integer: Specifies how many times non-periodic HTTP request can be retried by the driver. Can also be sourced from the SNOWFLAKE_MAX_RETRY_COUNT environment variable.
oauthAuthorizationUrl String: Authorization URL of OAuth2 external IdP. See Snowflake OAuth documentation. Can also be sourced from the SNOWFLAKE_OAUTH_AUTHORIZATION_URL environment variable.
oauthClientId String: Client id for OAuth2 external IdP. See Snowflake OAuth documentation. Can also be sourced from the SNOWFLAKE_OAUTH_CLIENT_ID environment variable.
oauthClientSecret String: Client secret for OAuth2 external IdP. See Snowflake OAuth documentation. Can also be sourced from the SNOWFLAKE_OAUTH_CLIENT_SECRET environment variable.
oauthRedirectUri String: Redirect URI registered in IdP. See Snowflake OAuth documentation. Can also be sourced from the SNOWFLAKE_OAUTH_REDIRECT_URI environment variable.
oauthScope String: Comma separated list of scopes. If empty it is derived from role. See Snowflake OAuth documentation. Can also be sourced from the SNOWFLAKE_OAUTH_SCOPE environment variable.
oauthTokenRequestUrl String: Token request URL of OAuth2 external IdP. See Snowflake OAuth documentation. Can also be sourced from the SNOWFLAKE_OAUTH_TOKEN_REQUEST_URL environment variable.
ocspFailOpen String: True represents OCSP fail open mode. False represents OCSP fail closed mode. Fail open true by default. Can also be sourced from the SNOWFLAKE_OCSP_FAIL_OPEN environment variable.
oktaUrl String: The URL of the Okta server. e.g. https://example.okta.com. Okta URL host needs to to have a suffix okta.com. Read more in Snowflake docs. Can also be sourced from the SNOWFLAKE_OKTA_URL environment variable.
organizationName String: Specifies your Snowflake organization name assigned by Snowflake. For information about account identifiers, see the Snowflake documentation. Required unless using profile. Can also be sourced from the SNOWFLAKE_ORGANIZATION_NAME environment variable.
params Map<String,String>: Sets other connection (i.e. session) parameters. Parameters. This field can not be set with environmental variables.
passcode String: Specifies the passcode provided by Duo when using multi-factor authentication (MFA) for login. Can also be sourced from the SNOWFLAKE_PASSCODE environment variable.
passcodeInPassword Boolean: False by default. Set to true if the MFA passcode is embedded to the configured password. Can also be sourced from the SNOWFLAKE_PASSCODE_IN_PASSWORD environment variable.
password String: Password for user + password or token for PAT auth. Cannot be used with private_key and private_key_passphrase. Can also be sourced from the SNOWFLAKE_PASSWORD environment variable. It can also be sourced from the following environment variable: SNOWFLAKE_PASSWORD
port Integer: Specifies a custom port value used by the driver for privatelink connections. Can also be sourced from the SNOWFLAKE_PORT environment variable. It can also be sourced from the following environment variable: SNOWFLAKE_PORT
previewFeaturesEnabled List<String>
privateKey String: Private Key for username+private-key auth. Cannot be used with password. Can also be sourced from the SNOWFLAKE_PRIVATE_KEY environment variable.
privateKeyPassphrase String: Supports the encryption ciphers aes-128-cbc, aes-128-gcm, aes-192-cbc, aes-192-gcm, aes-256-cbc, aes-256-gcm, and des-ede3-cbc. Can also be sourced from the SNOWFLAKE_PRIVATE_KEY_PASSPHRASE environment variable. It can also be sourced from the following environment variable: SNOWFLAKE_PRIVATE_KEY_PASSPHRASE
profile String: Sets the profile to read from ~/.snowflake/config file. Can also be sourced from the SNOWFLAKE_PROFILE environment variable.
protocol String: A protocol used in the connection. Valid options are: http | https. Can also be sourced from the SNOWFLAKE_PROTOCOL environment variable. It can also be sourced from the following environment variable: SNOWFLAKE_PROTOCOL
requestTimeout Integer: request retry timeout in seconds EXCLUDING network roundtrip and read out http response. Can also be sourced from the SNOWFLAKE_REQUEST_TIMEOUT environment variable.
role String: Specifies the role to use by default for accessing Snowflake objects in the client session. Can also be sourced from the SNOWFLAKE_ROLE environment variable. It can also be sourced from the following environment variable: SNOWFLAKE_ROLE
skipTomlFilePermissionVerification Boolean: False by default. Skips TOML configuration file permission verification. This flag has no effect on Windows systems, as the permissions are not checked on this platform. Instead of skipping the permissions verification, we recommend setting the proper privileges - see the section below. Can also be sourced from the SNOWFLAKE_SKIP_TOML_FILE_PERMISSION_VERIFICATION environment variable.
tmpDirectoryPath String: Sets temporary directory used by the driver for operations like encrypting, compressing etc. Can also be sourced from the SNOWFLAKE_TMP_DIRECTORY_PATH environment variable.
token String: Token to use for OAuth and other forms of token based auth. When this field is set here, or in the TOML file, the provider sets the authenticator to OAUTH. Optionally, set the authenticator field to the authenticator you want to use. Can also be sourced from the SNOWFLAKE_TOKEN environment variable.
tokenAccessor ProviderTokenAccessor: If you are using the OAuth authentication flows, use the dedicated authenticator and oauth... fields instead. See our authentication methods guide for more information.
useLegacyTomlFile Boolean: False by default. When this is set to true, the provider expects the legacy TOML format. Otherwise, it expects the new format. See more in the section below Can also be sourced from the SNOWFLAKE_USE_LEGACY_TOML_FILE environment variable.
user String: Username. Required unless using profile. Can also be sourced from the SNOWFLAKE_USER environment variable.
validateDefaultParameters String: True by default. If false, disables the validation checks for Database, Schema, Warehouse and Role at the time a connection is established. Can also be sourced from the SNOWFLAKE_VALIDATE_DEFAULT_PARAMETERS environment variable.
warehouse String: Specifies the virtual warehouse to use by default for queries, loading, etc. in the client session. Can also be sourced from the SNOWFLAKE_WAREHOUSE environment variable. It can also be sourced from the following environment variable: SNOWFLAKE_WAREHOUSE
workloadIdentityEntraResource String: The resource to use for WIF authentication on Azure environment. Can also be sourced from the SNOWFLAKE_WORKLOAD_IDENTITY_ENTRA_RESOURCE environment variable.
workloadIdentityProvider String: The workload identity provider to use for WIF authentication. Can also be sourced from the SNOWFLAKE_WORKLOAD_IDENTITY_PROVIDER environment variable.

accountName string: Specifies your Snowflake account name assigned by Snowflake. For information about account identifiers, see the Snowflake documentation. Required unless using profile. Can also be sourced from the SNOWFLAKE_ACCOUNT_NAME environment variable.
authenticator string: Specifies the authentication type to use when connecting to Snowflake. Valid options are: SNOWFLAKE | OAUTH | EXTERNALBROWSER | OKTA | SNOWFLAKE_JWT | TOKENACCESSOR | USERNAMEPASSWORDMFA | PROGRAMMATIC_ACCESS_TOKEN | OAUTH_CLIENT_CREDENTIALS | OAUTH_AUTHORIZATION_CODE | WORKLOAD_IDENTITY. Can also be sourced from the SNOWFLAKE_AUTHENTICATOR environment variable.
clientIp string: IP address for network checks. Can also be sourced from the SNOWFLAKE_CLIENT_IP environment variable.
clientRequestMfaToken string: When true the MFA token is cached in the credential manager. True by default in Windows/OSX. False for Linux. Can also be sourced from the SNOWFLAKE_CLIENT_REQUEST_MFA_TOKEN environment variable.
clientStoreTemporaryCredential string: When true the ID token is cached in the credential manager. True by default in Windows/OSX. False for Linux. Can also be sourced from the SNOWFLAKE_CLIENT_STORE_TEMPORARY_CREDENTIAL environment variable.
clientTimeout number: The timeout in seconds for the client to complete the authentication. Can also be sourced from the SNOWFLAKE_CLIENT_TIMEOUT environment variable.
disableConsoleLogin string: Indicates whether console login should be disabled in the driver. Can also be sourced from the SNOWFLAKE_DISABLE_CONSOLE_LOGIN environment variable.
disableQueryContextCache boolean: Disables HTAP query context cache in the driver. Can also be sourced from the SNOWFLAKE_DISABLE_QUERY_CONTEXT_CACHE environment variable.
disableTelemetry boolean: Disables telemetry in the driver. Can also be sourced from the DISABLE_TELEMETRY environment variable.
driverTracing string: Specifies the logging level to be used by the driver. Valid options are: trace | debug | info | print | warning | error | fatal | panic. Can also be sourced from the SNOWFLAKE_DRIVER_TRACING environment variable.
enableSingleUseRefreshTokens boolean: Enables single use refresh tokens for Snowflake IdP. Can also be sourced from the SNOWFLAKE_ENABLE_SINGLE_USE_REFRESH_TOKENS environment variable.
experimentalFeaturesEnableds string[]: A list of experimental features. Similarly to preview features, they are not yet stable features of the provider. Enabling given experiment is still considered a preview feature, even when applied to the stable resource. These switches offer experiments altering the provider behavior. If the given experiment is successful, it can be considered an addition in the future provider versions. This field can not be set with environmental variables. Valid options are: WAREHOUSE_SHOW_IMPROVED_PERFORMANCE.
externalBrowserTimeout number: The timeout in seconds for the external browser to complete the authentication. Can also be sourced from the SNOWFLAKE_EXTERNAL_BROWSER_TIMEOUT environment variable.
host string: Specifies a custom host value used by the driver for privatelink connections. Can also be sourced from the SNOWFLAKE_HOST environment variable. It can also be sourced from the following environment variable: SNOWFLAKE_HOST
includeRetryReason string: Should retried request contain retry reason. Can also be sourced from the SNOWFLAKE_INCLUDE_RETRY_REASON environment variable.
insecureMode boolean: If true, bypass the Online Certificate Status Protocol (OCSP) certificate revocation check. IMPORTANT: Change the default value for testing or emergency situations only. Can also be sourced from the SNOWFLAKE_INSECURE_MODE environment variable.
jwtClientTimeout number: The timeout in seconds for the JWT client to complete the authentication. Can also be sourced from the SNOWFLAKE_JWT_CLIENT_TIMEOUT environment variable.
jwtExpireTimeout number: JWT expire after timeout in seconds. Can also be sourced from the SNOWFLAKE_JWT_EXPIRE_TIMEOUT environment variable.
keepSessionAlive boolean: Enables the session to persist even after the connection is closed. Can also be sourced from the SNOWFLAKE_KEEP_SESSION_ALIVE environment variable.
loginTimeout number: Login retry timeout in seconds EXCLUDING network roundtrip and read out http response. Can also be sourced from the SNOWFLAKE_LOGIN_TIMEOUT environment variable.
maxRetryCount number: Specifies how many times non-periodic HTTP request can be retried by the driver. Can also be sourced from the SNOWFLAKE_MAX_RETRY_COUNT environment variable.
oauthAuthorizationUrl string: Authorization URL of OAuth2 external IdP. See Snowflake OAuth documentation. Can also be sourced from the SNOWFLAKE_OAUTH_AUTHORIZATION_URL environment variable.
oauthClientId string: Client id for OAuth2 external IdP. See Snowflake OAuth documentation. Can also be sourced from the SNOWFLAKE_OAUTH_CLIENT_ID environment variable.
oauthClientSecret string: Client secret for OAuth2 external IdP. See Snowflake OAuth documentation. Can also be sourced from the SNOWFLAKE_OAUTH_CLIENT_SECRET environment variable.
oauthRedirectUri string: Redirect URI registered in IdP. See Snowflake OAuth documentation. Can also be sourced from the SNOWFLAKE_OAUTH_REDIRECT_URI environment variable.
oauthScope string: Comma separated list of scopes. If empty it is derived from role. See Snowflake OAuth documentation. Can also be sourced from the SNOWFLAKE_OAUTH_SCOPE environment variable.
oauthTokenRequestUrl string: Token request URL of OAuth2 external IdP. See Snowflake OAuth documentation. Can also be sourced from the SNOWFLAKE_OAUTH_TOKEN_REQUEST_URL environment variable.
ocspFailOpen string: True represents OCSP fail open mode. False represents OCSP fail closed mode. Fail open true by default. Can also be sourced from the SNOWFLAKE_OCSP_FAIL_OPEN environment variable.
oktaUrl string: The URL of the Okta server. e.g. https://example.okta.com. Okta URL host needs to to have a suffix okta.com. Read more in Snowflake docs. Can also be sourced from the SNOWFLAKE_OKTA_URL environment variable.
organizationName string: Specifies your Snowflake organization name assigned by Snowflake. For information about account identifiers, see the Snowflake documentation. Required unless using profile. Can also be sourced from the SNOWFLAKE_ORGANIZATION_NAME environment variable.
params {[key: string]: string}: Sets other connection (i.e. session) parameters. Parameters. This field can not be set with environmental variables.
passcode string: Specifies the passcode provided by Duo when using multi-factor authentication (MFA) for login. Can also be sourced from the SNOWFLAKE_PASSCODE environment variable.
passcodeInPassword boolean: False by default. Set to true if the MFA passcode is embedded to the configured password. Can also be sourced from the SNOWFLAKE_PASSCODE_IN_PASSWORD environment variable.
password string: Password for user + password or token for PAT auth. Cannot be used with private_key and private_key_passphrase. Can also be sourced from the SNOWFLAKE_PASSWORD environment variable. It can also be sourced from the following environment variable: SNOWFLAKE_PASSWORD
port number: Specifies a custom port value used by the driver for privatelink connections. Can also be sourced from the SNOWFLAKE_PORT environment variable. It can also be sourced from the following environment variable: SNOWFLAKE_PORT
previewFeaturesEnabled string[]
privateKey string: Private Key for username+private-key auth. Cannot be used with password. Can also be sourced from the SNOWFLAKE_PRIVATE_KEY environment variable.
privateKeyPassphrase string: Supports the encryption ciphers aes-128-cbc, aes-128-gcm, aes-192-cbc, aes-192-gcm, aes-256-cbc, aes-256-gcm, and des-ede3-cbc. Can also be sourced from the SNOWFLAKE_PRIVATE_KEY_PASSPHRASE environment variable. It can also be sourced from the following environment variable: SNOWFLAKE_PRIVATE_KEY_PASSPHRASE
profile string: Sets the profile to read from ~/.snowflake/config file. Can also be sourced from the SNOWFLAKE_PROFILE environment variable.
protocol string: A protocol used in the connection. Valid options are: http | https. Can also be sourced from the SNOWFLAKE_PROTOCOL environment variable. It can also be sourced from the following environment variable: SNOWFLAKE_PROTOCOL
requestTimeout number: request retry timeout in seconds EXCLUDING network roundtrip and read out http response. Can also be sourced from the SNOWFLAKE_REQUEST_TIMEOUT environment variable.
role string: Specifies the role to use by default for accessing Snowflake objects in the client session. Can also be sourced from the SNOWFLAKE_ROLE environment variable. It can also be sourced from the following environment variable: SNOWFLAKE_ROLE
skipTomlFilePermissionVerification boolean: False by default. Skips TOML configuration file permission verification. This flag has no effect on Windows systems, as the permissions are not checked on this platform. Instead of skipping the permissions verification, we recommend setting the proper privileges - see the section below. Can also be sourced from the SNOWFLAKE_SKIP_TOML_FILE_PERMISSION_VERIFICATION environment variable.
tmpDirectoryPath string: Sets temporary directory used by the driver for operations like encrypting, compressing etc. Can also be sourced from the SNOWFLAKE_TMP_DIRECTORY_PATH environment variable.
token string: Token to use for OAuth and other forms of token based auth. When this field is set here, or in the TOML file, the provider sets the authenticator to OAUTH. Optionally, set the authenticator field to the authenticator you want to use. Can also be sourced from the SNOWFLAKE_TOKEN environment variable.
tokenAccessor ProviderTokenAccessor: If you are using the OAuth authentication flows, use the dedicated authenticator and oauth... fields instead. See our authentication methods guide for more information.
useLegacyTomlFile boolean: False by default. When this is set to true, the provider expects the legacy TOML format. Otherwise, it expects the new format. See more in the section below Can also be sourced from the SNOWFLAKE_USE_LEGACY_TOML_FILE environment variable.
user string: Username. Required unless using profile. Can also be sourced from the SNOWFLAKE_USER environment variable.
validateDefaultParameters string: True by default. If false, disables the validation checks for Database, Schema, Warehouse and Role at the time a connection is established. Can also be sourced from the SNOWFLAKE_VALIDATE_DEFAULT_PARAMETERS environment variable.
warehouse string: Specifies the virtual warehouse to use by default for queries, loading, etc. in the client session. Can also be sourced from the SNOWFLAKE_WAREHOUSE environment variable. It can also be sourced from the following environment variable: SNOWFLAKE_WAREHOUSE
workloadIdentityEntraResource string: The resource to use for WIF authentication on Azure environment. Can also be sourced from the SNOWFLAKE_WORKLOAD_IDENTITY_ENTRA_RESOURCE environment variable.
workloadIdentityProvider string: The workload identity provider to use for WIF authentication. Can also be sourced from the SNOWFLAKE_WORKLOAD_IDENTITY_PROVIDER environment variable.

account_name str: Specifies your Snowflake account name assigned by Snowflake. For information about account identifiers, see the Snowflake documentation. Required unless using profile. Can also be sourced from the SNOWFLAKE_ACCOUNT_NAME environment variable.
authenticator str: Specifies the authentication type to use when connecting to Snowflake. Valid options are: SNOWFLAKE | OAUTH | EXTERNALBROWSER | OKTA | SNOWFLAKE_JWT | TOKENACCESSOR | USERNAMEPASSWORDMFA | PROGRAMMATIC_ACCESS_TOKEN | OAUTH_CLIENT_CREDENTIALS | OAUTH_AUTHORIZATION_CODE | WORKLOAD_IDENTITY. Can also be sourced from the SNOWFLAKE_AUTHENTICATOR environment variable.
client_ip str: IP address for network checks. Can also be sourced from the SNOWFLAKE_CLIENT_IP environment variable.
client_request_mfa_token str: When true the MFA token is cached in the credential manager. True by default in Windows/OSX. False for Linux. Can also be sourced from the SNOWFLAKE_CLIENT_REQUEST_MFA_TOKEN environment variable.
client_store_temporary_credential str: When true the ID token is cached in the credential manager. True by default in Windows/OSX. False for Linux. Can also be sourced from the SNOWFLAKE_CLIENT_STORE_TEMPORARY_CREDENTIAL environment variable.
client_timeout int: The timeout in seconds for the client to complete the authentication. Can also be sourced from the SNOWFLAKE_CLIENT_TIMEOUT environment variable.
disable_console_login str: Indicates whether console login should be disabled in the driver. Can also be sourced from the SNOWFLAKE_DISABLE_CONSOLE_LOGIN environment variable.
disable_query_context_cache bool: Disables HTAP query context cache in the driver. Can also be sourced from the SNOWFLAKE_DISABLE_QUERY_CONTEXT_CACHE environment variable.
disable_telemetry bool: Disables telemetry in the driver. Can also be sourced from the DISABLE_TELEMETRY environment variable.
driver_tracing str: Specifies the logging level to be used by the driver. Valid options are: trace | debug | info | print | warning | error | fatal | panic. Can also be sourced from the SNOWFLAKE_DRIVER_TRACING environment variable.
enable_single_use_refresh_tokens bool: Enables single use refresh tokens for Snowflake IdP. Can also be sourced from the SNOWFLAKE_ENABLE_SINGLE_USE_REFRESH_TOKENS environment variable.
experimental_features_enableds Sequence[str]: A list of experimental features. Similarly to preview features, they are not yet stable features of the provider. Enabling given experiment is still considered a preview feature, even when applied to the stable resource. These switches offer experiments altering the provider behavior. If the given experiment is successful, it can be considered an addition in the future provider versions. This field can not be set with environmental variables. Valid options are: WAREHOUSE_SHOW_IMPROVED_PERFORMANCE.
external_browser_timeout int: The timeout in seconds for the external browser to complete the authentication. Can also be sourced from the SNOWFLAKE_EXTERNAL_BROWSER_TIMEOUT environment variable.
host str: Specifies a custom host value used by the driver for privatelink connections. Can also be sourced from the SNOWFLAKE_HOST environment variable. It can also be sourced from the following environment variable: SNOWFLAKE_HOST
include_retry_reason str: Should retried request contain retry reason. Can also be sourced from the SNOWFLAKE_INCLUDE_RETRY_REASON environment variable.
insecure_mode bool: If true, bypass the Online Certificate Status Protocol (OCSP) certificate revocation check. IMPORTANT: Change the default value for testing or emergency situations only. Can also be sourced from the SNOWFLAKE_INSECURE_MODE environment variable.
jwt_client_timeout int: The timeout in seconds for the JWT client to complete the authentication. Can also be sourced from the SNOWFLAKE_JWT_CLIENT_TIMEOUT environment variable.
jwt_expire_timeout int: JWT expire after timeout in seconds. Can also be sourced from the SNOWFLAKE_JWT_EXPIRE_TIMEOUT environment variable.
keep_session_alive bool: Enables the session to persist even after the connection is closed. Can also be sourced from the SNOWFLAKE_KEEP_SESSION_ALIVE environment variable.
login_timeout int: Login retry timeout in seconds EXCLUDING network roundtrip and read out http response. Can also be sourced from the SNOWFLAKE_LOGIN_TIMEOUT environment variable.
max_retry_count int: Specifies how many times non-periodic HTTP request can be retried by the driver. Can also be sourced from the SNOWFLAKE_MAX_RETRY_COUNT environment variable.
oauth_authorization_url str: Authorization URL of OAuth2 external IdP. See Snowflake OAuth documentation. Can also be sourced from the SNOWFLAKE_OAUTH_AUTHORIZATION_URL environment variable.
oauth_client_id str: Client id for OAuth2 external IdP. See Snowflake OAuth documentation. Can also be sourced from the SNOWFLAKE_OAUTH_CLIENT_ID environment variable.
oauth_client_secret str: Client secret for OAuth2 external IdP. See Snowflake OAuth documentation. Can also be sourced from the SNOWFLAKE_OAUTH_CLIENT_SECRET environment variable.
oauth_redirect_uri str: Redirect URI registered in IdP. See Snowflake OAuth documentation. Can also be sourced from the SNOWFLAKE_OAUTH_REDIRECT_URI environment variable.
oauth_scope str: Comma separated list of scopes. If empty it is derived from role. See Snowflake OAuth documentation. Can also be sourced from the SNOWFLAKE_OAUTH_SCOPE environment variable.
oauth_token_request_url str: Token request URL of OAuth2 external IdP. See Snowflake OAuth documentation. Can also be sourced from the SNOWFLAKE_OAUTH_TOKEN_REQUEST_URL environment variable.
ocsp_fail_open str: True represents OCSP fail open mode. False represents OCSP fail closed mode. Fail open true by default. Can also be sourced from the SNOWFLAKE_OCSP_FAIL_OPEN environment variable.
okta_url str: The URL of the Okta server. e.g. https://example.okta.com. Okta URL host needs to to have a suffix okta.com. Read more in Snowflake docs. Can also be sourced from the SNOWFLAKE_OKTA_URL environment variable.
organization_name str: Specifies your Snowflake organization name assigned by Snowflake. For information about account identifiers, see the Snowflake documentation. Required unless using profile. Can also be sourced from the SNOWFLAKE_ORGANIZATION_NAME environment variable.
params Mapping[str, str]: Sets other connection (i.e. session) parameters. Parameters. This field can not be set with environmental variables.
passcode str: Specifies the passcode provided by Duo when using multi-factor authentication (MFA) for login. Can also be sourced from the SNOWFLAKE_PASSCODE environment variable.
passcode_in_password bool: False by default. Set to true if the MFA passcode is embedded to the configured password. Can also be sourced from the SNOWFLAKE_PASSCODE_IN_PASSWORD environment variable.
password str: Password for user + password or token for PAT auth. Cannot be used with private_key and private_key_passphrase. Can also be sourced from the SNOWFLAKE_PASSWORD environment variable. It can also be sourced from the following environment variable: SNOWFLAKE_PASSWORD
port int: Specifies a custom port value used by the driver for privatelink connections. Can also be sourced from the SNOWFLAKE_PORT environment variable. It can also be sourced from the following environment variable: SNOWFLAKE_PORT
preview_features_enabled Sequence[str]
private_key str: Private Key for username+private-key auth. Cannot be used with password. Can also be sourced from the SNOWFLAKE_PRIVATE_KEY environment variable.
private_key_passphrase str: Supports the encryption ciphers aes-128-cbc, aes-128-gcm, aes-192-cbc, aes-192-gcm, aes-256-cbc, aes-256-gcm, and des-ede3-cbc. Can also be sourced from the SNOWFLAKE_PRIVATE_KEY_PASSPHRASE environment variable. It can also be sourced from the following environment variable: SNOWFLAKE_PRIVATE_KEY_PASSPHRASE
profile str: Sets the profile to read from ~/.snowflake/config file. Can also be sourced from the SNOWFLAKE_PROFILE environment variable.
protocol str: A protocol used in the connection. Valid options are: http | https. Can also be sourced from the SNOWFLAKE_PROTOCOL environment variable. It can also be sourced from the following environment variable: SNOWFLAKE_PROTOCOL
request_timeout int: request retry timeout in seconds EXCLUDING network roundtrip and read out http response. Can also be sourced from the SNOWFLAKE_REQUEST_TIMEOUT environment variable.
role str: Specifies the role to use by default for accessing Snowflake objects in the client session. Can also be sourced from the SNOWFLAKE_ROLE environment variable. It can also be sourced from the following environment variable: SNOWFLAKE_ROLE
skip_toml_file_permission_verification bool: False by default. Skips TOML configuration file permission verification. This flag has no effect on Windows systems, as the permissions are not checked on this platform. Instead of skipping the permissions verification, we recommend setting the proper privileges - see the section below. Can also be sourced from the SNOWFLAKE_SKIP_TOML_FILE_PERMISSION_VERIFICATION environment variable.
tmp_directory_path str: Sets temporary directory used by the driver for operations like encrypting, compressing etc. Can also be sourced from the SNOWFLAKE_TMP_DIRECTORY_PATH environment variable.
token str: Token to use for OAuth and other forms of token based auth. When this field is set here, or in the TOML file, the provider sets the authenticator to OAUTH. Optionally, set the authenticator field to the authenticator you want to use. Can also be sourced from the SNOWFLAKE_TOKEN environment variable.
token_accessor ProviderTokenAccessorArgs: If you are using the OAuth authentication flows, use the dedicated authenticator and oauth... fields instead. See our authentication methods guide for more information.
use_legacy_toml_file bool: False by default. When this is set to true, the provider expects the legacy TOML format. Otherwise, it expects the new format. See more in the section below Can also be sourced from the SNOWFLAKE_USE_LEGACY_TOML_FILE environment variable.
user str: Username. Required unless using profile. Can also be sourced from the SNOWFLAKE_USER environment variable.
validate_default_parameters str: True by default. If false, disables the validation checks for Database, Schema, Warehouse and Role at the time a connection is established. Can also be sourced from the SNOWFLAKE_VALIDATE_DEFAULT_PARAMETERS environment variable.
warehouse str: Specifies the virtual warehouse to use by default for queries, loading, etc. in the client session. Can also be sourced from the SNOWFLAKE_WAREHOUSE environment variable. It can also be sourced from the following environment variable: SNOWFLAKE_WAREHOUSE
workload_identity_entra_resource str: The resource to use for WIF authentication on Azure environment. Can also be sourced from the SNOWFLAKE_WORKLOAD_IDENTITY_ENTRA_RESOURCE environment variable.
workload_identity_provider str: The workload identity provider to use for WIF authentication. Can also be sourced from the SNOWFLAKE_WORKLOAD_IDENTITY_PROVIDER environment variable.

accountName String: Specifies your Snowflake account name assigned by Snowflake. For information about account identifiers, see the Snowflake documentation. Required unless using profile. Can also be sourced from the SNOWFLAKE_ACCOUNT_NAME environment variable.
authenticator String: Specifies the authentication type to use when connecting to Snowflake. Valid options are: SNOWFLAKE | OAUTH | EXTERNALBROWSER | OKTA | SNOWFLAKE_JWT | TOKENACCESSOR | USERNAMEPASSWORDMFA | PROGRAMMATIC_ACCESS_TOKEN | OAUTH_CLIENT_CREDENTIALS | OAUTH_AUTHORIZATION_CODE | WORKLOAD_IDENTITY. Can also be sourced from the SNOWFLAKE_AUTHENTICATOR environment variable.
clientIp String: IP address for network checks. Can also be sourced from the SNOWFLAKE_CLIENT_IP environment variable.
clientRequestMfaToken String: When true the MFA token is cached in the credential manager. True by default in Windows/OSX. False for Linux. Can also be sourced from the SNOWFLAKE_CLIENT_REQUEST_MFA_TOKEN environment variable.
clientStoreTemporaryCredential String: When true the ID token is cached in the credential manager. True by default in Windows/OSX. False for Linux. Can also be sourced from the SNOWFLAKE_CLIENT_STORE_TEMPORARY_CREDENTIAL environment variable.
clientTimeout Number: The timeout in seconds for the client to complete the authentication. Can also be sourced from the SNOWFLAKE_CLIENT_TIMEOUT environment variable.
disableConsoleLogin String: Indicates whether console login should be disabled in the driver. Can also be sourced from the SNOWFLAKE_DISABLE_CONSOLE_LOGIN environment variable.
disableQueryContextCache Boolean: Disables HTAP query context cache in the driver. Can also be sourced from the SNOWFLAKE_DISABLE_QUERY_CONTEXT_CACHE environment variable.
disableTelemetry Boolean: Disables telemetry in the driver. Can also be sourced from the DISABLE_TELEMETRY environment variable.
driverTracing String: Specifies the logging level to be used by the driver. Valid options are: trace | debug | info | print | warning | error | fatal | panic. Can also be sourced from the SNOWFLAKE_DRIVER_TRACING environment variable.
enableSingleUseRefreshTokens Boolean: Enables single use refresh tokens for Snowflake IdP. Can also be sourced from the SNOWFLAKE_ENABLE_SINGLE_USE_REFRESH_TOKENS environment variable.
experimentalFeaturesEnableds List<String>: A list of experimental features. Similarly to preview features, they are not yet stable features of the provider. Enabling given experiment is still considered a preview feature, even when applied to the stable resource. These switches offer experiments altering the provider behavior. If the given experiment is successful, it can be considered an addition in the future provider versions. This field can not be set with environmental variables. Valid options are: WAREHOUSE_SHOW_IMPROVED_PERFORMANCE.
externalBrowserTimeout Number: The timeout in seconds for the external browser to complete the authentication. Can also be sourced from the SNOWFLAKE_EXTERNAL_BROWSER_TIMEOUT environment variable.
host String: Specifies a custom host value used by the driver for privatelink connections. Can also be sourced from the SNOWFLAKE_HOST environment variable. It can also be sourced from the following environment variable: SNOWFLAKE_HOST
includeRetryReason String: Should retried request contain retry reason. Can also be sourced from the SNOWFLAKE_INCLUDE_RETRY_REASON environment variable.
insecureMode Boolean: If true, bypass the Online Certificate Status Protocol (OCSP) certificate revocation check. IMPORTANT: Change the default value for testing or emergency situations only. Can also be sourced from the SNOWFLAKE_INSECURE_MODE environment variable.
jwtClientTimeout Number: The timeout in seconds for the JWT client to complete the authentication. Can also be sourced from the SNOWFLAKE_JWT_CLIENT_TIMEOUT environment variable.
jwtExpireTimeout Number: JWT expire after timeout in seconds. Can also be sourced from the SNOWFLAKE_JWT_EXPIRE_TIMEOUT environment variable.
keepSessionAlive Boolean: Enables the session to persist even after the connection is closed. Can also be sourced from the SNOWFLAKE_KEEP_SESSION_ALIVE environment variable.
loginTimeout Number: Login retry timeout in seconds EXCLUDING network roundtrip and read out http response. Can also be sourced from the SNOWFLAKE_LOGIN_TIMEOUT environment variable.
maxRetryCount Number: Specifies how many times non-periodic HTTP request can be retried by the driver. Can also be sourced from the SNOWFLAKE_MAX_RETRY_COUNT environment variable.
oauthAuthorizationUrl String: Authorization URL of OAuth2 external IdP. See Snowflake OAuth documentation. Can also be sourced from the SNOWFLAKE_OAUTH_AUTHORIZATION_URL environment variable.
oauthClientId String: Client id for OAuth2 external IdP. See Snowflake OAuth documentation. Can also be sourced from the SNOWFLAKE_OAUTH_CLIENT_ID environment variable.
oauthClientSecret String: Client secret for OAuth2 external IdP. See Snowflake OAuth documentation. Can also be sourced from the SNOWFLAKE_OAUTH_CLIENT_SECRET environment variable.
oauthRedirectUri String: Redirect URI registered in IdP. See Snowflake OAuth documentation. Can also be sourced from the SNOWFLAKE_OAUTH_REDIRECT_URI environment variable.
oauthScope String: Comma separated list of scopes. If empty it is derived from role. See Snowflake OAuth documentation. Can also be sourced from the SNOWFLAKE_OAUTH_SCOPE environment variable.
oauthTokenRequestUrl String: Token request URL of OAuth2 external IdP. See Snowflake OAuth documentation. Can also be sourced from the SNOWFLAKE_OAUTH_TOKEN_REQUEST_URL environment variable.
ocspFailOpen String: True represents OCSP fail open mode. False represents OCSP fail closed mode. Fail open true by default. Can also be sourced from the SNOWFLAKE_OCSP_FAIL_OPEN environment variable.
oktaUrl String: The URL of the Okta server. e.g. https://example.okta.com. Okta URL host needs to to have a suffix okta.com. Read more in Snowflake docs. Can also be sourced from the SNOWFLAKE_OKTA_URL environment variable.
organizationName String: Specifies your Snowflake organization name assigned by Snowflake. For information about account identifiers, see the Snowflake documentation. Required unless using profile. Can also be sourced from the SNOWFLAKE_ORGANIZATION_NAME environment variable.
params Map<String>: Sets other connection (i.e. session) parameters. Parameters. This field can not be set with environmental variables.
passcode String: Specifies the passcode provided by Duo when using multi-factor authentication (MFA) for login. Can also be sourced from the SNOWFLAKE_PASSCODE environment variable.
passcodeInPassword Boolean: False by default. Set to true if the MFA passcode is embedded to the configured password. Can also be sourced from the SNOWFLAKE_PASSCODE_IN_PASSWORD environment variable.
password String: Password for user + password or token for PAT auth. Cannot be used with private_key and private_key_passphrase. Can also be sourced from the SNOWFLAKE_PASSWORD environment variable. It can also be sourced from the following environment variable: SNOWFLAKE_PASSWORD
port Number: Specifies a custom port value used by the driver for privatelink connections. Can also be sourced from the SNOWFLAKE_PORT environment variable. It can also be sourced from the following environment variable: SNOWFLAKE_PORT
previewFeaturesEnabled List<String>
privateKey String: Private Key for username+private-key auth. Cannot be used with password. Can also be sourced from the SNOWFLAKE_PRIVATE_KEY environment variable.
privateKeyPassphrase String: Supports the encryption ciphers aes-128-cbc, aes-128-gcm, aes-192-cbc, aes-192-gcm, aes-256-cbc, aes-256-gcm, and des-ede3-cbc. Can also be sourced from the SNOWFLAKE_PRIVATE_KEY_PASSPHRASE environment variable. It can also be sourced from the following environment variable: SNOWFLAKE_PRIVATE_KEY_PASSPHRASE
profile String: Sets the profile to read from ~/.snowflake/config file. Can also be sourced from the SNOWFLAKE_PROFILE environment variable.
protocol String: A protocol used in the connection. Valid options are: http | https. Can also be sourced from the SNOWFLAKE_PROTOCOL environment variable. It can also be sourced from the following environment variable: SNOWFLAKE_PROTOCOL
requestTimeout Number: request retry timeout in seconds EXCLUDING network roundtrip and read out http response. Can also be sourced from the SNOWFLAKE_REQUEST_TIMEOUT environment variable.
role String: Specifies the role to use by default for accessing Snowflake objects in the client session. Can also be sourced from the SNOWFLAKE_ROLE environment variable. It can also be sourced from the following environment variable: SNOWFLAKE_ROLE
skipTomlFilePermissionVerification Boolean: False by default. Skips TOML configuration file permission verification. This flag has no effect on Windows systems, as the permissions are not checked on this platform. Instead of skipping the permissions verification, we recommend setting the proper privileges - see the section below. Can also be sourced from the SNOWFLAKE_SKIP_TOML_FILE_PERMISSION_VERIFICATION environment variable.
tmpDirectoryPath String: Sets temporary directory used by the driver for operations like encrypting, compressing etc. Can also be sourced from the SNOWFLAKE_TMP_DIRECTORY_PATH environment variable.
token String: Token to use for OAuth and other forms of token based auth. When this field is set here, or in the TOML file, the provider sets the authenticator to OAUTH. Optionally, set the authenticator field to the authenticator you want to use. Can also be sourced from the SNOWFLAKE_TOKEN environment variable.
tokenAccessor Property Map: If you are using the OAuth authentication flows, use the dedicated authenticator and oauth... fields instead. See our authentication methods guide for more information.
useLegacyTomlFile Boolean: False by default. When this is set to true, the provider expects the legacy TOML format. Otherwise, it expects the new format. See more in the section below Can also be sourced from the SNOWFLAKE_USE_LEGACY_TOML_FILE environment variable.
user String: Username. Required unless using profile. Can also be sourced from the SNOWFLAKE_USER environment variable.
validateDefaultParameters String: True by default. If false, disables the validation checks for Database, Schema, Warehouse and Role at the time a connection is established. Can also be sourced from the SNOWFLAKE_VALIDATE_DEFAULT_PARAMETERS environment variable.
warehouse String: Specifies the virtual warehouse to use by default for queries, loading, etc. in the client session. Can also be sourced from the SNOWFLAKE_WAREHOUSE environment variable. It can also be sourced from the following environment variable: SNOWFLAKE_WAREHOUSE
workloadIdentityEntraResource String: The resource to use for WIF authentication on Azure environment. Can also be sourced from the SNOWFLAKE_WORKLOAD_IDENTITY_ENTRA_RESOURCE environment variable.
workloadIdentityProvider String: The workload identity provider to use for WIF authentication. Can also be sourced from the SNOWFLAKE_WORKLOAD_IDENTITY_PROVIDER environment variable.

Outputs

All input properties are implicitly available as output properties. Additionally, the Provider resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Provider Resource Methods

TerraformConfig Method

This function returns a Terraform config object with terraform-namecased keys,to be used with the Terraform Module Provider.

Using TerraformConfig

terraformConfig(): Output<Provider.TerraformConfigResult>

def terraform_config() -> Output[Provider.Terraform_configResult]

func (r *Provider) TerraformConfig() (ProviderTerraformConfigResultOutput, error)

public Output<Provider.TerraformConfigResult> TerraformConfig()

TerraformConfig Result

Result Dictionary<string, object>

Result map[string]interface{}

result Map<String,Object>

result {[key: string]: any}

result Mapping[str, Any]

result Map<Any>

Supporting Types

ProviderTokenAccessor, ProviderTokenAccessorArgs

ClientId string: The client ID for the OAuth provider when using a refresh token to renew access token. Can also be sourced from the SNOWFLAKE_TOKEN_ACCESSOR_CLIENT_ID environment variable.
ClientSecret string: The client secret for the OAuth provider when using a refresh token to renew access token. Can also be sourced from the SNOWFLAKE_TOKEN_ACCESSOR_CLIENT_SECRET environment variable.
RedirectUri string: The redirect URI for the OAuth provider when using a refresh token to renew access token. Can also be sourced from the SNOWFLAKE_TOKEN_ACCESSOR_REDIRECT_URI environment variable.
RefreshToken string: The refresh token for the OAuth provider when using a refresh token to renew access token. Can also be sourced from the SNOWFLAKE_TOKEN_ACCESSOR_REFRESH_TOKEN environment variable.
TokenEndpoint string: The token endpoint for the OAuth provider e.g. https://{yourDomain}/oauth/token when using a refresh token to renew access token. Can also be sourced from the SNOWFLAKE_TOKEN_ACCESSOR_TOKEN_ENDPOINT environment variable.

ClientId string: The client ID for the OAuth provider when using a refresh token to renew access token. Can also be sourced from the SNOWFLAKE_TOKEN_ACCESSOR_CLIENT_ID environment variable.
ClientSecret string: The client secret for the OAuth provider when using a refresh token to renew access token. Can also be sourced from the SNOWFLAKE_TOKEN_ACCESSOR_CLIENT_SECRET environment variable.
RedirectUri string: The redirect URI for the OAuth provider when using a refresh token to renew access token. Can also be sourced from the SNOWFLAKE_TOKEN_ACCESSOR_REDIRECT_URI environment variable.
RefreshToken string: The refresh token for the OAuth provider when using a refresh token to renew access token. Can also be sourced from the SNOWFLAKE_TOKEN_ACCESSOR_REFRESH_TOKEN environment variable.
TokenEndpoint string: The token endpoint for the OAuth provider e.g. https://{yourDomain}/oauth/token when using a refresh token to renew access token. Can also be sourced from the SNOWFLAKE_TOKEN_ACCESSOR_TOKEN_ENDPOINT environment variable.

clientId String: The client ID for the OAuth provider when using a refresh token to renew access token. Can also be sourced from the SNOWFLAKE_TOKEN_ACCESSOR_CLIENT_ID environment variable.
clientSecret String: The client secret for the OAuth provider when using a refresh token to renew access token. Can also be sourced from the SNOWFLAKE_TOKEN_ACCESSOR_CLIENT_SECRET environment variable.
redirectUri String: The redirect URI for the OAuth provider when using a refresh token to renew access token. Can also be sourced from the SNOWFLAKE_TOKEN_ACCESSOR_REDIRECT_URI environment variable.
refreshToken String: The refresh token for the OAuth provider when using a refresh token to renew access token. Can also be sourced from the SNOWFLAKE_TOKEN_ACCESSOR_REFRESH_TOKEN environment variable.
tokenEndpoint String: The token endpoint for the OAuth provider e.g. https://{yourDomain}/oauth/token when using a refresh token to renew access token. Can also be sourced from the SNOWFLAKE_TOKEN_ACCESSOR_TOKEN_ENDPOINT environment variable.

clientId string: The client ID for the OAuth provider when using a refresh token to renew access token. Can also be sourced from the SNOWFLAKE_TOKEN_ACCESSOR_CLIENT_ID environment variable.
clientSecret string: The client secret for the OAuth provider when using a refresh token to renew access token. Can also be sourced from the SNOWFLAKE_TOKEN_ACCESSOR_CLIENT_SECRET environment variable.
redirectUri string: The redirect URI for the OAuth provider when using a refresh token to renew access token. Can also be sourced from the SNOWFLAKE_TOKEN_ACCESSOR_REDIRECT_URI environment variable.
refreshToken string: The refresh token for the OAuth provider when using a refresh token to renew access token. Can also be sourced from the SNOWFLAKE_TOKEN_ACCESSOR_REFRESH_TOKEN environment variable.
tokenEndpoint string: The token endpoint for the OAuth provider e.g. https://{yourDomain}/oauth/token when using a refresh token to renew access token. Can also be sourced from the SNOWFLAKE_TOKEN_ACCESSOR_TOKEN_ENDPOINT environment variable.

client_id str: The client ID for the OAuth provider when using a refresh token to renew access token. Can also be sourced from the SNOWFLAKE_TOKEN_ACCESSOR_CLIENT_ID environment variable.
client_secret str: The client secret for the OAuth provider when using a refresh token to renew access token. Can also be sourced from the SNOWFLAKE_TOKEN_ACCESSOR_CLIENT_SECRET environment variable.
redirect_uri str: The redirect URI for the OAuth provider when using a refresh token to renew access token. Can also be sourced from the SNOWFLAKE_TOKEN_ACCESSOR_REDIRECT_URI environment variable.
refresh_token str: The refresh token for the OAuth provider when using a refresh token to renew access token. Can also be sourced from the SNOWFLAKE_TOKEN_ACCESSOR_REFRESH_TOKEN environment variable.
token_endpoint str: The token endpoint for the OAuth provider e.g. https://{yourDomain}/oauth/token when using a refresh token to renew access token. Can also be sourced from the SNOWFLAKE_TOKEN_ACCESSOR_TOKEN_ENDPOINT environment variable.

clientId String: The client ID for the OAuth provider when using a refresh token to renew access token. Can also be sourced from the SNOWFLAKE_TOKEN_ACCESSOR_CLIENT_ID environment variable.
clientSecret String: The client secret for the OAuth provider when using a refresh token to renew access token. Can also be sourced from the SNOWFLAKE_TOKEN_ACCESSOR_CLIENT_SECRET environment variable.
redirectUri String: The redirect URI for the OAuth provider when using a refresh token to renew access token. Can also be sourced from the SNOWFLAKE_TOKEN_ACCESSOR_REDIRECT_URI environment variable.
refreshToken String: The refresh token for the OAuth provider when using a refresh token to renew access token. Can also be sourced from the SNOWFLAKE_TOKEN_ACCESSOR_REFRESH_TOKEN environment variable.
tokenEndpoint String: The token endpoint for the OAuth provider e.g. https://{yourDomain}/oauth/token when using a refresh token to renew access token. Can also be sourced from the SNOWFLAKE_TOKEN_ACCESSOR_TOKEN_ENDPOINT environment variable.

Package Details

Repository: Snowflake pulumi/pulumi-snowflake
License: Apache-2.0
Notes: This Pulumi package is based on the snowflake Terraform Provider.

Snowflake v2.9.0 published on Saturday, Nov 1, 2025 by Pulumi

pulumi/pulumi-snowflake

snowflake.Provider

On this page

On this page

Create Provider Resource

Constructor syntax

Parameters

Provider Resource Properties

Inputs

Outputs

Provider Resource Methods

TerraformConfig Method

Using TerraformConfig

TerraformConfig Result

Supporting Types

ProviderTokenAccessor, ProviderTokenAccessorArgs

Package Details

On this page

On this page