Who can use this feature?
- Global admins or users with advanced permissions
- Available on all plans
A connection is an authentication mechanism to allow Totango to integrate with another system. Each connector has different requirements for connection. You can reuse connections to support multiple integration jobs.
Data warehouse integrations are a closed system; you cannot reuse data warehouse connections for other integration families.
A Snowflake connector is a pure database connection; it is built as a connector and an SQL query powers the connection.
1. Create a Snowflake user
We recommend that you create a specific user for fetching data with proper database access permissions (e.g., read-only access to a specific schema or a table).
- Connect to your Snowflake database.
- Ensure you are logged in as a SECURITYADMIN user role (or higher).
- Create read-only role:
create role totango_ro_role;
grant role totango_ro_role to role sysadmin;
- Ensure the default role of the Totango user is set to this read-only role.
To avoid connection issues, set
totango_ro_roleas the user's default role.
- Grant read-only role by privileges:
grant usage on database <your database name> to role totango_ro_role;
grant usage on schema <your database name>.<your schema name> to role totango_ro_role;
grant select on all tables in schema <your database name>.<your schema name> to role totango_ro_role;
grant usage on warehouse <your warehouse name> to role totango_ro_role;
2. Create a Snowflake connection in Totango
Totango allows you to authenticate using either method:
- Username / password
- Key file
In the event that your network is behind a firewall, you will need to whitelist our servers so that we may retrieve information from your data warehouse.
- In Totango, click Settings from the left nav.
- Expand Data Management > Customer Data Hub.
- From the list of active connectors (left), choose Data Warehouses.
- From the list of available connectors, hover over Snowflake, and click Connect (or View Integrations).
- Choose the preferred authentication method (Password or Key File). Depending on the option chosen, the authentication fields will vary (see below).
- Enter a name and description for the connection. Because you can have multiple connections with a connector (using different authentication profiles), a name and description helps you identify the connection later.
- Add the remaining details for the connection:
Host name: Host name of your Snowflake instance. You can get the hostname from the browser URL when you are logged in to Snowflake web app. It must be a full domain name, including the “snowflakecomputing.com.” For example, “dfr432245.us-west.snowflakecomputing.com”.
You can find more details in your worksheet of your Snowflake data warehouse:
- Username: Username of the user you plan to give access to your database for Totango
- Password: Password of the user
- Passphrase: Pass phrase if key file was encrypted
- Key file: Browse to find the key file you want to use (see below)
- Warehouse: The warehouse where this connector data should be fetched from
- Schema: The schema where this connector data should be fetched from
- Database: The database where this connector data should be fetched from
- Host name: Host name of your Snowflake instance. You can get the hostname from the browser URL when you are logged in to Snowflake web app. It must be a full domain name, including the “snowflakecomputing.com.” For example, “dfr432245.us-west.snowflakecomputing.com”.
- Click Connect.
You can now set up an integration using the connection.
All data warehouse connectors support SSL encryption. By default, Totango uses SSL encryption during connecting. If the data warehouse server does not support SSL encryption, the connection will use an unencrypted connection to stream data from the data warehouse.
Generate a key file
Learn more about Snowflake Key Pair (Key File) Authentication.
- Open a terminal window and generate a private key (encrypted or unencrypted):
$ openssl genrsa 2048 | openssl pkcs8 -topk8 -inform PEM -out rsa_key.p8Non-encrypted option:
$ openssl genrsa 2048 | openssl pkcs8 -topk8 -inform PEM -out rsa_key.p8 -nocryptGenerated file example:
-----BEGIN ENCRYPTED PRIVATE KEY----- MIIE6TAbBgkqhkiG9w0BBQMwDgQILYPyCppzOwECAggABIIEyLiGSpeeGSe3xHP1 wHLjfCYycUPennlX2bd8yX8xOxGSGfvB+99+PmSlex0FmY9ov1J8H1H9Y3lMWXbL ... -----END ENCRYPTED PRIVATE KEY-----
- Generate the public key by referencing the private key:
$ openssl rsa -in rsa_key.p8 -pubout -out rsa_key.pubGenerated file example:
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy+Fw2qv4Roud3l6tjPH4 zxybHjmZ5rhtCz9jppCV8UTWvEXxa88IGRIHbJ/PwKW/mR8LXdfI7l/9vCMXX4mk ... -----END PUBLIC KEY-----
- Assign the public key to a Snowflake user:
alter user jsmith set rsa_public_key='MIIBIjANBgkqh...';
Question: How does Totango connect to the Snowflake database?
Answer: Totango connects via JDBC (Java Database Connectivity) using snowflake-jdbc v3.12.4 driver.
Question: JDBC supports a read-only connection mode, is that being used for the Snowflake connector?
Answer: Currently Snowflake does not support a read-only connection mode. Once they will do, it will be enabled in the Totango connection.
Question: Can I change the Snowflake database port?
Answer: It is not the recommended practice to change the Snowflake port and Totango does not support custom port (support only default 443). In Snowflake, the port can be changed using proxy servers.
Question: Can I use Snowflake shared databases?
Answer: Yes, you just need to select the desired shared database from the list.