segmentio · stayseesong · Oct 8, 2025 · Oct 7, 2025 · Oct 8, 2025 · Oct 8, 2025
@@ -9,8 +9,6 @@ Set up Snowflake as your Reverse ETL source.
 
 At a high level, when you set up Snowflake for Reverse ETL, the configured user/role needs read permissions for any resources (databases, schemas, tables) the query needs to access. Segment keeps track of changes to your query results with a managed schema <br>(`__SEGMENT_REVERSE_ETL`), which requires the configured user to allow write permissions for that schema.
 
-> success ""
-> Segment now supports key-pair authentication for Snowflake Reverse ETL sources.
 
 > info "Snowflake Reverse ETL sources support Segment's dbt extension"
 > If you have an existing dbt account with a Git repository, you can use [Segment's dbt extension](/docs/segment-app/extensions/dbt/) to centralize model management and versioning, reduce redundancies, and run CI checks to prevent breaking changes.
@@ -57,9 +55,12 @@ Follow the instructions below to set up the Segment Snowflake connector. Segment
    GRANT CREATE SCHEMA ON DATABASE segment_reverse_etl TO ROLE segment_reverse_etl;
    GRANT CREATE TABLE ON SCHEMA __segment_reverse_etl TO ROLE segment_reverse_etl;
    ```
-6. Enter and run one of the following code snippets below to create the user Segment uses to run queries. For added security, Segment recommends creating a user that authenticates using a key pair.
+6. Enter and run one of the following code snippets below to create the user Segment uses to run queries. 
+
+   1. To create a user that authenticates with a key pair, you need to first create the user and assign it a key pair following the instructions in the [Snowflake docs](https://docs.snowflake.com/en/user-guide/key-pair-auth){:target="_blank”}. 
+
+   2. Execute the following SQL commands: 
 
-   To create a user that authenticates with a key pair, [create a key pair](https://docs.snowflake.com/en/user-guide/key-pair-auth#configuring-key-pair-authentication){:target="_blank”} and then execute the following SQL commands: 
    ``` sql
    -- create user (key-pair authentication)
    CREATE USER segment_reverse_etl_user
@@ -69,21 +70,9 @@ Follow the instructions below to set up the Segment Snowflake connector. Segment
    -- role access
    GRANT ROLE segment_reverse_etl TO USER segment_reverse_etl_user;
    ```
-
-   To create a user that authenticates with a password, execute the following SQL commands:
-   ```sql
-   -- create user (password authentication)
-   CREATE USER segment_reverse_etl_user
-    MUST_CHANGE_PASSWORD = FALSE
-    DEFAULT_ROLE = segment_reverse_etl
-    PASSWORD = 'my_strong_password'; -- Do not use this password
-
-   -- role access
-   GRANT ROLE segment_reverse_etl TO USER segment_reverse_etl_user;
-   ```
 7. Add the account information for your source.  
-5. Click **Test Connection** to test to see if the connection works.
-6. Click **Add source** if the test connection is successful.
+8. Click **Test Connection** to test to see if the connection works.
+9. Click **Add source** if the test connection is successful.
 
 
 Learn more about the Snowflake Account ID in Snowflake's [Account identifiers](https://docs.snowflake.com/en/user-guide/admin-account-identifier.html){:target="_blank"} documentation.

@@ -89,35 +89,11 @@ GRANT CREATE SCHEMA ON DATABASE "SEGMENT_EVENTS" TO ROLE "SEGMENT";
 
 ### Step 4: Create a user for Segment
 
-Create the user that Segment uses to connect to your warehouse. You can create a user that authenticates with a key pair, or you can create a user that authenticates using a password. For enhanced security, Segment recommends creating a user that authenticates with an encrypted key pair.
+Create the user that Segment uses to connect to your warehouse. You can create a user that authenticates with a key pair. 
 
-#### Create a user that authenticates with a key pair
-If you are creating a user that will use a key pair to authenticate, you first must create a public key and then can create a new user. 
-
-##### Generate keys
-
-To start, open a terminal window and generate a private key by running the following command, replacing `key_name` with the name you'd like to give the key. The command generates a private key in PEM format, and will prompt you to enter a passphrase. Write down or remember this passphrase, as you will need it when creating your Segment user and configuring your destination in the Segment app.
-
-> success ""
-> If you want to generate an unencrypted private key, append `-nocrypt` to the end of the command.
-
-```
-openssl genrsa 2048 | openssl pkcs8 -topk8 -v2 des3 -inform PEM -out key_name.p8
-```
-
-After you've created the private key, save the file to a local directory. You'll need to upload the .p8 file to the Segment app when you create your Snowflake destination. 
-
-Next, generate your public key by running the following command, replacing `key_name.p8` with the name of the private key that you previously created and `public_key_name` with the name of your new public key. 
-
-```
-openssl rsa -in key_name.p8 -pubout -out public_key_name.pub
-```
-
-After you've created the public key, save the file to a local directory. 
-
-##### Generate a new user and assign the key to them
-
-Now, create a new user by executing the following SQL command, replacing the public key value with the key you previously generated.
+To create a user that authenticates with a key pair:
+1. Create the user and assign it a key pair by following the instructions in the [Snowflake docs](https://docs.snowflake.com/en/user-guide/key-pair-auth){:target="_blank"}. 
+2. Create a new user by executing the following SQL command, replacing the public key value with the key you previously generated. 
 
 ``` sql
 CREATE USER SEGMENT_USER 
@@ -126,17 +102,6 @@ CREATE USER SEGMENT_USER
 GRANT ROLE "SEGMENT" TO USER "SEGMENT_USER";
 ```
 
-#### Create a user that authenticates with a username and password
-If you are creating a user that will use a username and password to authenticate, execute the following SQL command. Be sure to set a strong, unique password.
-
-```sql
-CREATE USER "SEGMENT_USER"
-  MUST_CHANGE_PASSWORD = FALSE
-  DEFAULT_ROLE = "SEGMENT"
-  PASSWORD = "my_strong_password"; -- Do not use this password
-GRANT ROLE "SEGMENT" TO USER "SEGMENT_USER";
-```
-
 ### Step 5: Test the user and credentials
 
 Before you continue, test and validate the new user and credentials. After you verify the new credentials, you can connect Snowflake to Segment.
@@ -157,67 +122,6 @@ For accounts outside the US, the account ID includes the region. You can find yo
 
 For example, if your web address is `https://myaccountname.snowflakecomputing.com/console#/internal/worksheet`, your account name would be `myaccountname`.
 
-#### Test a username and password
-Segment uses [SnowSQL](https://docs.snowflake.com/en/user-guide/snowsql){:target="_blank"} to run these verification steps.
-To install SnowSQL and verify your accounts:
-
-1. Download [SnowSQL](https://docs.snowflake.com/en/user-guide/snowsql){:target="_blank"}
-2. Open the Installer and follow instructions.
-3. When the installation is complete, run the following command, replacing "account" and "user" with your Snowflake Account ID and username:
-
-```
-snowsql -a <account>  -u <user>
-```
-
-For accounts outside the US, the account ID includes the region. You can find your account name from the browser address string.
-
-For example, if your web address is `https://myaccountname.snowflakecomputing.com/console#/internal/worksheet`, your account name would be `myaccountname`.
-
-You can also find part of your account name by running the following query on your worksheet in Snowflake:
-
-```sql
-SELECT CURRENT_ACCOUNT();
-```
-4. Enter password when prompted.
-
-5. Run the following:
-
-```
-~$ snowsql --accountname myb10 --username SEGMENT_USER
-Password:
-* SnowSQL * v1.1.46
-Type SQL statements or !help
-SEGMENT_USER#(no warehouse)@(no database).(no schema)>SELECT 1;
-+---+
-| 1 |
-|---|
-| 1 |
-+---+
-1 Row(s) produced. Time Elapsed: 0.093s
-SEGMENT_USER#(no warehouse)@(no database).(no schema)>USE WAREHOUSE "SEGMENT_WAREHOUSE";
-+----------------------------------+
-| status                           |
-|----------------------------------|
-| Statement executed successfully. |
-+----------------------------------+
-1 Row(s) produced. Time Elapsed: 0.118s
-SEGMENT_USER#SEGMENT_WAREHOUSE@(no database).(no schema)>USE DATABASE "SEGMENT_EVENTS";
-+----------------------------------+
-| status                           |
-|----------------------------------|
-| Statement executed successfully. |
-+----------------------------------+
-1 Row(s) produced. Time Elapsed: 0.130s
-SEGMENT_USER#SEGMENT_WAREHOUSE@SEGMENT_EVENTS.(no schema)>!exit
-```
-
-If you would like to use the web interface, switch to the new role for the Segment user, create a new Worksheet and execute:
-
-```sql
-SELECT 1;
-USE WAREHOUSE "SEGMENT_WAREHOUSE";
-USE DATABASE "SEGMENT_EVENTS";
-```
 
 ### Step 6: Connect Snowflake to Segment
 

@@ -150,13 +150,13 @@ To connect your warehouse to the Data Graph:
 2. Click **Connect warehouse**.
 3. Select Snowflake as your warehouse type. 
 4. Enter your warehouse credentials. Segment requires the following settings to connect to your Snowflake warehouse:
-- **Account ID**: The Snowflake account ID that uniquely identifies your organization account
-- **Database**: The only database that Segment requires write access to in order to create tables for internal bookkeeping. This database is referred to as `segment_connection_db` in the script below
-- **Warehouse**: The [warehouse](https://docs.snowflake.com/en/user-guide/warehouses){:target="_blank”} in your Snowflake account that you want to use for Segment to run the SQL queries. This warehouse is referred to as `segment_connection_warehouse` in the script below
-- **Username**: The Snowflake user that Segment uses to run SQL in your warehouse. This user is referred to as `segment_connection_username` in the script below
-- **Authentication**: There are 2 supported authentication methods:
-  - **Key Pair**: This is the recommended method of authentication. You would need to first create the user and assign it a key pair following the instructions in the [Snowflake docs](https://docs.snowflake.com/en/user-guide/key-pair-auth){:target="_blank"}. Then, follow the Segment docs above to set up Snowflake permissions and set the `segment_connections_username` variable in the SQL script to the user you just created
-  - **Password**: The password of the user above. This password is referred to as `segment_connection_password` in the script below
+- **Account ID**: The Snowflake account ID that uniquely identifies your organization account.
+- **Database**: The only database that Segment requires write access to in order to create tables for internal bookkeeping. This database is referred to as `segment_connection_db` in the script below.
+- **Warehouse**: The [warehouse](https://docs.snowflake.com/en/user-guide/warehouses){:target="_blank”} in your Snowflake account that you want to use for Segment to run the SQL queries. This warehouse is referred to as `segment_connection_warehouse` in the script below.
+- **Username**: The Snowflake user that Segment uses to run SQL in your warehouse. This user is referred to as `segment_connection_username` in the script below.
+- **Authentication**: Snowflake only supports authentication using a key pair:
+  - **Key Pair**: You need to first create the user and assign it a key pair following the instructions in the [Snowflake docs](https://docs.snowflake.com/en/user-guide/key-pair-auth){:target="_blank"}. Then, set the `segment_connections_username` variable in the SQL script to the user you just created.
+
 
 5. Test your connection, then click Save.