Python connector

The only change is host (and port). Account, credentials, and SQL stay exactly as they are.

import snowflake.connector

conn = snowflake.connector.connect(
    user="analyst",
    password="...",                       # passes through verbatim
    account="abc12345.eu-west-2.aws",
    warehouse="BI_WH",
    host="chukei.internal.example.com",   # ← the change
    port=8443,
)

Key-pair (JWT)

from cryptography.hazmat.primitives import serialization

with open("rsa_key.p8", "rb") as f:
    pkey = serialization.load_pem_private_key(f.read(), password=None)

conn = snowflake.connector.connect(
    user="svc_dbt",
    private_key=pkey.private_bytes(
        encoding=serialization.Encoding.DER,
        format=serialization.PrivateFormat.PKCS8,
        encryption_algorithm=serialization.NoEncryption(),
    ),
    account="abc12345.eu-west-2.aws",
    host="chukei.internal.example.com", port=8443,
)

Programmatic access token (PAT)

conn = snowflake.connector.connect(
    user="svc_ci",
    token="<pat-secret>",                          # NOT password=
    authenticator="PROGRAMMATIC_ACCESS_TOKEN",
    account="abc12345.eu-west-2.aws",
    host="chukei.internal.example.com", port=8443,
)

All three modes are validated end-to-end through chukei against live Snowflake. externalbrowser SSO also works — the browser leg goes directly to Snowflake; only the token exchange transits the proxy.

Key-pair (JWT)​

Programmatic access token (PAT)​

Key-pair (JWT)

Programmatic access token (PAT)