Enhancement Request: Support dynamic Snowflake credentials per user session (LibreChat integration

[samuelmbl]

Hello,

I'm currently using the MCP server with LibreChat and noticed that credentials for Snowflake connections are only configured at container startup.

It would be very useful to have the ability to dynamically update or inject credentials based on the user session in LibreChat. This would allow for more granular access control, for example, restricting access to specific Snowflake objects depending on the authenticated user.

Is there any existing mechanism or planned enhancement that would support session-based credentials instead of static ones?

[adricu]

Hey there!

I managed to set it up using PATs but the problem is that this solution does not scale, and also sometimes librechat becomes unavailable. So running it in streamable-http with parameters being received in the endpoints would be incredible.

My working solution:

mcpServers:
  snowflake:
    startup: false
    type: stdio
    command: uvx
    args:
      - snowflake-labs-mcp
      - --service-config-file
      - /app/snowflake_mcp_configuration.yaml
      - --account
      - XXXXXXXX.eu-west-1
      - --password
      - "{{PAT}}"
      - --role
      - "{{ROLE}}"
      - --warehouse
      - "{{WAREHOUSE}}"
      - --user
      - "{{LIBRECHAT_USER_EMAIL}}"
    customUserVars:
      WAREHOUSE:
        title: "Snowflake Warehouse"
        description: "Snowflake Warehouse"
      ROLE:
        title: "Snowflake Role"
        description: "Snowflake Role"
      PAT:
        title: "Programatic Access Token"
        description: "You can generate a new PAT from Settings/Authentication in Snowflake"