Search documentation...



Hundreds of industry leaders use Hightouch to turn Snowflake into a marketing, sales, success and operational engine

Create the Warehouse connection in Hightouch

You'll need to allowlist Hightouch's IP addresses to allow our systems to contact your warehouse. Reference our docs to determine which IPs you need to allowlist.

To connect Hightouch to your Snowflake Warehouse, we recommend creating a user specifically provisioned with read-only access to the tables and schemas required.
The method used will vary depending on your particular implementation details, but the instructions below should serve as a decent starting point.
To create a role, run the following code in Snowflake. If you already have a valid role with read-only access skip this step.
CREATE ROLE IF NOT EXISTS ht_readonly_role
    COMMENT = "Read only access to select tables for Hightouch";
To create a user, run the following code in Snowflake, replacing all the values wrapped in <> with actual values:
    password = '<a_very_secure_password>'
    first_name = 'Hightouch'
    last_name = 'User'
    default_warehouse = '<warehouse>'
    default_namespace = '<database.schema>'
    default_role = '<ht_readonly_role>'
    comment = 'Used for Hightouch integrations'
Next, you'll need to grant the appropriate permissions to the role. At minimum, the role will need access to the warehouse, database, schema, and tables. If you're using permifrost, you can define the role permissions there, otherwise, you can grant the permissions directly in Snowflake:
GRANT USAGE ON WAREHOUSE <warehouse> TO ROLE ht_readonly_role;
GRANT ROLE ht_readonly_role TO USER ht_user;

GRANT USAGE ON DATABASE "<database>" TO ROLE ht_readonly_role;
GRANT USAGE ON SCHEMA "<database>"."<schema>" TO ROLE ht_readonly_role;
GRANT SELECT ON ALL TABLES IN SCHEMA "<database>"."<schema>" TO ROLE ht_readonly_role;
GRANT SELECT ON FUTURE TABLES IN SCHEMA "<database>"."<schema>" TO ROLE ht_readonly_role;
GRANT SELECT ON ALL VIEWS IN SCHEMA "<database>"."<schema>" TO ROLE ht_readonly_role;
GRANT SELECT ON FUTURE VIEWS IN SCHEMA "<database>"."<schema>" TO ROLE ht_readonly_role;

Or, if using permifrost.
  - ht_readonly_role:
        - <warehouse>
            - <database>
            - <database>.*
            - <database>.*.*

  - ht_user:
      can_login: yes
        - ht_readonly_role
If you are using permifrost, check out our CircleCI orb to make running permifrost from a Github repo easy.
Once you have your role and user provisioned, you can add them to Hightouch:
  1. In Hightouch, go to Sources or click
    Selecting Add Source
  2. Click "Create Source"
    Select Connect Source
  3. Select Snowflake
  4. For Account, enter your Snowflake account. Usually, this is in the format <identifier>.<region>.<cloud provider>, e.g. See the Snowflake docs for more information.
  5. For Database, enter your Snowflake database name.
  6. For Username, enter your Snowflake username, e.g. ht_user
  7. For Password, enter your Snowflake user's password.
  8. For Role, enter the Role that Hightouch should use for queries, e.g. ht_readonly_role. Use DEFAULT to use the default role. A default role must be set for the user for this to work.
  9. Click "Test" to test the connection. Hightouch is able to successfully connect, click the "Complete" button at the bottom of the page

RSA Authentication

Generate a private key and public key by running the following commands in your terminal:
$ openssl genrsa 2048 | openssl pkcs8 -topk8 -inform PEM -out rsa_key.p8
$ openssl rsa -in rsa_key.p8 -pubout -out
Then in Snowflake, execute an ALTER USER command to assign the public key to your Hightouch Snowflake user:
alter user ht_user set rsa_public_key='MIIBIjANBgkqh...';
Finally, in the Authentication Method of the Snowflake Source settings, select RSA Private Key and drop your private key you just generated into the Private Key File field
Snowflake RSA

    Need help?

    Our team is relentlessly focused on your success. We're ready to jump on a call to help unblock you.

    • Connection issues with your data warehouse?
    • Confusing API responses from destination systems?
    • Unsupported destination objects or modes?
    • Help with complex SQL queries?


    Feature Requests?

    If you see something that's missing from our app, let us know and we'll work with you to build it!

    We want to hear your suggestions for new sources, destinations, and other features that would help you activate your data.

On this page

Create the Warehouse connection in HightouchRSA Authentication

Was this page helpful?