A comprehensive deep dive into Snowflake Container Services — security architecture, compute isolation, ingress/egress controls, PAT authentication, CORS, private connectivity, and tunneling approaches (SSH, WebSocket, Tailscale, ngrok) to connect SPCS to your own infrastructure.
How to establish persistent, bidirectional SSH tunnels from Snowflake Container Services to any machine you control — using base64-encoded keys in Snowflake Secrets, autossh for resilience, reverse port forwards, and nginx to expose SPCS services with SSL on your own domain.
Snowflake’s managed MCP servers work with external OAuth tokens — JWT-signed, role-scoped, and RBAC-enforced. Tested end-to-end with tool discovery and SQL execution.
Snowflake provides a unified Zero Trust control plane for both data and AI inference. This blueprint maps Snowflake and Cortex to NIST 800-207, CISA’s Zero Trust Maturity Model, and OMB M-22-09 — one governance layer, one policy stack, no shadow AI.
Four sample methods for managing encryption keys in Snowflake — from session variables to cloud KMS to HYOK key wrapping — ensuring sensitive data is protected with keys you control. Postgres pgcrypto compatible.
How to send security alerts from Snowflake directly to your SIEM using native webhook notification integrations — with working examples for Splunk HEC and Microsoft Sentinel, plus a hybrid approach for dynamic OAuth tokens.
How to execute SQL across Snowflake accounts using the SQL API with OAuth — covering Client Credentials (Entra ID), Self-Signed JWT (GCP), PAT, and Key-Pair authentication with full architecture diagrams and code.
An open-source AI skill that teaches any coding agent to build threat detection pipelines, hunt anomalies, and automate incident response in Snowflake — with OWASP, MITRE ATT&CK, and NIST CSF built in.
A better-together reference architecture combining Splunk’s real-time detection with Snowflake’s cost-effective data lake — federated search via DB Connect, 70-80% cost optimization, and years of historical retention.
A visual, hands-on explanation of JSON Web Tokens — what they contain, how signing works, why they expire, and how Snowflake uses them for External OAuth authentication.
A high-performance Rust proxy that lets Claude Code, Continue.dev, ZeroClaw, Mistral Vibe — or any AI coding agent — use Snowflake Cortex, OpenAI, Anthropic, or Ollama as their backend. Optional prompt policy enforcement included.
A defense-in-depth security architecture for AI agents and inference workloads — covering network isolation, identity propagation, authorization, data protection, and auditing under the EU AI Act, DORA, and NIS2.
The core challenge of AI agents: passing the human user’s identity through to Snowflake. This toolkit demonstrates JWT-to-PAT token exchange so agents execute as the actual user — with their roles, permissions, and full audit trail.
Turn Snowflake Container Services into your personal cloud development environment — VS Code in the browser, web terminal, persistent storage, and direct Snowflake access.
A patched, ready-to-deploy Apache NiFi 2.6.0 on SPCS — with fixes for ingress compatibility, a token debug UI, and a sample PostgreSQL-to-Snowflake CDC flow.
How to use Postgres 17 as a transparent encryption proxy so that data stored in Snowflake is always AES-256 encrypted at the column level — with your own key, under your own control.
How to decrypt PGP/GPG-encrypted files directly inside Snowflake using Python UDFs and the pgpy library — no external compute, no middleware, no key in transit.
Hybrid Cloud Architecture Series with Snowflake Part 1 — How to setup an SSH tunnel from Snowflake Container Services to query on-premise Iceberg data lakes, databases, APIs, or AI models behind your firewall.