Connecting Snowflake

Create the Trustle service account that automates JIT for entitlements through the Snowflake APIs

3
min read
Written by
Matthew Hathaway

Step 1: Create the trustle_setup.sql

  1. Log in to the Snowflake console as an admin user
  2. Navigate to your workspace in Snowflake console (Work with data > Projects > Workspace)
  3. Create a new file to run the trustle setup queries

Step 2: Trustle Role

  1. Create the Role for Trustle Service Account
  2. Grant IMPORTED Privileges on Snowflake Database
  3. Grant the SECURITYADMIN role to the Trustle Role

CREATE ROLE IF NOT EXISTS TRUSTLE_ROLE COMMENT = 'Role for Trustle integration - DO NOT DELETE.';
GRANT IMPORTED PRIVILEGES ON DATABASE SNOWFLAKE TO ROLE TRUSTLE_ROLE;
GRANT ROLE SECURITYADMIN TO ROLE TRUSTLE_ROLE;

Step 3: Trustle Warehouse

  1. Create the Warehouse that the Trustle Service Account will work on
  2. Grant USAGE to the Trustle Role

CREATE WAREHOUSE IF NOT EXISTS TRUSTLE_ETL_WH
WAREHOUSE_SIZE = 'XSMALL'
AUTO_SUSPEND = 60
AUTO_RESUME = TRUE;
GRANT USAGE ON WAREHOUSE TRUSTLE_ETL_WH TO ROLE TRUSTLE_ROLE;

Step 4: Trustle Service Account User

  1. Open a terminal on your local machine, and create an RSA Key to be used in the Service Account

openssl genrsa 2048 | openssl pkcs8 -topk8 -inform PEM -out trustle_rsa_key.p8 -nocrypt
openssl rsa -in trustle_rsa_key.p8 -pubout -out trustle_rsa_key.pub

  1. Create the Service Account User (replacing the RSA_PUBLIC_KEY contents)
  2. Grant the Trustle Role to the Service Account

CREATE USER TRUSTLE_SERVICE_ACCOUNT
TYPE = SERVICE
DEFAULT_ROLE = SECURITYADMIN
DEFAULT_WAREHOUSE = TRUSTLE_ETL_WH
COMMENT = 'Service Account for Trustle integration - DO NOT DELETE.'
RSA_PUBLIC_KEY='<contents of trustle_rsa_key.pub>';
GRANT ROLE TRUSTLE_ROLE TO USER TRUSTLE_SERVICE_ACCOUNT;

Step 5: Set up the integration

  1. Navigate to the Connections page in Trustle from the left menu
  2. Under SaaS Applications find the Snowflake logo and choose Connect
  3. Provide the connection details
  4. Add the Snowflake Account Identifier (e.g., xy12345.us-east-1 or organization-account_name)
  5. Add the Private Key generated in step 4.1 (including the BEGIN and END syntax)
  6. Click Test Connection
  7. Upon successfully testing the connection, click Save Connection

Matthew Hathaway

Related articles

Connecting Snowflake

Connecting GitLab

Connecting Salesforce

Connecting HubSpot

Connecting Google Cloud Platform

Connecting Azure

Connecting Entra ID

Connecting Google Workspace

Connecting Okta

Connecting Slack

Connecting AWS

Connecting GitHub