Who gets this? Data Warehouse Push is currently only available in beta for Postscript brands on the Enterprise plan. To begin using Data Warehouse Push, please be sure to first contact your Customer Success Manager.
Data Warehouse Push allows Postscript to automatically send both historical and new data stored in-app, including clicks, order attribution, and more, to your designated data warehouse.
In this article, we'll walk you through the three steps for configuring your Snowflake destination.
IMPORTANT! Once complete, share the credentials with Postscript and we'll handle the rest.
Prerequisites
A Snowflake account with ACCOUNTADMIN access to create users and grant roles
If your Snowflake account has a network policy with IP restrictions, you'll need to allowlist Postscript's IP addresses before connecting
Step 1: Create a Dedicated User & Grant Permissions
Choose one of the following options based on your security requirements.
Option A — Grant SYSADMIN Role (Simpler)
Log in to your Snowflake console as a user with the ACCOUNTADMIN role, open the Worksheets tab, and run the following script. Replace {password} with a password of your choice. If you plan to use key-pair authentication instead, you can omit the password line entirely.
begin; set var_user = 'POSTSCRIPT_USER'; set var_password = '{password}'; use role accountadmin; create user if not exists identifier($var_user) password = $var_password; grant role sysadmin to user identifier($var_user); alter user identifier($var_user) set default_role = sysadmin; commit;
Option B — Custom Role with Specific Permissions (Recommended)
Log in to your Snowflake console as a user with the ACCOUNTADMIN role, open the Worksheets tab, and run the following script. Replace the variables at the top with your preferred names and a secure password. If you plan to use key-pair authentication instead, you can omit the password line entirely.
begin; set var_user = 'POSTSCRIPT_USER'; set var_password = '{password}'; set var_role = 'POSTSCRIPT_ROLE'; set var_database = 'POSTSCRIPT_DATABASE'; set var_warehouse = 'POSTSCRIPT_WAREHOUSE'; use role securityadmin; create role if not exists identifier($var_role); grant role identifier($var_role) to role sysadmin; create user if not exists identifier($var_user) password = $var_password default_role = $var_role default_warehouse = $var_warehouse; grant role identifier($var_role) to user identifier($var_user); use role sysadmin; create warehouse if not exists identifier($var_warehouse) warehouse_size = xsmall warehouse_type = standard auto_suspend = 300 auto_resume = true initially_suspended = true; create database if not exists identifier($var_database); grant usage on warehouse identifier($var_warehouse) to role identifier($var_role); grant create schema, monitor, usage on database identifier($var_database) to role identifier($var_role); grant all on all schemas in database identifier($var_database) to role identifier($var_role); grant all on all tables in database identifier($var_database) to role identifier($var_role); grant all on future tables in database identifier($var_database) to role identifier($var_role); commit;Step 2: Password Authentication
Gather Your Connection Details
Field | Description |
Username | The user you created (e.g. |
Password | The password set in the script above |
Account Name | Found in the Snowflake UI — click your account name in the bottom-left corner, then hover to copy the Account URL. The account name is the portion before |
Warehouse | The warehouse name (e.g. |
Role | The role name (e.g. |
Database | The target database name (e.g. |
Schema | The target schema name (optional) |
<aside>
Snowflake passwords cannot include the following special characters: { } " ? / # *
</aside>
Key-Pair Authentication (Optional)
If you'd prefer not to share a password, you can authenticate using an RSA key pair instead.
Key generation requires a Mac or Linux machine. Windows is not supported for this step.
Step 1 — Generate the private key
Open a Terminal and run the following command. This creates an unencrypted private key file called rsa_key.p8 in your current directory.
openssl genrsa 2048 | openssl pkcs8 -topk8 -inform PEM -out rsa_key.p8 -nocrypt
Step 2 — Generate the public key
openssl rsa -in rsa_key.p8 -pubout -out rsa_key.pub
Step 3 — Copy the public key contents
cat rsa_key.pub
Copy everything between (but not including) the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- lines. You only need the key body — the lines of characters in between.
Step 4 — Assign the public key to your Snowflake user
In your Snowflake Worksheets tab, run the following. Replace POSTSCRIPT_USER with the username you created in Step 1, and replace the placeholder with the key body you copied above.
alter user POSTSCRIPT_USER set rsa_public_key='MIIBIjANBgkqhki...';
Gather Your Connection Details
Send Postscript the rsa_key.p8 file along with the following:
Field | Description |
Username | The user you created (e.g. |
Private Key File | The |
Account Name | The portion of your Snowflake URL before |
Warehouse | The warehouse name (e.g. |
Role | The role name (e.g. |
Database | The target database name (e.g. |
Schema | The target schema name (optional) |
Get Support
Have questions? Please feel free to reach out to our Support team at [email protected] or via live chat.
Need ongoing channel strategy guidance? Please fill out this form and we'll connect you to one of our certified partners.