> ## Documentation Index
> Fetch the complete documentation index at: https://docs.elementary-data.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Connect to Snowflake

This guide contains the necessary steps to connect a Snowflake environment to your Elementary account.

### Create a user for Elementary cloud

* Please create a Snowflake key-pair (private and public key) using [this](https://docs.snowflake.com/en/user-guide/key-pair-auth#configuring-key-pair-authentication) guide.

* Using the public key generated in the previous step, please run the following in your dbt project folder:

```bash theme={null}
## Store the public key in an environment variable
export SNOWFLAKE_PUBLIC_KEY="<public key>"

## Print the query you should run to generate a user
dbt run-operation create_elementary_user --args "{'public_key': '$SNOWFLAKE_PUBLIC_KEY'}"
```

This command will generate a query to create a user with the necessary permissions. Run this query on your data warehouse with **admin permissions** to create the user.

#### Permissions and security

Elementary cloud doesn't require read permissions to your tables and schemas, but only the following:

* Read-only access to the elementary schema.
* Access to read metadata in information schema and query history, related to the tables in your dbt project.

It is recommended to create a user using the instructions specified above to avoid granting excess privileges.
For more details, refer to [security and privacy](/cloud/general/security-and-privacy).

### Fill the connection form

Provide the following fields:

* **Account**: Find your account by using the Snowflake account URL and removing `snowflakecomputing.com`. e.g. `example.us-east-1`. For more information, see [Account Identifiers](https://docs.snowflake.com/en/user-guide/admin-account-identifier.html) in the Snowflake docs.
* **Database name**: The name of the database where your Elementary schema exist. e.g. `analytics`.
* **Warehouse**: e.g. `ELEMENTARY_WAREHOUSE`.
* **Elementary schema**: The name of your Elementary schema. Usually `[schema name]_elementary`.
* **Role (optional)**: e.g. `ELEMENTARY_ROLE`.

Elementary Cloud supports the following authentication methods:

* **Key pair** (Recommended):
  * User: The user created for Elementary.
  * Private key: The private key you generated for Elementary. For more information, see [Generate Private Key](https://docs.snowflake.com/en/user-guide/key-pair-auth#configuring-key-pair-authentication) in the Snowflake docs.
  * Private key passphrase (optional)
* **User password** (Deprecated, not recommended):
  * User: The user created for Elementary.
  * Password: The password you set when creating your Snowflake account.

<Warning>
  Snowflake are in the process of deprecating single-factor username & password authentication for all human users. As a result, while still supported,
  we recommend configuring the user in advance using key-pair authentication rather than username & password, and configuring the user as TYPE=SERVICE
  (this is automatically handled in the user creation macro above).

  See [here](https://docs.snowflake.com/en/user-guide/security-mfa-rollout) for more information regarding this change.
</Warning>

### Add the Elementary IP to allowlist

If you use network policies to restrict access, run this query on your data warehouse with **admin permissions**:

```sql theme={null}
CREATE NETWORK POLICY ELEMENTARY_CLOUD
	ALLOWED_IP_LIST=('3.126.156.226')
	BLOCKED_IP_LIST=()
COMMENT='IP used by Elementary Cloud to sync the Elementary schema';
```

After creating a network policy you would need to activate it. To activate a network policy for the elementary user simply run the following command -

```sql theme={null}
ALTER USER <user_name> SET NETWORK_POLICY = ELEMENTARY_CLOUD;
```

### Need help with onboarding?

We can provide [support on Slack](https://elementary-data.com/community) or hop on an [onboarding call](https://savvycal.com/MaayanSa/df29881c).