[Ultimate]{class="badge positive"}

Snowflake source

IMPORTANT
  • The Snowflake source is available in the sources catalog to users who have purchased Real-Time Customer Data Platform Ultimate.
  • By default, the Snowflake source interprets null as an empty string. Contact your Adobe representative to ensure that your null values are correctly written as null in Adobe Experience Platform.
  • For Experience Platform to ingest data, timezones for all table-based batch sources must be configured to UTC. The only time stamp that is supported for the Snowflake source is TIMESTAMP_NTZ with UTC time.

Adobe Experience Platform allows data to be ingested from external sources while providing you with the ability to structure, label, and enhance incoming data using Experience Platform services. You can ingest data from a variety of sources such as Adobe applications, cloud-based storage, databases, and many others.

Experience Platform provides support for ingesting data from a third-party database. Experience Platform can connect to different types of databases such as relational, NoSQL, or data warehouses. Support for database providers include Snowflake.

Prerequisites prerequisites

This section outlines the setup tasks that you need to complete before you can connect your Snowflake source to Experience Platform.

IP address allowlist

You must add region-specific IP addresses to your allowlist prior to connecting your sources to Experience Platform. For more information, read the guide on allowlisting IP addresses to connect to Experience Platform for more information.

Gather required credentials

You must provide values for the following credential properties to authenticate your Snowflake source.

Account key authentication (Azure)

Provide values for the following credentials to connect Snowflake to Experience Platform on Azure using account key authentication.

table 0-row-2 1-row-2 2-row-2 3-row-2 4-row-2 5-row-2 6-row-2 7-row-2
Credential Description
account An account name uniquely identifies an account within your organization. In this case, you must uniquely identify an account across different Snowflake organizations. To do this, you must prepend your organization name to the account name. For example: orgname-account_name. Read the section on retrieving your Snowflake account identifier for additional guidance. For more information, refer to the Snowflake documentation.
warehouse The Snowflake warehouse manages the query execution process for the application. Each Snowflake warehouse is independent from one another and must be accessed individually when bringing data over to Experience Platform.
database The Snowflake database contains the data you want to bring the Experience Platform.
username The username for the Snowflake account.
password The password for the Snowflake user account.
role The default access control role to use in the Snowflake session. The role should be an existing one that has already been assigned to the specified user. The default role is PUBLIC.
connectionString The connection string used to connect to your Snowflake instance. The connection string pattern for Snowflake is jdbc:snowflake://{ACCOUNT_NAME}.snowflakecomputing.com/?user={USERNAME}&password={PASSWORD}&db={DATABASE}&warehouse={WAREHOUSE}.
Key-pair authentication (Azure)

To use key-pair authentication, first generate a 2048-bit RSA key pair. Next, provide values for the following credentials to connect to Experience Platform on Azure using key-pair authentication.

table 0-row-2 1-row-2 2-row-2 3-row-2 4-row-2 5-row-2 6-row-2 7-row-2
Credential Description
account An account name uniquely identifies an account within your organization. In this case, you must uniquely identify an account across different Snowflake organizations. To do this, you must prepend your organization name to the account name. For example: orgname-account_name. Read the section on retrieving your Snowflake account identifier for additional guidance. For more information, refer to the Snowflake documentation.
username The username of your Snowflake account.
privateKey The Base64-encoded private key of your Snowflake account. You can generate either encrypted or unencrypted private keys. If you are using an encrypted private key, then you must also provide a private key passphrase when authenticating against Experience Platform. Read the section on retrieving your private key for more information.
privateKeyPassphrase The private key passphrase is an additional layer of security that you must use when authenticating with an encrypted private key. You are not required to provide the passphrase if you are using an unencrypted private key.
port The port number that is used by Snowflake when connecting to a server over the internet.
database The Snowflake database that contains the data you want to ingest to Experience Platform.
warehouse The Snowflake warehouse manages the query execution process for the application. Each Snowflake warehouse is independent from one another and must be accessed individually when bringing data over to Experience Platform.

For more information about these values, refer the Snowflake key-pair authentication guide.

Basic authentication (AWS)

Provide values for the following credentials to connect Snowflake to Experience Platform on AWS using basic authentication.

note warning
WARNING
Basic authentication (or account key authentication) for the Snowflake source will be deprecated on November 2025. You must move to key-pair based authentication in order to continue using the source and ingesting data from your database to Experience Platform. For more information on the deprecation, read the Snowflake best practices guide on mitigating the risks of credential compromise.
table 0-row-2 1-row-2 2-row-2 3-row-2 4-row-2 5-row-2 6-row-2 7-row-2
Credential Description
host The host URL that your Snowflake account connects to.
port The port number that is used by Snowflake when connecting to a server over the internet.
username The username associated with your Snowflake account.
password The password associated with your Snowflake account.
database The Snowflake database from where the data will be pulled from.
schema The name of the schema associated with your Snowflake database. You must ensure that the user you want to give database access to, also has access to this schema.
warehouse The Snowflake warehouse that you are using.
Key-pair authentication (AWS)

To use key-pair authentication, first generate a 2048-bit RSA key pair. Next, provide values for the following credentials to connect to Experience Platform on AWS using key-pair authentication.

table 0-row-2 1-row-2 2-row-2 3-row-2 4-row-2 5-row-2 6-row-2
Credential Description
account An account name uniquely identifies an account within your organization. In this case, you must uniquely identify an account across different Snowflake organizations. To do this, you must prepend your organization name to the account name. For example: orgname-account_name. Read the guide on retrieving your Snowflake account identifier for additional guidance. For more information, refer to the Snowflake documentation.
username The username of your Snowflake account.
privateKey The private key for your Snowflake user, base64-encoded as a single line with no headers or line breaks. To prepare it, copy the contents of your PEM file, remove the BEGIN/END lines and all line breaks, then base64-encode the result. Read the section on retrieving your private key for more information. Note: Encrypted private keys are not currently supported for an AWS connection.
port The port number that is used by Snowflake when connecting to a server over the internet.
database The Snowflake database that contains the data you want to ingest to Experience Platform.
warehouse The Snowflake warehouse manages the query execution process for the application. Each Snowflake warehouse is independent from one another and must be accessed individually when bringing data over to Experience Platform.

For more information about these values, refer the Snowflake key-pair authentication guide.

Retrieve your account identifier retrieve-your-account-identifier

You must retrieve your account identifier from the Snowflake UI dashboard because you will be using the account identifier to authenticate your Snowflake instance on Experience Platform.

To retrieve your account identifier:

  • Navigate to your account on the Snowflake application UI dashboard.
  • In the left navigation, select Accounts, followed by Active Accounts from the header.
  • Next, select the information icon and then select and copy the domain name of the current URL.

The Snowflake UI dashboard with the domain name selected.

Retrieve your private key retrieve-your-private-key

If you are using key-pair authentication for your Snowflake connection, then you must also generate your private key before connecting to Experience Platform.

Create an encrypted private key

To generate your encrypted Snowflake private key, run the following command on your terminal:

code language-shell
openssl genrsa 2048 | openssl pkcs8 -topk8 -v2 des3 -inform PEM -out rsa_key.p8

If successful, you should receive your private key in PEM format.

code language-shell
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIE6T...
-----END ENCRYPTED PRIVATE KEY-----
Create an unencrypted private key

To generate your unencrypted Snowflake private key, run the following command on your terminal:

code language-shell
openssl genrsa 2048 | openssl pkcs8 -topk8 -inform PEM -out rsa_key.p8 -nocrypt

If successful, you should receive your private key in PEM format.

code language-shell
-----BEGIN PRIVATE KEY-----
MIIE6T...
-----END PRIVATE KEY-----

Next, take your private key and encode it in Base64. Ensure that you do not do any transformations or format conversions on your Snowflake private key. Additionally, you must ensure that there are no trailing newline characters at the end of your private key, before encoding it in Base64.

Verify configurations

Before you can create a source connection for your Snowflake data, you must also ensure that the following configurations are met:

  • The default warehouse assigned to a given user must be the same as the warehouse that you input when authenticating to Experience Platform.
  • The default role assigned to a given user must have access to the same database that you input when authenticating to Experience Platform.

To verify your role and warehouse:

  • Select Admin on the left navigation and then select Users & Roles.
  • Select the appropriate user and then select the ellipses (...) on the top-right corner.
  • In the Edit user window that appears, navigate to Default Role to view the role associated with the given user.
  • In the same window, navigate to Default Warehouse to view the warehouse associated with the given user.

The Snowflake UI where you can verify your role and warehouse.

Once successfully encoded, you may then used that Base64-encoded private key on Experience Platform to authenticate your Snowflake account.

The documentation below provides information on how to connect Snowflake to Experience Platform using APIs or the user interface:

Connect Snowflake to Experience Platform using APIs

Connect Snowflake to Experience Platform using the UI

recommendation-more-help
337b99bb-92fb-42ae-b6b7-c7042161d089