Skip to main content
Guide to Connect Snowflake:
  1. Create a dedicated read-only user for Go Fig to limit permissions and improve security. (Recommended)
  2. Whitelist GoFig.ai’s IP address in your Snowflake network policy: 104.196.71.57
  3. Collect the following details:
  • Snowflake account identifier from your login URL
  • Username and password with appropriate permissions
  • Warehouse name for queries
  • Database and schema names (optional)
For security, create a dedicated Go Fig user with a custom role: 
-- Create role
CREATE ROLE GOFIG_ROLE;

-- Grant warehouse usage
GRANT USAGE ON WAREHOUSE COMPUTE_WH TO ROLE GOFIG_ROLE;

-- Grant database access
GRANT USAGE ON DATABASE MY_DATABASE TO ROLE GOFIG_ROLE;
GRANT USAGE ON SCHEMA MY_DATABASE.PUBLIC TO ROLE GOFIG_ROLE;

-- Grant read-only table access
GRANT SELECT ON ALL TABLES IN SCHEMA MY_DATABASE.PUBLIC TO ROLE GOFIG_ROLE;
GRANT SELECT ON FUTURE TABLES IN SCHEMA MY_DATABASE.PUBLIC TO ROLE GOFIG_ROLE;

-- Create user
CREATE USER GOFIG_USER
  PASSWORD = 'StrongPassword123!'
  DEFAULT_ROLE = GOFIG_ROLE
  DEFAULT_WAREHOUSE = COMPUTE_WH;

-- Assign role
GRANT ROLE GOFIG_ROLE TO USER GOFIG_USER;
Why This Matters:
  • Principle of Least Privilege: Go Fig only gets read access, never write
  • Audit Trail: Separate user makes it easy to track Go Fig queries
  • Cost Control: Isolate Go Fig workload and monitor independently
  • Security: Limits blast radius if credentials are compromised
Set a strong password and store it securely. Never use your admin credentials for database connection.

2) Whitelist GoFig.ai’s IP address in your Snowflake network policy

Go Fig needs network access to your Snowflake warehouse. Configure your network policy to allow connections:
Create or Update Network Policy:Whitelist Go Fig’s IP address:
CREATE NETWORK POLICY GOFIG_NETWORK_POLICY
  ALLOWED_IP_LIST = ('104.196.71.57/32');

ALTER USER GOFIG_USER SET NETWORK_POLICY = GOFIG_NETWORK_POLICY;
Verify Network Policy:
SHOW NETWORK POLICIES;
DESC NETWORK POLICY GOFIG_NETWORK_POLICY;
Create Dedicated Warehouse:For better cost control and workload isolation, create a dedicated warehouse for Go Fig:
CREATE WAREHOUSE GOFIG_WH
  WAREHOUSE_SIZE = 'SMALL'
  AUTO_SUSPEND = 300  -- 5 minutes
  AUTO_RESUME = TRUE
  INITIALLY_SUSPENDED = TRUE;

GRANT USAGE ON WAREHOUSE GOFIG_WH TO ROLE GOFIG_ROLE;
Warehouse Size Recommendations:
  • XS: Development and testing
  • Small: Standard dashboards (recommended starting point)
  • Medium: Production analytics with large datasets
  • Large: Complex queries and data scans

3) Connect Go Fig to Snowflake

1

Add Snowflake connection

Navigate to your Organization Data page and click + Add data. Select Snowflake from the list of database connections.[SCREENSHOT: Organization Data page with “Add data” button and Snowflake option in connection list]
2

Enter connection details

Fill in your Snowflake connection information:
  • Account Identifier: From your Snowflake URL (e.g., abc12345.us-east-1, xy98765.eu-west-1, my-org-account)
    • Format: https://<account_identifier>.snowflakecomputing.com
  • Username: Your Snowflake username
  • Password: Your Snowflake password
  • Warehouse: Virtual warehouse for queries (e.g., COMPUTE_WH or GOFIG_WH)
  • Database (Optional): Default database name
  • Schema (Optional): Default schema name
  • Role (Optional): Role to assume (e.g., GOFIG_ROLE)
For production warehouses, always configure network policies to restrict access to Go Fig’s IP address.
3

Connect to Snowflake

Click Connect to Snowflake to complete the setup. Go Fig will verify the connection, encrypt and store your credentials securely.[SCREENSHOT: “Connect to Snowflake” button]

Security Best Practices

Go Fig Security Features

  • Encrypted Credentials: Go Fig encrypts all connection credentials at rest
  • SSL/TLS Encryption: All data in transit uses SSL/TLS encryption
  • Credential Protection: Credentials are never logged or displayed in plain text
  • Role-Based Access Control: COMING SOON - Granular permissions for connection management
Use read-only user: Never connect with a user that has write permissions.
Network restrictions: Use network policies to restrict Go Fig user to 104.196.71.57.
Rotate credentials regularly: Change passwords every 90 days.
Monitor query activity: Review Query History in Go Fig and QUERY_HISTORY in Snowflake.
Auto-suspend warehouses: Set auto-suspend to 5-10 minutes to minimize idle costs.
Filter early in workflows: Add filters at workflow start to reduce data scanned and query time.
Use dedicated warehouse: Create separate warehouse for Go Fig to isolate workload and control costs.
Never use admin credentials: Create a dedicated user with minimal necessary permissions.