• Help
  • Release Notes
  • Back to Segment.com

    • Snowflake Reverse ETL Setup

    On this page

    Set up Snowflake as your Reverse ETL source.

    At a high level, when you set up Snowflake for Reverse ETL, the configured user/role needs read permissions for any resources (databases, schemas, tables) the query needs to access. Segment keeps track of changes to your query results with a managed schema
    (__SEGMENT_REVERSE_ETL), which requires the configured user to allow write permissions for that schema.

    Segment now supports key-pair authentication for Snowflake Reverse ETL sources. Key-pair authentication is available for Business Tier users only.

    Set up guide

    Follow the instructions below to set up the Segment Snowflake connector. Segment recommends you use the ACCOUNTADMIN role to execute all the commands below, and that you create a user that authenticates with an encrypted key pair.

    1. Log in to your Snowflake account.
    2. Navigate to Worksheets.

    3. Enter and run the code below to create a database. Segment uses the database specified in your connection settings to create a schema called __segment_reverse_etl to avoid collision with your data. The schema is used for tracking changes to your model query results between syncs. An existing database can be reused, if desired. Segment recommends you to use the same database across all your models attached to this source to keep all the state tracking tables in 1 place.

      -- not required if another database is being reused
CREATE DATABASE segment_reverse_etl;

    4. Enter and run the code below to create a virtual warehouse. Segment Reverse ETL needs to execute queries on your Snowflake account, which requires a Virtual Warehouse to handle the compute. You can also reuse an existing warehouse.

      -- not required if reusing another warehouse
CREATE WAREHOUSE segment_reverse_etl
 WITH WAREHOUSE_SIZE = 'XSMALL'
   WAREHOUSE_TYPE = 'STANDARD'
   AUTO_SUSPEND = 600 -- 5 minutes
   AUTO_RESUME = TRUE;

    5. Enter and run the code below to create specific roles for Reverse ETL. All Snowflake access is specified through roles, which are then assigned to the user you’ll create later.

      -- create role
CREATE ROLE segment_reverse_etl;

-- warehouse access
GRANT USAGE ON WAREHOUSE segment_reverse_etl TO ROLE segment_reverse_etl;

-- database access
GRANT USAGE ON DATABASE segment_reverse_etl TO ROLE segment_reverse_etl;
GRANT CREATE SCHEMA ON DATABASE segment_reverse_etl TO ROLE segment_reverse_etl;

    6. Enter and run one of the following code snippets below to create the user Segment uses to run queries. For added security, Segment recommends creating a user that authenticates using a key pair.

      To create a user that authenticates with a key pair, create a key pair and then execute the following SQL commands:

      -- create user (key-pair authentication)
CREATE USER segment_reverse_etl_user
DEFAULT_ROLE = segment_reverse_etl
RSA_PUBLIC_KEY = 'enter your public key';

-- role access
GRANT ROLE segment_reverse_etl TO USER segment_reverse_etl_user;

      To create a user that authenticates with a password, execute the following SQL commands:

      -- create user (password authentication)
CREATE USER segment_reverse_etl_user
 MUST_CHANGE_PASSWORD = FALSE
 DEFAULT_ROLE = segment_reverse_etl
 PASSWORD = 'my_strong_password'; -- Do not use this password

-- role access
GRANT ROLE segment_reverse_etl TO USER segment_reverse_etl_user;
    7. Follow the steps listed in the Add a Source section to finish adding Snowflake as a source.

    This page was last modified: 03 Jun 2024

    Get started with Segment

    Segment is the easiest way to integrate your websites & mobile apps data to over 300 analytics and growth tools.
    or
    Create free account

    On this page

    Was this page helpful?