diff --git a/spire/templates/apps-300A.yml b/spire/templates/apps-300A.yml
index 1200d9988..20c1b9242 100644
--- a/spire/templates/apps-300A.yml
+++ b/spire/templates/apps-300A.yml
@@ -37,6 +37,8 @@ Parameters:
   SharedAuroraPostgresqlEndpoint: { Type: String }
   SharedAuroraPostgresqlPort: { Type: String }
   SharedPostgresqlClientSecurityGroupId: { Type: String }
+  SharedClickhouseEndpoint: { Type: String }
+  SharedClickhousePort: { Type: String }
   CastlePostgresInstanceEndpointAddress: { Type: String }
   CastlePostgresInstanceEndpointPort: { Type: String }
   CastlePostgresClientSecurityGroupId: { Type: String }
@@ -99,6 +101,11 @@ Resources:
         SharedAuroraPostgresqlEndpoint: !Ref SharedAuroraPostgresqlEndpoint
         SharedAuroraPostgresqlPort: !Ref SharedAuroraPostgresqlPort
         SharedPostgresqlClientSecurityGroupId: !Ref SharedPostgresqlClientSecurityGroupId
+        SharedClickhouseEndpoint: !Ref SharedClickhouseEndpoint
+        SharedClickhousePort: !Ref SharedClickhousePort
+        SharedClickhouseAuguryDatabase: !Sub /prx/${EnvironmentTypeAbbreviation}/Spire/Dovetail-Clickhouse/augury-database
+        SharedClickhouseAuguryPassword: !Sub /prx/${EnvironmentTypeAbbreviation}/Spire/Dovetail-Clickhouse/augury-password
+        SharedClickhouseAuguryUsername: !Sub /prx/${EnvironmentTypeAbbreviation}/Spire/Dovetail-Clickhouse/augury-username
         CastlePostgresInstanceEndpointAddress: !Ref CastlePostgresInstanceEndpointAddress
         CastlePostgresInstanceEndpointPort: !Ref CastlePostgresInstanceEndpointPort
         CastlePostgresClientSecurityGroupId: !Ref CastlePostgresClientSecurityGroupId
diff --git a/spire/templates/apps/augury.yml b/spire/templates/apps/augury.yml
index 67a34db3d..423eb1365 100644
--- a/spire/templates/apps/augury.yml
+++ b/spire/templates/apps/augury.yml
@@ -50,6 +50,11 @@ Parameters:
   SharedAuroraPostgresqlEndpoint: { Type: String }
   SharedAuroraPostgresqlPort: { Type: String }
   SharedPostgresqlClientSecurityGroupId: { Type: String }
+  SharedClickhouseEndpoint: { Type: String }
+  SharedClickhousePort: { Type: String }
+  SharedClickhouseAuguryDatabase: { Type: AWS::SSM::Parameter::Value<String> }
+  SharedClickhouseAuguryPassword: { Type: AWS::SSM::Parameter::Value<String>, NoEcho: true }
+  SharedClickhouseAuguryUsername: { Type: AWS::SSM::Parameter::Value<String> }
   CastlePostgresInstanceEndpointAddress: { Type: String }
   CastlePostgresInstanceEndpointPort: { Type: String }
   CastlePostgresClientSecurityGroupId: { Type: String }
@@ -332,6 +337,16 @@ Resources:
               Value: !Ref AuguryHostname
             - Name: AWS_DEFAULT_REGION
               Value: !Ref AWS::Region
+            - Name: CLICKHOUSE_DATABASE
+              Value: !Ref SharedClickhouseAuguryDatabase
+            - Name: CLICKHOUSE_HOST
+              Value: !Ref SharedClickhouseEndpoint
+            - Name: CLICKHOUSE_PASSWORD
+              Value: !Ref SharedClickhouseAuguryPassword
+            - Name: CLICKHOUSE_PORT
+              Value: !Ref SharedClickhousePort
+            - Name: CLICKHOUSE_USER
+              Value: !Ref SharedClickhouseAuguryUsername
             - Name: POSTGRES_HOST
               Value: !Ref SharedAuroraPostgresqlEndpoint
             - Name: POSTGRES_PORT
@@ -477,6 +492,16 @@ Resources:
               Value: !Ref AuguryHostname
             - Name: AWS_DEFAULT_REGION
               Value: !Ref AWS::Region
+            - Name: CLICKHOUSE_DATABASE
+              Value: !Ref SharedClickhouseAuguryDatabase
+            - Name: CLICKHOUSE_HOST
+              Value: !Ref SharedClickhouseEndpoint
+            - Name: CLICKHOUSE_PASSWORD
+              Value: !Ref SharedClickhouseAuguryPassword
+            - Name: CLICKHOUSE_PORT
+              Value: !Ref SharedClickhousePort
+            - Name: CLICKHOUSE_USER
+              Value: !Ref SharedClickhouseAuguryUsername
             - Name: POSTGRES_HOST
               Value: !Ref SharedAuroraPostgresqlEndpoint
             - Name: POSTGRES_PORT
diff --git a/spire/templates/root.yml b/spire/templates/root.yml
index db5df99ec..33b86d43c 100644
--- a/spire/templates/root.yml
+++ b/spire/templates/root.yml
@@ -567,6 +567,9 @@ Resources:
     UpdateReplacePolicy: Delete
     Properties:
       Parameters:
+        AuguryDatabase: !Sub /prx/${EnvironmentTypeAbbreviation}/Spire/Dovetail-Clickhouse/augury-database
+        AuguryPassword: !Sub /prx/${EnvironmentTypeAbbreviation}/Spire/Dovetail-Clickhouse/augury-password
+        AuguryUsername: !Sub /prx/${EnvironmentTypeAbbreviation}/Spire/Dovetail-Clickhouse/augury-username
         AuthorizedKeys: !Join [",", !Ref AuthorizedKeys]
         EnvironmentType: !Ref EnvironmentType
         GoogleStorageBucket: !Sub /prx/${EnvironmentTypeAbbreviation}/Spire/Dovetail-Clickhouse/google-storage-bucket
diff --git a/spire/templates/shared-clickhouse.yml b/spire/templates/shared-clickhouse.yml
index 90f06ac77..8c0bf5d0b 100644
--- a/spire/templates/shared-clickhouse.yml
+++ b/spire/templates/shared-clickhouse.yml
@@ -12,6 +12,9 @@ Parameters:
   GoogleStorageHmacKeySecret: { Type: AWS::SSM::Parameter::Value<String>, NoEcho: true }
   NestedChangeSetScrubbingResourcesState: { Type: String }
   RegionMode: { Type: String }
+  AuguryDatabase: { Type: AWS::SSM::Parameter::Value<String> }
+  AuguryPassword: { Type: AWS::SSM::Parameter::Value<String>, NoEcho: true }
+  AuguryUsername: { Type: AWS::SSM::Parameter::Value<String> }
   RollupsDatabase: { Type: AWS::SSM::Parameter::Value<String> }
   RollupsPassword: { Type: AWS::SSM::Parameter::Value<String>, NoEcho: true }
   RollupsUsername: { Type: AWS::SSM::Parameter::Value<String> }
@@ -132,6 +135,7 @@ Resources:
               # https://github.com/PRX/castlehouse/tree/main
               command: !Sub |
                 #!/bin/bash
+                # Rollups
                 export DBNAME=${RollupsDatabase}
                 if test -z "$(clickhouse-client -d $DBNAME -q 'show tables')"; then
                   clickhouse-client -q "CREATE DATABASE $DBNAME"
@@ -139,11 +143,20 @@ Resources:
                   clickhouse-client -d $DBNAME --queries-file <(curl -s https://raw.githubusercontent.com/PRX/castlehouse/main/schema/mv_backfill.sql)
                   clickhouse-client -d $DBNAME --queries-file <(curl -s https://raw.githubusercontent.com/PRX/castlehouse/main/schema/mv_increments.sql)
                 fi
+                # Augury
+                export DBNAME=${AuguryDatabase}
+                if test -z "$(clickhouse-client -d $DBNAME -q 'show tables')"; then
+                  clickhouse-client -q "CREATE DATABASE $DBNAME"
+                fi
             04_setup_users:
               command: !Sub |
                 #!/bin/bash
+                # Rollups
                 clickhouse-client -q "CREATE USER OR REPLACE ${RollupsUsername} IDENTIFIED BY '${RollupsPassword}' SETTINGS PROFILE 'readonly'"
                 clickhouse-client -q "GRANT SHOW TABLES, SELECT ON ${RollupsDatabase}.* TO ${RollupsUsername}"
+                # Augury
+                clickhouse-client -q "CREATE USER OR REPLACE ${AuguryUsername} IDENTIFIED BY '${AuguryPassword}'"
+                clickhouse-client -q "GRANT ALL ON ${AuguryDatabase}.* TO ${AuguryUsername}"
           files:
             /etc/cfn/cfn-hup.conf:
               # Create a configuration file for cfn-hup