Snowflake's recommended auth pattern for programmatic access is RSA key-pair, not username/password or OAuth. Key-pair auth support means agents connect to Snowflake using the same credential pattern data teams already provision for service accounts — no custom auth layer needed.

A data quality agent runs nightly Snowflake queries to validate pipeline outputs. The data team provisions a service account with an RSA key pair. The developer registers the private key in Scalekit, which stores it securely and handles the key-pair auth exchange on each tool call. The agent never handles credentials directly — key material stays in Scalekit.

What's included

• Scalekit stores the RSA private key and handles the key-pair exchange at connection time.
• Agent code specifies only the query and dataset — auth is fully abstracted.
• Pairs with OAuth M2M as the complete story for service-account-based data agent auth.
• Covers the standard provisioning pattern for every data team running Snowflake.