This guide is for customers who already have a Snowflake destination configured in Openbridge and wish to migrate to the new OAuth-based authentication model.
The migration process lets you reuse your existing Snowflake infrastructure (warehouse, database, schema, etc.) while enabling the new secure OAuth workflow.
⚠️ Important Notices
Backup first! Do not run the migration script on production infrastructure that you have not backed up.
Openbridge is not responsible for any issues or data loss that may occur during this process.
The Openbridge migration script is non-destructive — it is written to detect and reuse existing objects in Snowflake without overwriting them. However, caution and backups are still strongly recommended.
🧹 Pre-Migration Cleanup
Before starting, log in to your Snowflake account and run the following command to check for and remove any leftover test tables that may have been created during your previous setup:
DROP TABLE IF EXISTS test_table;
🧠 Why:
These tables were created during the original Snowflake destination setup as part of connection testing. Keeping them may cause conflicts during the migration process.
🪣 Step 1: Prepare Your S3 Bucket
The OAuth integration requires an S3 bucket that acts as a temporary staging area while data is in transit.
Follow Step 1 from the Snowflake Warehouse with OAuth Authentication guide to create or configure your S3 bucket.
You can either:
Use the Openbridge CloudFormation template to automatically provision a bucket with correct permissions, or
Configure your existing bucket manually by applying the provided IAM policy.
Ensure:
The bucket region matches your Snowflake region.
The Openbridge IAM role has the correct read/write/list permissions.
🔐 Step 2: Configure Your Existing Snowflake Environment for OAuth
The same Openbridge setup script used for new destinations can also be used to migrate an existing one.
It will safely create missing objects and integrate OAuth authentication into your environment.
✅ Use the Same Database, Schema, and Warehouse
Use your existing values from your current Openbridge destination.
If you’re unsure, log in to your Openbridge account, open your existing Snowflake destination, and note these fields.
SET openbridge_database = 'YOUR_OPENBRIDGE_DB'; -- e.g., 'BUXZZ_DATABASE'
SET openbridge_schema = 'YOUR_OPENBRIDGE_SCHEMA'; -- e.g., 'BUXZZ_SCHEMA'
SET openbridge_warehouse = 'YOUR_OPENBRIDGE_WAREHOUSE'; -- e.g., 'BUXZZ_WAREHOUSE'
🚫 Do Not Reuse Username and Password
Your existing Snowflake integration includes username and password fields.
However, these are not the same as the new fields requested in the script.
They are used exclusively to grant Openbridge a secure token for database access.
Do not reuse your previous credentials.
Create new ones:
SET openbridge_username = 'YOUR_OPENBRIDGE_USERNAME'; -- e.g., 'BUXZZ_USER'
SET openbridge_password = 'YOUR_OPENBRIDGE_PASSWORD'; -- e.g., '12BUXZZ!@'
These credentials are used only for the OAuth handshake process, not for direct database logins.
🧩 Role and Stage Fields
Reusing Your Existing Role
In your previous Snowflake setup, you created a role manually as part of the Openbridge configuration process.
You’ll need to log in to your Snowflake account to confirm what you named that role.
Once you find it, reuse the same role name here:
SET openbridge_role = 'YOUR_EXISTING_ROLE'; -- e.g., 'BUXZZ_ROLE'
💡 Reusing the same role ensures all existing permissions remain valid during migration.
Creating a New Stage
The stage field is new to the OAuth integration.
You don’t need to create it manually — the Openbridge script will create it for you if it doesn’t exist.
SET openbridge_stage = 'YOUR_OPENBRIDGE_STAGE'; -- e.g., 'BUXZZ_STAGE'
⚙️ Step 3: Run the Official Openbridge Script Using Your Existing Configuration Values
At this stage, you have already defined all required variables (database, schema, warehouse, username, password, role, stage, and S3 details).
Now you can run the official Openbridge Snowflake setup script — the same script shown in
🧩 What’s different in this migration scenario:
You are not creating a brand-new environment from scratch.
Instead, you are reusing the values from your existing Snowflake configuration to create a new OAuth-based destination that connects to the same Snowflake database, schema, and warehouse.
The script will:
Reuse your existing database, schema, and warehouse
Create the new OAuth integration
Generate required role and stage objects if they do not already exist
Establish secure permissions and OAuth secrets
👉 Once the script completes successfully, continue with Step 3: Finalize S3 Permissions and Final Step: Retrieve OAuth Credentials of the official guide.
🔑 Step 4: Finalize Configuration in Openbridge
Create new Snowflake destination in Openbridge UI:
Step 1: Confirm your Snowflake setup is ready.
Step 2:
➕ Option A: Use Existing Authorization
If you have a saved authorization, select it from the list.🔄 Option B: Create New Authorization
Choose Authorize → Select "Bring Your Own App" → EnterClient ID,Secret, andAuthorization URL→ Authorize via direct Snowflake login.
(Once complete, your Snowflake identity will appear and can be selected.)
Step 3: Fill in:
Snowflake Account Identifier (can be found in your Snowflake account details)
Database
Schema
Warehouse
Stage
Role
S3 Bucket
S3 Bucket Region (must be the same region as your s3 bucket)
Step 4: Name your destination and click Save.
🔄 Step 5: Migrate Subscriptions Using the Destination Migration Tool
Once your new OAuth-based Snowflake destination is created, you’ll need to move your existing subscriptions from the old destination to the new one.
Openbridge provides a simple in-app tool to handle this process.
Go to your Openbridge account and navigate to Account → Destination Migration Tool, or visit directly:
Select your old destination (legacy Snowflake setup).
Select your new destination (OAuth-enabled Snowflake setup).
Follow the prompts to migrate all linked subscriptions.
After migration:
All your previous subscriptions will now route to your new OAuth destination.
⚠️ Please be mindful that there may be data still in transit between your old and new destinations. Allow both destinations to be active for at least 48 hours before disabling/deleting your legacy destination. This ensures a smooth and complete transition without data loss.
✅ Migration Complete
You’ve now successfully migrated your existing Snowflake destination to the OAuth-based integration.
Your existing Snowflake resources remain intact, and Openbridge will now use the secure OAuth token flow for all future data operations.