Inventory users, roles, and role grants from Snowflake using key-pair JWT authentication.
Source connector — pulls identity and access data from Snowflake into ComplianceScout where it is scored against your compliance frameworks and violation rules.
After a successful sync, the following data is available in your ComplianceScout dashboard for violation detection and reporting.
These fields are collected when you add the connector in the ComplianceScout dashboard. Secrets are encrypted at rest using AES-256-GCM and are never logged.
| Field | Type | Required | Notes |
|---|---|---|---|
| Account identifier | Text | Required | Org-account format: MYORG-MYACCOUNT (no .snowflakecomputing.com). |
| Username | Text | Required | Snowflake user with SECURITYADMIN or SYSADMIN role to read users and grants. |
| RSA private key (PEM) | Secret | Required | Full content of the RSA private key PEM file, including BEGIN/END headers. |
| Private key passphrase | Secret | Optional | Passphrase if the key is encrypted. Leave blank for unencrypted keys. |
Follow these steps to gather the credentials above and connect Snowflake to ComplianceScout.
Generate an RSA key pair: openssl genrsa -out rsa_key.pem 2048; openssl rsa -in rsa_key.pem -pubout -out rsa_key.pub
In Snowflake, assign the public key to your service user: ALTER USER compliancescout SET RSA_PUBLIC_KEY='<contents of rsa_key.pub without headers>'
Grant the user SECURITYADMIN or a custom role with SHOW USERS, SHOW ROLES, and SHOW GRANTS privileges.
Find your account identifier in Snowflake → Admin → Accounts (format: ORGNAME-ACCOUNTNAME).
In ComplianceScout, go to Data & Secrets → Integrations → Add Connector → Snowflake and enter the account identifier, username, and private key PEM content.
Start a free trial — your tenant is provisioned instantly and you can wire up this integration from the connectors page.