Configuring MCP servers access to Snowflake with session recording

Many teams assume that simply enabling an MCP server in front of Snowflake automatically gives them a reliable audit trail. In reality, without a dedicated gateway that inspects each query, the server can forward traffic unchanged and the organization loses visibility into who ran what and when.

Why session recording is essential for Snowflake workloads

Snowflake stores analytical data that often includes regulated information such as PCI, PHI, or personal identifiers. When a query runs, the result set can expose that data to anyone with client access. Session recording captures the full request‑response exchange, providing a reliable record that auditors can review. It also gives engineers forensic evidence when an unexpected data leak is reported.

Beyond compliance, session recording helps teams detect misuse, troubleshoot performance issues, and validate that data‑masking policies are applied consistently. Without a recording layer, each query lives only in the client’s memory, making post‑mortem analysis impossible.

Where enforcement must happen

The identity system (OIDC or SAML) determines who is allowed to start a connection, but it does not enforce what happens once the request reaches Snowflake. The only place to guarantee session recording, inline masking, and guardrails is the data path that sits between the client and the Snowflake endpoint. By placing a Layer 7 gateway in that path, every protocol message can be inspected, logged, and, if necessary, altered before it reaches the database.

hoop.dev fulfills that role. It acts as an identity‑aware proxy that terminates the client connection, authenticates the user’s token, and then opens a separate session to Snowflake using credentials that only the gateway knows. Because the gateway controls the full round‑trip, it can record each query and its results, apply masking rules, and enforce approval workflows before any destructive command executes.

Conceptual flow for an MCP‑driven Snowflake session

Identity verification: The engineer or AI agent presents an OIDC token to the gateway. hoop.dev validates the token, extracts group membership, and decides whether the user may request Snowflake access.
Just‑in‑time session creation: Upon approval, the gateway establishes a Snowflake session using a credential stored in its configuration. The client never sees this secret.
Query interception: Each SQL statement travels through the gateway. Before forwarding, hoop.dev checks the statement against policy rules. If the query attempts to read a protected column, the masking plugin redacts the sensitive fields in the response.
Session recording: The gateway writes a timestamped log entry that includes the user identity, the exact query text, and the masked result set. These logs are stored securely and can be replayed for audit.
Replay and review: Administrators can retrieve a recorded session from the audit store, view the original query, and see the masked output exactly as the user saw it.

This flow guarantees that every Snowflake interaction is both observable and controllable, without requiring changes to the client tools such as snowsql or BI connectors.

Continue reading? Get the full guide.

SSH Session Recording + Session Binding to Device: Architecture Patterns & Best Practices

Free. No spam. Unsubscribe anytime.

Getting started with hoop.dev for Snowflake

To implement this architecture, begin with the getting‑started guide, which walks you through deploying the gateway, configuring OIDC, and registering a Snowflake connection. The guide also explains how to enable the built‑in masking plugin and turn on session recording. Because the gateway runs as a Docker Compose service by default, you can spin up a test environment in minutes.

Once the gateway is running, add Snowflake as a connection in the hoop.dev UI. Provide the Snowflake account name, warehouse, and a service account credential that the gateway will use. After saving the connection, you can create an MCP server definition that points to the Snowflake connection. When an engineer or AI agent connects to that MCP server, hoop.dev automatically applies the session‑recording policy you configured.

All of the detailed steps, including how to define masking rules for PCI or PHI columns, are covered in the learning hub. The hub also contains best‑practice recommendations for retaining audit logs and rotating service credentials.

FAQ

Do I need to modify my existing Snowflake clients?

No. The gateway speaks the native Snowflake wire protocol, so existing tools continue to work unchanged. They simply point at the MCP server address instead of the direct Snowflake endpoint.

Can I turn off recording for a specific user?

Recording is enforced at the gateway level. You can create a policy that excludes certain low‑risk service accounts, but doing so reduces audit visibility. The recommended approach is to keep recording enabled for all human‑initiated sessions.

How long are session logs retained?

Retention is configurable in the gateway settings. For most compliance regimes, a 90‑day window satisfies audit requirements, but you can extend it as needed.

Ready to try it out? Explore the open‑source repository on GitHub. The combination of OIDC‑driven identity, Layer 7 enforcement, and built‑in session recording gives you a complete, auditable path to Snowflake without exposing credentials to end users.