Snowflake Cortex Agents
The Snowflake connector discovers your account's Cortex Agents, imports AI-observability activity as MITRITY audit events, and reads account security posture — authenticated with a locally-signed key-pair (RSA) JWT. It never writes to your account.
Read SaaS-Embedded Agent Governance first for the connector model; this page covers Snowflake specifics.
What it discovers
- Cortex Agents defined in the account (
SHOW AGENTS IN ACCOUNT), added to your Agents inventory with statediscovered.
Requirements
| Requirement | Detail |
|---|---|
| Account | Any Snowflake account with Cortex Agents. AI-observability events require the account's AI Observability feature to be enabled. |
| Role | A role that can CREATE USER / CREATE ROLE and grant privileges (e.g. ACCOUNTADMIN) to run the setup once. |
| MITRITY plan | Pro or Enterprise; Owner or Manager role. |
Step 1 — Generate a key pair
Key-pair auth signs a JWT with a private key; Snowflake verifies it with the public key registered on the user. Generate an unencrypted PKCS#8 RSA key pair:
# Private key (PKCS#8, unencrypted) — MITRITY stores this, encrypted. Never register it on Snowflake.
openssl genrsa 2048 | openssl pkcs8 -topk8 -inform PEM -out mitrity_rsa_key.p8 -nocrypt
# Public key — you register this on the Snowflake user in Step 3.
openssl rsa -in mitrity_rsa_key.p8 -pubout -out mitrity_rsa_key.pub
Step 2 — Create a dedicated user and read-only role
Run as a privileged role. A service user (key-pair only, no password) is preferred; a regular user with a registered key works too.
USE ROLE ACCOUNTADMIN;
CREATE ROLE IF NOT EXISTS MITRITY_GOVERNANCE;
CREATE USER IF NOT EXISTS MITRITY_SVC
TYPE = SERVICE -- key-pair only; omit for a regular user
DEFAULT_ROLE = MITRITY_GOVERNANCE
DEFAULT_WAREHOUSE = <YOUR_WAREHOUSE>;
GRANT ROLE MITRITY_GOVERNANCE TO USER MITRITY_SVC;
Step 3 — Register the public key and grant read-only privileges
-- Register the public key (paste the base64 body of mitrity_rsa_key.pub,
-- WITHOUT the -----BEGIN/END PUBLIC KEY----- lines or newlines).
ALTER USER MITRITY_SVC SET RSA_PUBLIC_KEY='MIIBIjANBgkq...';
-- Compute for the connector's read queries.
GRANT USAGE ON WAREHOUSE <YOUR_WAREHOUSE> TO ROLE MITRITY_GOVERNANCE;
-- Observe: read AI-observability events. CORTEX_USER covers Cortex access;
-- add READ UNREDACTED for full prompt/tool content (metadata-only without it).
GRANT DATABASE ROLE SNOWFLAKE.CORTEX_USER TO ROLE MITRITY_GOVERNANCE;
GRANT READ UNREDACTED AI OBSERVABILITY EVENTS ON ACCOUNT TO ROLE MITRITY_GOVERNANCE;
Validate the observability grant for your account. Snowflake's AI-observability privileges are evolving; confirm the exact grant your account needs against Snowflake's current documentation. If it's missing, the connector still connects and runs Discover + Posture — it simply returns no telemetry rather than failing (graceful degrade), and full prompt/tool content stays redacted without
READ UNREDACTED.
Then read the fingerprint MITRITY needs:
DESC USER MITRITY_SVC;
-- Copy the RSA_PUBLIC_KEY_FP value, e.g. SHA256:abcd1234…
Step 4 — Connect in MITRITY
In Settings → Platforms → Connect a platform, choose Snowflake and provide:
| Field | Value |
|---|---|
| Account / Organization | Your Snowflake account identifier, e.g. xy12345.eu-central-1 (locator) or orgname-account_name |
| Key-pair private key (PEM) | The contents of mitrity_rsa_key.p8 from Step 1 |
| Username | MITRITY_SVC |
| Role | MITRITY_GOVERNANCE |
| Warehouse | <YOUR_WAREHOUSE> |
| Database / Schema | Optional default query context |
| Public-key fingerprint | The RSA_PUBLIC_KEY_FP from Step 3, e.g. SHA256:abcd1234… |
Save, then click Sync now. The connector signs an RS256 JWT locally with your private key (no token exchange), calls the Snowflake SQL API, and runs Discover → Observe → Posture.
Observe — AI Observability events
The connector imports agent activity from Snowflake's AI Observability events. Imported events carry source = snowflake, are marked observed (recorded, not gated), and flow to the audit log, Insights, and any configured SIEM destination. Without the READ UNREDACTED AI OBSERVABILITY EVENTS grant, events are imported metadata-only (prompts and tool payloads stay redacted). If the observability feature or grant is absent, telemetry is empty and the connection stays healthy.
Posture
The connector reads account security-configuration proxies — over-broad ACCOUNTADMIN / SECURITYADMIN grants and agent presence — and records them as findings (OK / Warning / Unknown). A control it cannot read is recorded as Unknown, never OK. See Posture & Security.
Governing a discovered agent
Assign a policy to a discovered agent to move it to governed (governance mode Constrained), or suppress it. Cortex Agents are observed, not enforced in-band, in this release — see read-only by design.