Documentation

Sparvi Cloud Database Connections

This guide covers how to connect your databases to Sparvi Cloud and configure authentication for secure access.

Supported Databases

Sparvi Cloud provides native, optimized integrations with:

  • Snowflake, Username/password and key-pair authentication
  • BigQuery, Service account authentication, project and dataset scoping
  • dbt Core, Manifest parsing to map models, sources, and tests into Sparvi

Redshift and dbt Cloud are coming in H2 2026.

Snowflake Integration

Sparvi Cloud offers two authentication methods for Snowflake:

Username/Password Authentication (Recommended)

Standard username and password authentication for Snowflake connections.

Setup Steps:

  1. In Sparvi Cloud: Navigate to Connections → Add New Connection → Snowflake
  2. Choose Username/Password: Select standard authentication
  3. Configure Connection: Provide your Snowflake connection details:
    • Account identifier (e.g., xy12345.us-east-1)
    • Username
    • Password
    • Database name
    • Schema name (default: PUBLIC)
    • Warehouse name
  4. Test Connection: Verify the connection works correctly

Benefits:

  • Simple setup process
  • Works with existing Snowflake accounts
  • No additional configuration required
  • Compatible with all Snowflake deployments

Key-Pair Authentication

For environments where password authentication isn't preferred, Sparvi Cloud supports Snowflake key-pair authentication.

Setup Steps:

  1. Generate Key Pair: Create RSA private/public key pair
  2. Configure Snowflake User: Add public key to your Snowflake user account
  3. In Sparvi Cloud: Choose "Key-Pair Authentication" option
  4. Upload Private Key: Securely upload your private key file
  5. Configure Connection: Provide connection details and user information
  6. Test Connection: Verify authentication works

Security Notes:

  • Private keys are encrypted at rest
  • Keys are never logged or exposed
  • Follows Snowflake security best practices
  • Supports key rotation

Required Snowflake Permissions

For both authentication methods, your Snowflake user needs these minimum permissions:

-- Database and schema access
GRANT USAGE ON DATABASE <database_name> TO ROLE <role_name>;
GRANT USAGE ON SCHEMA <database_name>.<schema_name> TO ROLE <role_name>;

-- Table access (for all tables you want to monitor)
GRANT SELECT ON ALL TABLES IN SCHEMA <database_name>.<schema_name> TO ROLE <role_name>;
GRANT SELECT ON FUTURE TABLES IN SCHEMA <database_name>.<schema_name> TO ROLE <role_name>;

-- Information schema access (for metadata discovery)
GRANT USAGE ON DATABASE INFORMATION_SCHEMA TO ROLE <role_name>;

-- Warehouse usage
GRANT USAGE ON WAREHOUSE <warehouse_name> TO ROLE <role_name>;

Connection Security

Encryption at Rest

  • All connection credentials are encrypted using AES-256 encryption
  • Encryption keys are managed separately from data
  • Regular key rotation following security best practices

Encryption in Transit

  • All database connections use SSL/TLS encryption
  • Certificate verification enabled by default
  • Support for custom certificates and CA bundles

Access Controls

  • Connection access controlled by organization membership
  • Role-based permissions for connection management
  • Audit logging for all connection-related activities

Network Security

  • Support for IP whitelisting
  • VPC peering available for enterprise customers
  • Private endpoint connections (coming soon)

Connection Management

Testing Connections

Before saving, Sparvi Cloud tests each connection:

  • Verifies authentication credentials
  • Checks database permissions
  • Tests sample queries
  • Validates SSL configuration

Connection Health Monitoring

  • Automatic connection health checks
  • Alerts when connections become unavailable
  • Connection performance monitoring
  • Historical uptime tracking

Credential Management

  • Secure credential storage with encryption
  • Support for credential rotation
  • Integration with external secret managers (enterprise)
  • Audit trail for credential changes

Troubleshooting

Common Snowflake Issues

Username/Password Authentication Failed

  • Double-check username and password are correct
  • Verify your Snowflake account identifier format
  • Ensure user account is not locked or suspended
  • Check that user has permission to use the warehouse

Key-Pair Authentication Failed

  • Verify private key format (PKCS#8 or PKCS#1)
  • Check that public key is correctly associated with user
  • Ensure user account is not locked or suspended
  • Verify role assignments and permissions

Connection Timeout

  • Check network connectivity to Snowflake
  • Verify warehouse is available and running
  • Consider firewall and proxy configurations
  • Try connecting from Snowflake web interface

Best Practices

Security

  • Always use SSL/TLS encryption for production connections
  • Implement least-privilege access principles
  • Regular credential rotation (quarterly recommended)
  • Monitor connection access logs
  • Use key-pair authentication for enhanced security (Snowflake)

Performance

  • Choose appropriate Snowflake warehouse sizes
  • Configure connection pooling settings
  • Monitor query performance and resource usage
  • Use efficient sampling strategies for large tables
  • Schedule resource-intensive operations during off-peak hours

Monitoring

  • Set up connection health alerts
  • Monitor data freshness and availability
  • Track query performance metrics
  • Review access patterns and usage
  • Regular permission audits

Enterprise Features

Advanced Authentication

  • Single Sign-On (SSO) integration (coming soon)
  • LDAP/Active Directory integration
  • Multi-factor authentication enforcement
  • Custom authentication providers

Network Security

  • VPC peering for private connections
  • IP whitelisting and access controls
  • Private endpoints and service connections
  • Custom DNS and network routing

Compliance

  • SOC 2 Type II certification
  • GDPR compliance features
  • Data residency options
  • Audit logging and reporting

Next Steps

  1. Connect Your Database: Start with our connection wizard
  2. Verify Permissions: Ensure your database user has required access
  3. Test Data Discovery: Run initial metadata discovery
  4. Set Up Monitoring: Configure validation rules and create monitors (ML or threshold, segmented when useful) on the metrics that matter
  5. Invite Team Members: Add colleagues and configure roles

Need help connecting your database? Contact our support team for personalized assistance.