duckcode-snowflake-readonly-mcp-server

DuckCode-MCP-Servers/duckcode-snowflake-readonly-mcp-server

3.2

If you are the rightful owner of duckcode-snowflake-readonly-mcp-server and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.

Duckcode Snowflake Reader MCP Server is a secure, read-only server designed to expose Snowflake data to MCP-compatible agents, ensuring credentials are protected and SQL use is validated.

Duckcode Snowflake Reader MCP Server

An enterprise-focused, read-only Model Context Protocol (MCP) server that exposes Snowflake data to MCP-compatible agents such as Claude Desktop. The server keeps credentials out of logs, validates SQL use, and is ready to run in Docker-based MCP hosting environments.

Highlights

  • Read-only access enforced with SQL guards and identifier validation
  • Multiple credential sources: JSON secrets file, environment variables, or inline JSON
  • Minimal runtime surface area: single Python process, no background threads
  • Drop-in MCP server identifier duckcode-snowflake-reader

Secure Configuration Options

Quick Credential Examples

  • Secrets file: create /run/secrets/snowflake.json with the JSON payload shown below and launch python -m duckcode_snowflake_reader_mcp_server.main --connection-file /run/secrets/snowflake.json.
  • Environment variables: export DUCKCODE_SNOWFLAKE_ACCOUNT=my-account, DUCKCODE_SNOWFLAKE_USER=svc_reader, etc., then run python -m duckcode_snowflake_reader_mcp_server.main --env-prefix DUCKCODE_SNOWFLAKE.
  • Inline JSON (testing only): python -m duckcode_snowflake_reader_mcp_server.main --connection '{"account":"my-account","user":"svc_reader","password":"super-secret","warehouse":"reporting_wh","database":"analytics_db","schema":"production","role":"ANALYST_ROLE"}'.

Option 1 - JSON Secrets File (recommended)

Store credentials in a file that is not committed to source control. Example snowflake-credentials.json:

{
  "account": "your-account",
  "user": "svc_reader",
  "password": "${SNOWFLAKE_PASSWORD}",
  "warehouse": "reporting_wh",
  "database": "analytics_db",
  "schema": "production",
  "role": "ANALYST_ROLE"
}

Run the server:

python -m duckcode_snowflake_reader_mcp_server.main \
  --connection-file /secure/path/snowflake-credentials.json

Option 2 - Environment Variables

Provide values via an environment prefix. Each key becomes <PREFIX>_<field name in uppercase> (e.g. DUCKCODE_SNOWFLAKE_ACCOUNT).

export DUCKCODE_SNOWFLAKE_ACCOUNT=your-account
export DUCKCODE_SNOWFLAKE_USER=svc_reader
export DUCKCODE_SNOWFLAKE_PASSWORD='...'
export DUCKCODE_SNOWFLAKE_WAREHOUSE=reporting_wh
export DUCKCODE_SNOWFLAKE_DATABASE=analytics_db
export DUCKCODE_SNOWFLAKE_SCHEMA=production
export DUCKCODE_SNOWFLAKE_ROLE=ANALYST_ROLE

python -m duckcode_snowflake_reader_mcp_server.main --env-prefix DUCKCODE_SNOWFLAKE

Environment-sourced values override anything supplied by JSON.

Option 3 - Inline JSON (for quick tests only)

python -m duckcode_snowflake_reader_mcp_server.main \
  --connection '{"account":"your-account","user":"svc_reader",...}'

Avoid this approach in shared shells or production environments because command history may capture secrets.

Claude Desktop / Claude for Web Configuration

Add the server to your MCP configuration file. Replace placeholders or switch to --connection-file / --env-prefix if you mount secrets into the container.

{
  "mcpServers": {
    "duckcode-snowflake-reader": {
      "command": "docker",
      "args": [
        "run",
        "--rm",
        "duckcode-snowflake-reader-mcp-server",
        "--connection",
        "{\"account\":\"your-account\",\"user\":\"svc_reader\",\"password\":\"your-password\",\"warehouse\":\"reporting_wh\",\"database\":\"analytics_db\",\"schema\":\"production\",\"role\":\"ANALYST_ROLE\"}"
      ]
    }
  }
}

svc_reader is simply a placeholder for whichever Snowflake user (often a dedicated service account) you want to authenticate as. The escaped quotes (\") are required because this JSON object is being embedded inside another JSON string. If you prefer to avoid escape characters, switch to --connection-file or --env-prefix, which keep the credentials in their natural JSON or environment variable form.

Running with Docker

docker build -t duckcode-snowflake-reader-mcp-server .
docker run --rm \
  -v /secure/path/snowflake-credentials.json:/run/secrets/snowflake.json:ro \
  duckcode-snowflake-reader-mcp-server \
  --connection-file /run/secrets/snowflake.json

Running with uvx

uvx duckcode-snowflake-reader-mcp-server \
  --env-prefix DUCKCODE_SNOWFLAKE

Ensure the environment variables or secrets file are available to the runtime.

Available Resources & Tools

  • snowflake://tables — list tables visible to the configured role
  • snowflake://schema/{table_name} — describe a table (fully qualified name)
  • query tool — execute a single read-only query (SELECT, SHOW, DESC, EXPLAIN, WITH)

License

Distributed under the MIT License. See .