Key-pair auth or password?

Key-pair is supported and recommended for production accounts — set SNOWFLAKE_PRIVATE_KEY_PATH instead of SNOWFLAKE_PASSWORD. Most teams keep password auth only for the staging-account MCP used by an agent.

Does it pick the WAREHOUSE per query?

No — the WAREHOUSE is fixed at connect time. Create a dedicated XS warehouse (e.g. XS_AGENT_WH) with a resource monitor so the agent cannot accidentally scale up a production warehouse.

Default tool set is SELECT-only. The role you connect with should also be SELECT-only as defence in depth; the MCP cannot enforce what the SQL actually does.

Does it support OAuth or external browser auth?

External browser auth is not exposed because MCP servers are non-interactive. Use key-pair auth for service-style identities.

Snowflake

Name: Top MCPs — curated MCP directory
Creator: Top MCPs
License: https://creativecommons.org/licenses/by/4.0/

Inspect schemas and run SQL against a Snowflake account from an AI agent.

Score 57(?)CommunityMIT 183Verified Jun 2, 2026Top MCPs for Databases →

Install View on GitHub

Quick answer

What it does

Connects to a Snowflake account and exposes database/schema/table enumeration, column metadata, and SELECT execution to AI models.

Best for

Schema discovery
Analytical query drafting
Cross-database joins inside one account
Information schema audits

Not for

Write-heavy DML from an LLM
Cost-sensitive workloads without a per-user resource monitor

Setup recipe

Pick your client, then follow the three steps.

Install

claude_desktop_config.jsonjson

{
  "mcpServers": {
    "snowflake": {
      "command": "uvx",
      "args": [
        "mcp-snowflake-server"
      ],
      "env": {
        "SNOWFLAKE_ACCOUNT": "${SNOWFLAKE_ACCOUNT}",
        "SNOWFLAKE_USER": "${SNOWFLAKE_USER}",
        "SNOWFLAKE_PASSWORD": "${SNOWFLAKE_PASSWORD}",
        "SNOWFLAKE_ROLE": "${SNOWFLAKE_ROLE}",
        "SNOWFLAKE_WAREHOUSE": "${SNOWFLAKE_WAREHOUSE}",
        "SNOWFLAKE_DATABASE": "${SNOWFLAKE_DATABASE}"
      }
    }
  }
}

Paste under mcpServers. Fully quit and reopen Claude after editing.

CLI or .mcp.jsonshell

# export SNOWFLAKE_ACCOUNT=xy12345.us-east-1
# export SNOWFLAKE_USER=reader
# export SNOWFLAKE_PASSWORD=changeme
# export SNOWFLAKE_ROLE=READER_ROLE
# export SNOWFLAKE_WAREHOUSE=XS_AGENT_WH
# export SNOWFLAKE_DATABASE=ANALYTICS
claude mcp add snowflake -- uvx mcp-snowflake-server

Run from your repo. Commit .mcp.json to share with your team.

.cursor/mcp.jsonjson

{
  "mcpServers": {
    "snowflake": {
      "command": "uvx",
      "args": [
        "mcp-snowflake-server"
      ],
      "env": {
        "SNOWFLAKE_ACCOUNT": "${SNOWFLAKE_ACCOUNT}",
        "SNOWFLAKE_USER": "${SNOWFLAKE_USER}",
        "SNOWFLAKE_PASSWORD": "${SNOWFLAKE_PASSWORD}",
        "SNOWFLAKE_ROLE": "${SNOWFLAKE_ROLE}",
        "SNOWFLAKE_WAREHOUSE": "${SNOWFLAKE_WAREHOUSE}",
        "SNOWFLAKE_DATABASE": "${SNOWFLAKE_DATABASE}"
      }
    }
  }
}

Global path: ~/.cursor/mcp.json. Reload window after editing.

.vscode/mcp.jsonjsonc

{
  "servers": {
    "snowflake": {
      "command": "uvx",
      "args": [
        "mcp-snowflake-server"
      ],
      "env": {
        "SNOWFLAKE_ACCOUNT": "${SNOWFLAKE_ACCOUNT}",
        "SNOWFLAKE_USER": "${SNOWFLAKE_USER}",
        "SNOWFLAKE_PASSWORD": "${SNOWFLAKE_PASSWORD}",
        "SNOWFLAKE_ROLE": "${SNOWFLAKE_ROLE}",
        "SNOWFLAKE_WAREHOUSE": "${SNOWFLAKE_WAREHOUSE}",
        "SNOWFLAKE_DATABASE": "${SNOWFLAKE_DATABASE}"
      }
    }
  }
}

VS Code uses the "servers" key (not "mcpServers").

~/.codeium/windsurf/mcp_config.jsonjson

{
  "mcpServers": {
    "snowflake": {
      "command": "uvx",
      "args": [
        "mcp-snowflake-server"
      ],
      "env": {
        "SNOWFLAKE_ACCOUNT": "${SNOWFLAKE_ACCOUNT}",
        "SNOWFLAKE_USER": "${SNOWFLAKE_USER}",
        "SNOWFLAKE_PASSWORD": "${SNOWFLAKE_PASSWORD}",
        "SNOWFLAKE_ROLE": "${SNOWFLAKE_ROLE}",
        "SNOWFLAKE_WAREHOUSE": "${SNOWFLAKE_WAREHOUSE}",
        "SNOWFLAKE_DATABASE": "${SNOWFLAKE_DATABASE}"
      }
    }
  }
}

Open via Cascade → hammer icon → Configure.

cline_mcp_settings.jsonjson

{
  "mcpServers": {
    "snowflake": {
      "command": "uvx",
      "args": [
        "mcp-snowflake-server"
      ],
      "env": {
        "SNOWFLAKE_ACCOUNT": "${SNOWFLAKE_ACCOUNT}",
        "SNOWFLAKE_USER": "${SNOWFLAKE_USER}",
        "SNOWFLAKE_PASSWORD": "${SNOWFLAKE_PASSWORD}",
        "SNOWFLAKE_ROLE": "${SNOWFLAKE_ROLE}",
        "SNOWFLAKE_WAREHOUSE": "${SNOWFLAKE_WAREHOUSE}",
        "SNOWFLAKE_DATABASE": "${SNOWFLAKE_DATABASE}"
      }
    }
  }
}

Open via the Cline sidebar → MCP Servers → Edit.

~/.continue/config.jsonjson

{
  "experimental": {
    "modelContextProtocolServers": [
      {
        "transport": {
          "type": "stdio",
          "command": "uvx",
          "args": [
            "mcp-snowflake-server"
          ],
          "env": {
            "SNOWFLAKE_ACCOUNT": "${SNOWFLAKE_ACCOUNT}",
            "SNOWFLAKE_USER": "${SNOWFLAKE_USER}",
            "SNOWFLAKE_PASSWORD": "${SNOWFLAKE_PASSWORD}",
            "SNOWFLAKE_ROLE": "${SNOWFLAKE_ROLE}",
            "SNOWFLAKE_WAREHOUSE": "${SNOWFLAKE_WAREHOUSE}",
            "SNOWFLAKE_DATABASE": "${SNOWFLAKE_DATABASE}"
          }
        }
      }
    ]
  }
}

Continue uses modelContextProtocolServers with a transport block.

~/.codex/config.tomlshell

# ~/.codex/config.toml
[mcp_servers.snowflake]
command = "uvx"
args = [
  "mcp-snowflake-server",
]
env = { SNOWFLAKE_ACCOUNT = "${SNOWFLAKE_ACCOUNT}", SNOWFLAKE_USER = "${SNOWFLAKE_USER}", SNOWFLAKE_PASSWORD = "${SNOWFLAKE_PASSWORD}", SNOWFLAKE_ROLE = "${SNOWFLAKE_ROLE}", SNOWFLAKE_WAREHOUSE = "${SNOWFLAKE_WAREHOUSE}", SNOWFLAKE_DATABASE = "${SNOWFLAKE_DATABASE}" }

Codex uses TOML. Each server is a [mcp_servers.<name>] subtable.

~/.config/zed/settings.jsonjsonc

{
  "context_servers": {
    "snowflake": {
      "command": {
        "path": "uvx",
        "args": [
          "mcp-snowflake-server"
        ]
      },
      "env": {
        "SNOWFLAKE_ACCOUNT": "${SNOWFLAKE_ACCOUNT}",
        "SNOWFLAKE_USER": "${SNOWFLAKE_USER}",
        "SNOWFLAKE_PASSWORD": "${SNOWFLAKE_PASSWORD}",
        "SNOWFLAKE_ROLE": "${SNOWFLAKE_ROLE}",
        "SNOWFLAKE_WAREHOUSE": "${SNOWFLAKE_WAREHOUSE}",
        "SNOWFLAKE_DATABASE": "${SNOWFLAKE_DATABASE}"
      }
    }
  }
}

Zed calls them "context_servers". Settings live-reload on save.

ChatGPT → Apps directorynone

Snowflake doesn't ship a hosted HTTPS endpoint today. ChatGPT supports remote MCP servers only — to use this server in ChatGPT you'll need to deploy it to a public HTTPS URL first (e.g. via Cloudflare Workers or Vercel) or wait for an official remote build.

2
Set required secrets
Set SNOWFLAKE_ACCOUNT, SNOWFLAKE_USER, SNOWFLAKE_PASSWORD, SNOWFLAKE_ROLE, SNOWFLAKE_WAREHOUSE, SNOWFLAKE_DATABASE in your shell environment before launching your MCP client.
3
Try a minimum working prompt
Minimum working prompt pending verification. Try any prompt from the MCP’s README once installed.

Tools & permissions

Tool	Description	Args	Side effects
`list_databases`	List databases visible to the connected role.	—	Read
`list_schemas`	List schemas in a database.	database: string	Read
`list_tables`	List tables in a schema.	schema: string	Read
`describe_table`	Return columns, types, and clustering info for a table.	table: string	Read
`query`	Run a SELECT statement and return rows.	sql: string	Read

Security & scope

Access scope: Read-only
Sandbox: Connects to a Snowflake account using key-pair or password auth. Read-only at the MCP tool layer; pair with a SELECT-only role and a resource-monitored XS warehouse to bound spend.
Gotchas: Snowflake is billed per warehouse-second. Always attach a resource monitor to the warehouse the MCP uses.
Static passwords in env are leak-prone — prefer key-pair auth and a key path the OS keychain can protect.
A privileged role connected here can drop tables. Scope to a SELECT-only role even on staging accounts.

Agent prompt pack

— copy into Claude, Cursor, or ChatGPT.

Paste into Claude, Cursor, or ChatGPT. Edit the [brackets] before sending.

Recommend the best MCP servers for [task: e.g. databases work] in [client: Claude].

Constraints:
- Prefer tools that are [official | open-source | read-only] — pick what matters for my use case.
- Exclude MCPs that require [e.g. a paid plan, OAuth-only flows, remote-only transport].
- Return at most 3 picks, ranked.

For each pick include:
1. One-sentence rationale.
2. The ready-to-paste install snippet for my client.
3. Any required secrets I need to create before installing.

Cross-check the top-mcps.com listing: https://top-mcps.com/top-mcps-for-databases

Compare Snowflake against a real alternative. Swap the second MCP in [brackets] if you want a different match.

Compare Snowflake MCP vs [BigQuery MCP] for the following job: [describe the job, e.g. "let an agent create GitHub issues on bug triage"].

Judge them on:
- Setup time and complexity (what a new user hits first).
- Auth model (none / API key / OAuth 2.1) and credential risk.
- Transport (stdio / Streamable HTTP / SSE) and where the server runs.
- Required secrets and the blast radius if they leak.
- Operational risk in an unattended agent loop.
- Which one is "good enough" for a weekend prototype vs. production.

End with one sentence: which should I pick for my scenario, which is: [my scenario].

References:
- https://top-mcps.com/mcp/snowflake
- top-mcps.com listing for BigQuery

Asks the agent to install and verify. Works inside Claude Code, Cursor Agent, Codex CLI.

Install the Snowflake MCP server for my [client: Claude] at the default config path for that client.

Use the exact install snippet published at https://top-mcps.com/mcp/snowflake (fetch https://top-mcps.com/mcp/snowflake.json for the canonical server.json if you can read URLs).

Before finishing:
1. Create the required secrets (SNOWFLAKE_ACCOUNT, SNOWFLAKE_USER, SNOWFLAKE_PASSWORD, SNOWFLAKE_ROLE, SNOWFLAKE_WAREHOUSE, SNOWFLAKE_DATABASE) and put them in the appropriate env block — do not hard-code them.
2. Restart or reload the client so it picks up the new server.
3. Verify the server is connected (green / running state) and at least one tool is listed.
4. If anything fails, read the client's MCP logs and report the exact error — do not silently retry.

Confirm when done and list the tools the server now exposes.

Frequently asked questions

What changed

— 2 updates tracked.

Jun 2, 2026
Refreshed install snippets and fact sheet; verified for 2026.
Jan 22, 2025
Initial directory listing.

More Databases MCPs

Other tools in the same category worth evaluating.

Postgres MCP Pro

Production-grade Postgres MCP with index advice, EXPLAIN, and health checks.

databasesqlpostgresperformance

5 minMedium

SQLite

Local SQLite database access with full read/write support.

databasesqlitelocalstorage

2 minLow

Supabase

Full Supabase access: database, auth, storage, and edge functions.

supabasedatabasebackendpostgres

5 minLow

Compared with Snowflake

Side-by-side breakdowns for the choices people most often weigh against this MCP.

SnowflakevsClickHouse SnowflakevsBigQuery SnowflakevsPostgres MCP Pro

Exploring Top MCPs for Databases? See all Databases MCPs →