Levered Docs
Getting StartedConnect Your Warehouse

Snowflake

Connect a Snowflake database to Levered.

What you need

ItemDescription
Account identifierYour Snowflake account (e.g., xy12345.us-east-1)
WarehouseThe compute warehouse to use for queries (e.g., LEVERED_WH)
DatabaseThe database containing your event tables
SchemaThe schema within the database (e.g., PUBLIC)
AuthenticationPassword or RSA key pair (recommended for service accounts)

Option A: Password authentication

CREATE ROLE levered_reader;
GRANT USAGE ON WAREHOUSE LEVERED_WH TO ROLE levered_reader;
GRANT USAGE ON DATABASE analytics_db TO ROLE levered_reader;
GRANT USAGE ON SCHEMA analytics_db.public TO ROLE levered_reader;
GRANT SELECT ON ALL TABLES IN SCHEMA analytics_db.public TO ROLE levered_reader;

CREATE USER levered_svc
  PASSWORD = 'a-strong-password'
  DEFAULT_ROLE = levered_reader
  DEFAULT_WAREHOUSE = LEVERED_WH;

GRANT ROLE levered_reader TO USER levered_svc;

Option B: Key pair authentication

Key pair auth uses an RSA private key instead of a password. This is Snowflake's recommended approach for service accounts.

1. Generate an RSA key pair:

# Generate a 2048-bit private key in PKCS#8 PEM format (unencrypted)
openssl genrsa 2048 | openssl pkcs8 -topk8 -inform PEM -nocrypt -out levered_rsa_key.pem

# Extract the public key
openssl rsa -in levered_rsa_key.pem -pubout -out levered_rsa_key.pub

Note: Snowflake recommends using encrypted private keys (generated with -v2 des3 instead of -nocrypt). Levered currently only supports unencrypted private keys. If your security policy requires encrypted keys, generate an encrypted key and decrypt it before pasting into the dashboard:

# Generate encrypted key (you'll be prompted for a passphrase)
openssl genrsa 2048 | openssl pkcs8 -topk8 -v2 des3 -out rsa_key_encrypted.p8
# Decrypt it for use with Levered
openssl pkcs8 -in rsa_key_encrypted.p8 -nocrypt -out levered_rsa_key.pem

2. Create the user and assign the public key in Snowflake:

CREATE ROLE levered_reader;
GRANT USAGE ON WAREHOUSE LEVERED_WH TO ROLE levered_reader;
GRANT USAGE ON DATABASE analytics_db TO ROLE levered_reader;
GRANT USAGE ON SCHEMA analytics_db.public TO ROLE levered_reader;
GRANT SELECT ON ALL TABLES IN SCHEMA analytics_db.public TO ROLE levered_reader;

CREATE USER levered_svc
  DEFAULT_ROLE = levered_reader
  DEFAULT_WAREHOUSE = LEVERED_WH;

GRANT ROLE levered_reader TO USER levered_svc;

-- Set the public key (paste the key content without the BEGIN/END lines)
ALTER USER levered_svc SET RSA_PUBLIC_KEY = 'MIIBIjANBgkqh...your-public-key...';

3. Paste the private key contents (the full PEM including the -----BEGIN PRIVATE KEY----- and -----END PRIVATE KEY----- lines) into the dashboard.

Connect via the dashboard

  1. Navigate to Settings > Warehouse in the Levered dashboard.
  2. Select Snowflake as the provider.
  3. Enter your Account, Warehouse, Database, and Schema.
  4. Enter the Username for your read-only user.
  5. Choose your authentication method: Password or Key Pair (RSA).
    • For password: enter the password.
    • For key pair: paste the full PEM private key.
  6. Click Test Connection to verify.
  7. Click Save.

Troubleshooting

Connection test fails

Check that the account identifier includes the region (e.g., xy12345.us-east-1). Verify the user has USAGE on the warehouse, database, and schema.

Permission errors at training time

Levered runs SQL queries during model training. If training fails with permission errors, check that the Snowflake user has SELECT access on the specific tables referenced in your metric queries.

Next step

Now that your warehouse is connected, set up your data pipeline -- create the tables Levered reads during training.

BigQuery

Connect a Google Cloud BigQuery dataset to Levered.

Postgres

Connect a PostgreSQL database to Levered.

On this page

What you needCreate a read-only user (recommended)Option A: Password authenticationOption B: Key pair authenticationConnect via the dashboardTroubleshootingConnection test failsPermission errors at training timeNext step