Overview
Tight integrates directly with Snowflake to periodically upload raw accounting data to your own Snowflake data warehouse. By pushing data into your Snowflake infrastructure, Tight eliminates the need for your data team to build direct connections to the Tight API, allowing your team to work in the data stack they’re already using.
Data is exported in Parquet file format on daily, weekly, or monthly intervals, including bank linkage data, invoices, lifecycle events, and transactions. Learn more about available data types and use cases in the Data Lakes guide.
Create a Snowflake Managed Stage
If you haven’t done so already, create a Snowflake account and create a Snowflake Managed Stage where Tight will upload your data. You can name this stage anything you’d like; “TIGHT_DATALAKE_UPLOADS” is used for the examples shown below.
Make note of the database name and stage name, as you’ll need to share these with Tight.
Create Key Pair Authentication Keys
Next, generate key pair authentication keys for secure authentication to your Snowflake account.
From the command prompt, execute the following commands:
openssl genrsa 2048 | openssl pkcs8 -topk8 -inform PEM -out rsa_key.p8 -nocrypt
openssl rsa -in rsa_key.p8 -pubout -out rsa_key.pub
rsa_key.p8 and rsa_key.pub files securely for use in later steps.
Store the private key (rsa_key.p8) securely. You’ll need to share this with Tight to enable data uploads.
Create an Upload Role
Create a dedicated role for Tight to use when uploading data to your Snowflake warehouse. For example, name it TIGHT_UPLOADER_ROLE:
Grant Role Permissions
Grant the necessary permissions to the TIGHT_UPLOADER_ROLE:
Grant USAGE to Database:
Grant USAGE to the PUBLIC Schema:
Grant READ/WRITE to the Stage:
Grant read and write permissions to the stage you created (e.g., TIGHT_DATALAKE_UPLOADS):
Create a Service User
Create a service user using Snowflake SQL. Service users with RSA authentication cannot be created through the Snowflake UI, so you’ll need to execute SQL commands.
Using the public key from rsa_key.pub that you generated earlier, execute the following SQL statement:
CREATE OR REPLACE USER TIGHT_UPLOADER_USER
TYPE = SERVICE
RSA_PUBLIC_KEY = '-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0chQEeQSKX3I+Y5VD3M+
kyPEbFDTgmEqxgerz3hIihUGV+iWWoHdeUYFCORfK1p/Sa3e3u79h1+hI4e9lsWU
8xLUCUlcfImbu7EbZ5oNYlhRi5nFhkqN4YlylbUghlsmJv7GK4L68i9M/WUoG9RR
yvHghltIMpwbQfRZ4wYG5Dc2sl7ZbCe8qn7VGrSzWWcex3WK9K8kbBJkK86H8X7u
L1QgY+a//s32HuBmbfV8+x4kC3oSrFhPDFJX5kJI33UPqRNyuhSZOuJMMNhXX8bh
PAKY4ExZVotEKX+p8hZ0La5N7TT+Ma08Zp9WR5YGuG2XPK+9dE2Yg9Luauc+R4hj
wwIDAQAB
-----END PUBLIC KEY-----'
DEFAULT_ROLE = 'TIGHT_UPLOADER_ROLE'
DEFAULT_WAREHOUSE = 'COMPUTE_WH'
COMMENT = 'Tight service account for uploading to stage';
Replace the example RSA public key with your actual public key.
Replace the example RSA public key with the contents of your rsa_key.pub file, including the BEGIN and END markers.
Grant Role to Service User
Grant the TIGHT_UPLOADER_ROLE to your TIGHT_UPLOADER_USER:
Securely Share Access with Tight
Contact Tight directly at api@tight.com for instructions on how to securely share:
- Snowflake account identifier (e.g., GSX***-****)
- Database name
- Schema name (typically PUBLIC)
- Stage name (e.g., TIGHT_DATALAKE_UPLOADS)
- Service user name (e.g., TIGHT_UPLOADER_USER)
- RSA private key file (
rsa_key.p8)
Once configured, Tight will automatically begin uploading data files to your Snowflake stage based on your preferred schedule (daily, weekly, or monthly). Files are organized in a consistent directory structure within your stage, making it easy to integrate with your existing data pipelines and analytics tools.
