Skip to content

Snowflake Credentials

Service Name: Snowflake

Service Description: Snowflake is a cloud-based data warehousing platform that provides a solution for data storage, processing, and analytic solutions. It separates compute from storage, allowing users to scale resources independently.

Service Address: https://www.snowflake.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the network policy level in Snowflake to control access to Snowflake accounts.

Secret Access Scope: Grants access to Snowflake data warehouses, databases, schemas, and tables based on the user's role permissions.

Secret Revokement URL: https://docs.snowflake.com/en/user-guide/admin-user-management.html#resetting-a-password-for-another-user

Secret Example: username:password@account.snowflakecomputing.com/database

Suspicious Activity Investigation Instructions:

  • Review Snowflake's account usage views to identify unusual query patterns or data access
  • Check login history for unusual access times or locations using SNOWFLAKE.ACCOUNT_USAGE.LOGIN_HISTORY
  • Monitor for large data exports or unusual warehouse usage patterns
  • Review query history for unauthorized data access attempts
  • Check for changes to user roles or permissions

Mitigation Instructions:

  • Immediately reset the compromised user's password in the Snowflake console

  • Revoke and rotate any OAuth tokens or keys associated with the account

  • Review and adjust the user's role permissions to limit access if needed
  • Enable multi-factor authentication for the affected user account
  • Update network policies to restrict access to trusted IP addresses
  • Review warehouse usage limits to prevent resource abuse
  • Consider implementing Snowflake's column-level security for sensitive data
  • Enable Snowflake's access history tracking for better auditing capabilities