SYNQ Scout Agent Configuration

Disable SSL certificate verification.

Snowflake account identifier.

Virtual warehouse to use for queries.

Role to assume after connecting.

PEM-encoded private key content for key-pair authentication.

Path to a PEM-encoded private key file.

Passphrase to decrypt the private key.

Databases to include. If empty, all accessible databases are scraped.

Use GET_DDL() to retrieve DDL for tables and views.

Database containing the ACCOUNT_USAGE schema. Defaults to SNOWFLAKE.

Set to "externalbrowser" to use SSO browser-based authentication.

GCP project ID.

Region for BigQuery resources.

Inline JSON content of the service account key.

Path to the service account key JSON file.

Explicit list of dataset names to scrape. When set, only these datasets are queried
and project-level bigquery.datasets.list permission is not required.

Estimate table freshness from Redshift query logs instead of metadata.

Disable SSL certificate verification.

Additional DSN parameters passed to the driver.

Database to connect to. If empty, all databases are scraped.

Disable SSL certificate verification.

Use a plain HTTP connection instead of HTTPS.

Catalogs to include. Required for most Trino deployments.

Databricks workspace URL.

Personal access token for authentication.

OAuth client ID (M2M authentication).

OAuth client secret (M2M authentication).

SQL warehouse ID to use for queries.

Trust the server certificate without validation.

Encryption mode (e.g. "true", "false", "strict").

Federated authentication method (e.g. "ActiveDirectoryDefault").

Pre-acquired access token for Azure AD authentication.

Azure AD application client ID for service principal auth.

Oracle service name.

Enable SSL/TLS for the connection.

Verify the server's SSL certificate.

Path to Oracle Wallet directory for authentication.

Enable Oracle Diagnostics Pack features (AWR, ASH).

File path, ':memory:' for in-memory, or MotherDuck database name.

MotherDuck organization/account name (for cloud mode).

MotherDuck authentication token (required for cloud MotherDuck).

AWS region hosting the Athena service and Glue Data Catalog.

Athena workgroup. Defaults to "primary" when empty. Must have a
ResultConfiguration.OutputLocation configured.

Glue Data Catalog name. Defaults to "AwsDataCatalog" when empty.

Static AWS credentials. Pair accesskeyid with secretaccesskey.

Optional STS session token, when accesskeyid+secretaccesskey are
short-lived STS credentials.

Named AWS shared-config profile (from ~/.aws/credentials or
~/.aws/config). Used only when static credentials are absent.

IAM role ARN to assume via STS. Wraps whichever base credentials
resolved above (or the host's default chain when no other auth is set).

External ID required by the role's trust policy. Pair with role_arn.

Optional STS session name. Defaults to "synq-athena".

Scope filter for include/exclude filtering by Glue catalog, Glue
database, and table. Mapping: ScopeRule.database = Glue catalog,
ScopeRule.schema = Glue database, ScopeRule.table = Glue table/view.

Use SHOW CREATE TABLE to retrieve full table DDL (CTAS bodies, Iceberg
TBLPROPERTIES, Hive external LOCATION/SerDe). One Athena query per
table — billed at the 10MB scan minimum each.

Use SHOW CREATE VIEW to retrieve full view DDL instead of the
rewritten body from informationschema.views.viewdefinition.

For Iceberg tables, fan out one Athena query per table to read row
count, total file size, snapshot commit timestamp, and partition
columns from the table's $files / $snapshots / $partitions metadata
tables. Hive externals are unaffected.