Skip to main content

Snowflake Technical Integration Details

Robby Dunigan avatar
Written by Robby Dunigan
Updated today

Overview

Integrating Snowflake and Rippit allows for customers to export data from Rippit and import data into Rippit.

To do this you will need to be an Admin in Rippit with access to the Connections page. Then underneath the Data Export locate Snowflake:

For information on what can be exported to Snowflake, check this Data Dictionary. For information on the data ingestion process, check this Help Article.


Setup Steps

1. Securing Database Access

Before creating database objects, you'll need to allow Rippit's IP addresses to connect to your Snowflake instance.

List of IPs to allow will be visible in the first step of the Snowflake integration process but if you are unable to locate them contact your main POC at Rippit.

Important: Without proper network access configuration, the connection will fail even with correct credentials.

2. Create Database and Schema

First, create a dedicated database for Rippit data (or skip this step if using an existing database):

CREATE DATABASE Rippit_DB;

Create a schema within the database:

CREATE SCHEMA Rippit;

3. Create Service User

Create the Rippit service user and configure RSA key authentication:

CREATE USER RIPPIT_USER; ALTER USER RIPPIT_USER SET RSA_PUBLIC_KEY='<RIPPIT_PUBLIC_KEY>';

Rippit Public Key is accessible in the second step of the Snowflake Integration process else if you are unable to locate it there, reach out to your main POC at Rippit!

4. Configure Role and Permissions

Create a role for Rippit operations:

CREATE ROLE RIPPIT_ROLE;

Grant the necessary permissions:

CREATE ROLE RIPPIT_ROLE;
REVOKE ALL PRIVILEGES ON DATABASE RIPPIT_DB FROM RIPPIT_ROLE;
GRANT USAGE ON DATABASE RIPPIT_DB TO RIPPIT_ROLE;
GRANT USAGE ON WAREHOUSE <your_warehouse_name> TO RIPPIT_ROLE;
GRANT ROLE RIPPIT_ROLE TO USER RIPPIT_USER;
GRANT ALL ON SCHEMA rippit TO RIPPIT_ROLE;
GRANT OWNERSHIP ON SCHEMA rippit TO ROLE RIPPIT_ROLE;
-- the below operation is only needed if you don't have "auto resume" enabled on the warehouse
GRANT OPERATE ON WAREHOUSE <your_warehouse_name> TO RIPPIT_ROLE;

Important Notes

  • Warehouse Name: Replace <your_warehouse_name> with your actual Snowflake warehouse name

  • Auto-Resume: The GRANT OPERATE command is only needed if your warehouse doesn't have auto-resume enabled

  • Security: Contact your Rippit implementation team for the current RSA public key

Next Steps

After completing this setup, you'll need to configure the Rippit connection using these values:

Connection Configuration

When filling out the Rippit Snowflake connection form, use these values from your setup:

Field

Value

Account

Your Snowflake account identifier

Cloud Region ID

Your Snowflake region (e.g., us-east-1, eu-west-1)

User

RIPPIT_USER

Warehouse

<your_warehouse_name> (the warehouse you granted access to)

Database

RIPPIT_DB

Schema

RIPPIT

User Role

RIPPIT_ROLE

Final Steps

  1. Ensure Rippit has provided you with their current RSA public key

  2. Enter the connection details in Rippit's interface

  3. Test the connection to verify everything is working correctly


Troubleshooting

Common Issues That Cause Connection Failures

Case Sensitivity Problems:

  • Snowflake object names are case-sensitive when quoted, case-insensitive when unquoted

  • Our commands create unquoted objects (stored as UPPERCASE)

  • If the connection form is case-sensitive, use: RIPPIT_USER, RIPPIT_DB, RIPPIT, RIPPIT_ROLE

Account Identifier Format:

  • Use format: account_name.region or orgname-account_name

  • Don't include: https://, .snowflakecomputing.com, or other URL components

  • Example: abc12345.us-east-1 not https://abc12345.us-east-1.snowflakecomputing.com

Warehouse Issues:

  • Warehouse must be running or have auto-resume enabled

  • User needs USAGE permission (granted in setup)

  • If auto-resume is disabled, user needs OPERATE permission (conditional in our setup)

Network Access:

  • Check if all IPs are being whitelisted

  • Network policies apply at account level and can override other permissions

  • VPN/proxy configurations may require additional IP ranges

Role Assignment:

  • The user's default role might not be RIPPIT_ROLE

  • Connection may need to explicitly specify the role

  • Role inheritance can cause unexpected permission issues

Did this answer your question?