Overview
Stigg’s integration with Snowflake serves a core principal of granting access to raw data, enabling the creation of customized reporting solutions and fostering informed business decision-making.Stigg’s native integration with Snowflake is included in the Scale plan, and is also available as an optional add-on to the Growth plan. See Stigg’s pricing for more details.
Exported entities
When connecting Snowflake, you can choose which Stigg entity groups to include in the sync. All groups are selected by default. See Exported entities for the full list of entity groups and the tables within each.Entity schema
Setting up the integration
Prerequisites
To set up the integration, you’ll need a Snowflake account with the ACCOUNTADMIN role. If you don’t have an account with the ACCOUNTADMIN role, contact your Snowflake administrator to set one up for you.Snowflake deprecates the creation of new password-based users, so Stigg recommends key-pair authentication for all new Snowflake connections. Existing password-based connections should migrate to key-pair before Snowflake removes password users for service-type accounts.
Generate a Snowflake key pair (recommended)
Stigg supports connecting to Snowflake using key-pair authentication, which Snowflake recommends over password authentication.
Follow the steps below to generate the private and public RSA key pair. You’ll use the private key with Stigg, and the public key in Snowflake.These commands use theAfter running these commands you will have two files:-
Follow the steps below to generate the private and public RSA key pair. You’ll use the private key with Stigg, and the public key in Snowflake.These commands use the
openssl CLI. If you don’t have it installed, install it locally or ask your DevOps / infrastructure team to run them for you.rsa_key.p8: your private key in PKCS#8 format. This is the file you will upload or paste into Stigg when configuring the Snowflake integration.
- rsa_key.pub: your public key. In the next step, you will copy the Base64 body of this file (without the -----BEGIN PUBLIC KEY----- / -----END PUBLIC KEY----- lines) into the Snowflake SQL script.If you generated an encrypted private key, openssl will prompt you to choose a passphrase. Remember this value, as you’ll enter it in the Passphrase field in Stigg when connecting to Snowflake.If you prefer to authenticate with a username and password instead, skip this step.Create Stigg entities in Snowflake
In Snowflake, create the relevant Stigg entities (a role, user, warehouse, database and schema) with the OWNERSHIP permission.Open a new Snowflake worksheet and paste the below script:Replace
<PASTE YOUR PUBLIC KEY HERE> with the base64 content of your rsa_key.pub file (without the header/footer lines). If you’re using password authentication instead, remove the rsa_public_key line and set a password on the user instead.Run the script, while using the Run All option (⌘ + Shift + Enter shortcut in Mac or CTRL + Shift + Enter in Windows).Grant Stigg access to your Snowflake cluster
By default, Snowflake allows users to connect to the service and internal stage from any computer or device. A security administrator (or higher) can use a network policy to allow or deny access to a request based on its origin.In this step we’ll ensure that Stigg has access to your Snowflake cluster.In Snowflake, open a new worksheet and run the below command:If the returned result is empty, all network access is allowed to your cluster, and specifically Stigg can access it - skip to the next section.If the returned result is not empty, an existing network policy is in place. To ensure that Stigg can access your cluster, update the existing policy and add Stigg’s IP addresses to the allowlist using the below command:
Connect Stigg with Snowflake
In Stigg, navigate to Integrations > Apps > Snowflake.Enter the following information in the connection form:
Click Test & connect. Stigg will verify the credentials before saving the connection.
| Field | Description |
|---|---|
| Account URL | The Snowflake account URL, for example: https://ab12345.us-east-2.aws.snowflakecomputing.com |
| Role | The role you specified when creating the Stigg entities in Snowflake, for example: STIGG_ROLE |
| Warehouse | The warehouse you specified when creating the Stigg entities in Snowflake, for example: STIGG_WAREHOUSE |
| Database | The database you specified when creating the Stigg entities in Snowflake, for example: STIGG_DATABASE |
| Schema | The schema you specified when creating the Stigg entities in Snowflake, for example: STIGG_SCHEMA |
| Username | The username you specified when creating the Stigg entities in Snowflake, for example: STIGG_USER |
| Auth method | Select Key pair (recommended) or User / Password. |
| Private Key | Required for key-pair auth. The private key you created when generating the key pair. |
| Passphrase (optional) | Protects your private key with an extra password, if you generated an encrypted key. Snowflake recommends following PCI DSS guidelines and storing it securely. |
| Password | Required for password auth. The password for the Snowflake user. |
Select entities to export
After entering your connection details, expand the Entities to export section to choose which entity groups to include in the sync. All groups are selected by default.See Exported entities for a description of each group.
Migrating existing connections from password-based to key-pair authentication
If you previously connected Stigg to Snowflake using password-based authentication, you can easily migrate your connection to RSA key-pair authentication without losing access.Click Switch to key pair
In the Snowflake integration card, click Switch to key pair in the banner. This will open the guided migration wizard.

Generate your key pair
Follow the Generate a Snowflake key pair step above to create your private and public keys.
Update your Snowflake user
Use the script below to update the existing Stigg user and associate your new public key. This script removes password-based authentication and enables key-pair login.Replace
<BASE64_PUBLIC_KEY> with the base64 content of your public key (without the BEGIN/END lines).Update your Stigg connection
Go to connection details.
- Paste or upload your private key file (rsa_key.p8).
- Enter your passphrase (if applicable).
- Click Update Snowflake connection. Your integration will now use RSA key-pair authentication.
Existing data and sync configuration remain unchanged. Only the authentication method is updated.
Sync process and schedule
After setup, Stigg performs a full sync of all selected entities. Subsequent syncs are incremental, transferring only changes since the last run. Stigg syncs data to Snowflake on a configurable schedule — daily at 12:00 AM UTC by default. You can adjust the sync frequency from the Snowflake integration settings at any time.Manual sync
To trigger an immediate sync, open the Snowflake integration in Stigg and click Sync now.Sync history
The Snowflake integration page shows a log of all past and in-progress syncs. The dashboard updates automatically as syncs complete — no need to refresh. Each row in the history shows the sync status and timestamps. Expand a row to see:- Number of rows synced per entity
- Sync duration
- What triggered the sync (scheduled or manual)
- Who initiated it (for manual syncs)
Rotating your Snowflake keys (recommended)
Snowflake supports two public key slots for each user:RSA_PUBLIC_KEYRSA_PUBLIC_KEY_2
Generate a new key pair
Follow the same steps as in the Generate a Snowflake key pair section to create a new private key and public key.
Update Stigg with the new private key
In Stigg → Integrations → Snowflake:
- Upload or paste your new
rsa_key.p8 - Enter the passphrase (if applicable)
- Click Update Snowflake connection
Key rotation is a security best practice and recommended for SOC2 / ISO27001 compliance.
