> ## Documentation Index
> Fetch the complete documentation index at: https://www.truefoundry.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Set up Snowflake MCP Server

> Create a Snowflake MCP server with Cortex AI tools and connect it to TrueFoundry with OAuth.

Snowflake managed MCP servers expose Cortex Search, Cortex Analyst, SQL execution, and Cortex Agents. Create the MCP server in Snowflake, grant access, and register its URL in TrueFoundry.

## Prerequisites

* A TrueFoundry account with permission to add MCP servers.
* Snowflake `ACCOUNTADMIN` or `SYSADMIN` privileges.
* At least one Cortex resource or warehouse to expose.

## Create the MCP Server in Snowflake

Run SQL like the following, keeping only the tools you need:

```sql theme={"dark"}
CREATE OR REPLACE MCP SERVER my_mcp_server
  FROM SPECIFICATION $$
    tools:
      - name: "search-tool"
        type: "CORTEX_SEARCH_SERVICE_QUERY"
        identifier: "MY_DB.MY_SCHEMA.MY_SEARCH_SERVICE"
        description: "Search documents in Snowflake"
      - name: "sql-tool"
        type: "SYSTEM_EXECUTE_SQL"
        description: "Execute SQL queries"
        config:
          read_only: true
          warehouse: "MY_WAREHOUSE"
  $$;
```

Grant `USAGE` on the MCP server and on each underlying Cortex resource or warehouse to the roles that should use it.

## Create OAuth Credentials

Create a Snowflake OAuth security integration with the TrueFoundry callback URL:

```sql theme={"dark"}
CREATE OR REPLACE SECURITY INTEGRATION tfy_oauth
  TYPE = OAUTH
  OAUTH_CLIENT = CUSTOM
  ENABLED = TRUE
  OAUTH_CLIENT_TYPE = 'CONFIDENTIAL'
  OAUTH_REDIRECT_URI = 'https://<tfy-control-plane-base-url>/api/svc/v1/llm-gateway/mcp-servers/oauth2/callback';
```

Retrieve the client credentials:

```sql theme={"dark"}
SELECT SYSTEM$SHOW_OAUTH_CLIENT_SECRETS('TFY_OAUTH');
```

## Register in TrueFoundry

The Snowflake MCP URL has this format:

```txt theme={"dark"}
https://<account_url>/api/v2/databases/<database>/schemas/<schema>/mcp-servers/<server_name>
```

Add it as a remote OAuth2 MCP server and paste the Snowflake OAuth Client ID and Client Secret. Users should open the server's **Tools** section and click **Connect Now**; after OAuth succeeds, Snowflake tools appear and can be tried from the **Agent Playground**. Each user operates under their Snowflake RBAC permissions.

## Security Notes

Use `read_only: true` for SQL tools unless agents must write data. Grant access to underlying Cortex resources separately; access to the MCP server alone is not enough.
