Snowflake for Workflows setup

changelog:

  • 2025-06-27 Added:
  • information about storing results in Grail
  • revised the entire "Authorize the connection to Snowflake" section for clarity and accuracy
  • expanded details in the "Obtain Authentication Credentials" section
  • added an example configuration for OAuth
  • introduced new subsections: "Note" and "Security recommendations"
  • Latest Dynatrace
  • 2min
  • Preview
Preview release

Snowflake for Workflows is currently in preview release and is available to selected customers only. If you would like to share feedback or ideas, join the preview by signing up via the Request access to Snowflake Workflow Connector form or contacting your Customer Success Manager.

For more information, see preview releases.

After you join the preview program for Snowflake for Workflows, we'll provide Hub subscription details. With those subscription details, follow the Add Hub subscriptions procedure to you activate the capability.

Preview

Your Dynatrace environment can integrate with a Snowflake instance using Snowflake for Workflows Snowflake. With this integration, you can execute statements on your database and load results into Grail.

Prerequisites

  • To install Snowflake for Workflows, you need the app-engine:apps:install permission.

  • To improve traceability and auditability, use a dedicated Snowflake service user to access your Snowflake database.

  • To add connection settings, you need the following permissions:

    ALLOW settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "app:dynatrace.snowflake.connector:connection"

    For more information, see Permissions and access.

  • Connections are shared and can be used by all users with app-settings read permissions.

  • If you choose to store results in Grail using the store-statement-result action, you need to configure the required write permissions for the actor of the workflow. Ensure that it has the storage:buckets:read and storage:events:write permissions.

Steps

  1. Install Snowflake for Workflows.
  2. Set up the connection between Snowflake and Dynatrace.
  3. Authorize the connection to Snowflake.

Install Snowflake for Workflows

To integrate with a Snowflake database, you need to install Snowflake for Workflows from Dynatrace Hub.

  1. In Dynatrace Hub Hub, select Snowflake for Workflows.
  2. Select Install.

Setup the connection between Snowflake and Dynatrace

To set up the connection between Snowflake and your Dynatrace environment

  1. Open the Settings Classic and go to Preferences > Limit Outbound Connections.
  2. Select Add item and add the domain of your publicly accessible Snowflake, for example, *.snowflakecomputing.com.
  3. Select Save changes.

Authorize the connection to Snowflake

To authorize a connection to a Snowflake instance, follow the steps below:

Obtain Authentication Credentials

The Snowflake for Workflows application supports both authentication methods offered:

  • Key-Pair JWT — Key-pair authentication (JWT) uses a private key to generate a JWT token, which is then used to authorize access to Snowflake. For more information on the configuration details, see the Key Pair Authentication section of the Snowflake documentation Using key-pair authentication.

  • External OAuth with the client_credentials flow — This method uses an OAuth provider configured as an External OAuth Provider in relation to Snowflake. For more information on a list of supported external OAuth providers, see the official Snowflake documentation External OAuth overview | Snowflake Documentation.

The only OAuth flow type we support is client_credentials, as it runs automatically in the background and does not require an interaction from the user (especially multi-factored authentication methods)

OAuth Configuration Examples:

Note

The configuration on the Snowflake side and with the OAuth provider, for example, Azure, is the user's responsibility. Dynatrace is not responsible for an incorrect configuration outside of its environment—this applies to both JWT and OAuth methods. Ensure your configuration is valid by testing it using the Snowflake tools such as SnowSQL.

Security recommendations

  • We recommend using technical accounts that don't require login via username and password.
  • We require that the technical account does not use any form of multi-factor authentication (MFA)—since the connection is initiated automatically without user interaction.

Configure the connection in Dynatrace.

  1. In Dynatrace, go to Settings and select Connections.

  2. Search for Snowflake for Workflows.

  3. Select Connection. The Create new connection dialog opens.

  4. Enter the Connection name. Provide a unique and clearly identifiable connection name.

  5. Enter ** URL**. This is the URL of the Snowflake instance.

  6. Enter the authentication credentials: private key and account settings for JWT or OAuth client_credentials parameters.

  7. Select Create.