SnowDDL
  • 👋Introduction
  • 🚩Getting started
  • 📋Main features
  • 🪤SnowDDL vs. Declarative DCM
  • In-depth guides
    • 👓Object identifiers
    • 📐Data types
    • 📦Object types
    • 🎭Role hierarchy
    • 🚧Permission model
    • 🔦Other guides
      • Administration user
      • Integrations
      • Inbound shares
      • Object OWNERSHIP
      • Safe & unsafe DDL
      • Dependency management
      • Short hash explained
      • Env Prefix explained
      • Team workflow
      • Limitations & workarounds
      • Fivetran
      • Airbyte
      • Encrypt user passwords
      • Iceberg Tables
  • Basic usage (CLI + YAML)
    • 💻CLI interface
    • 📦YAML configs
      • ACCOUNT PARAMETER
      • ACCOUNT POLICY
      • AGGREGATION POLICY
      • ALERT
      • AUTHENTICATION POLICY
      • BUSINESS ROLE
      • DATABASE
      • DATABASE ROLE
      • DYNAMIC TABLE
      • EVENT TABLE
      • EXTERNAL ACCESS INTEGRATION
      • EXTERNAL FUNCTION
      • EXTERNAL TABLE
      • FILE FORMAT
      • FUNCTION
      • HYBRID TABLE
      • ICEBERG TABLE
      • MASKING POLICY
      • MATERIALIZED VIEW
      • NETWORK POLICY
      • NETWORK RULE
      • PERMISSION MODEL
      • PIPE
      • PLACEHOLDER
      • PROCEDURE
      • PROJECTION POLICY
      • RESOURCE MONITOR
      • ROW ACCESS POLICY
      • SCHEMA
      • SECRET
      • SEQUENCE
      • SHARE (outbound)
      • STAGE
      • STAGE FILE
      • STREAM
      • TABLE
      • TASK
      • TECHNICAL ROLE
      • USER
      • VIEW
      • WAREHOUSE
    • 🏷️YAML placeholders
    • 📬YAML tag !include
    • 🔐YAML tag !decrypt
  • Single DB
    • 🦀Overview
  • Advanced usage (Python)
    • ⚙️Programmatic config
    • 🐍Architecture overview
      • 🔵Blueprints
      • 🟣Config
      • 🟠Parsers
      • 🟢Resolvers
      • 🔴Engine
    • 🏗️Query builder & formatter
  • Breaking changes log
    • 0.45.0 - March 2025
    • 0.41.0 - January 2025
    • 0.37.0 - December 2024
    • 0.36.0 - November 2024
    • 0.33.0 - October 2024
    • 0.27.0 - May 2024
  • Links
    • GitHub repository
    • PyPI package
    • YouTube tutorials
    • Changelog
    • LinkedIn profile
Powered by GitBook
On this page
  • Quick help
  • Usage notes
  1. Basic usage (CLI + YAML)

CLI interface

The easiest way to use SnowDDL is to create and apply YAML configs with CLI interface.

SnowDDL registers snowddl CLI entry-point using setuptools. It should be available in your terminal immediately after installation.

Quick help

usage: snowddl [-h] [-c CONFIG_PATH] [-a ACCOUNT] [-u USER] [-p PASSWORD] [-k PRIVATE_KEY] [-r ROLE] [-w WAREHOUSE] [--authenticator AUTHENTICATOR]
               [--passphrase PASSPHRASE] [--env-prefix ENV_PREFIX] [--env-prefix-separator {__,_,$}] [--env-admin-role ENV_ADMIN_ROLE] [--max-workers MAX_WORKERS]
               [--query-tag QUERY_TAG] [--log-level LOG_LEVEL] [--show-sql] [--show-timers] [--show-unused-files] [--placeholder-path] [--placeholder-values]
               [--exclude-object-types] [--include-object-types] [--apply-unsafe] [--apply-replace-table] [--apply-all-policy] [--apply-account-level-policy]
               [--apply-aggregation-policy] [--apply-authentication-policy] [--apply-masking-policy] [--apply-projection-policy] [--apply-row-access-policy]
               [--apply-account-params] [--apply-network-policy] [--apply-resource-monitor] [--apply-outbound-share] [--refresh-user-passwords] [--refresh-future-grants]
               [--refresh-stage-encryption] [--refresh-secrets] [--clone-table] [--destroy-without-prefix]
               {plan,apply,destroy,validate} ...

Object management automation tool for Snowflake

positional arguments:
  {plan,apply,destroy,validate}
    plan                           Resolve objects, apply nothing, display suggested changes
    apply                          Resolve objects, apply safe changes, display suggested unsafe changes
    destroy                        Drop objects with specified --env-prefix, use it to reset dev and test environments
    validate                       Validate config only, do not connect to Snowflake

options:
  -h, --help                       show this help message and exit
  -c CONFIG_PATH                   Path to config directory OR name of bundled test config (default: current directory)
  -a ACCOUNT                       Snowflake account identifier (default: SNOWFLAKE_ACCOUNT env variable)
  -u USER                          Snowflake user name (default: SNOWFLAKE_USER env variable)
  -p PASSWORD                      Snowflake user password (default: SNOWFLAKE_PASSWORD env variable)
  -k PRIVATE_KEY                   Path to private key file (default: SNOWFLAKE_PRIVATE_KEY_PATH env variable)
  -r ROLE                          Snowflake active role (default: SNOWFLAKE_ROLE env variable)
  -w WAREHOUSE                     Snowflake active warehouse (default: SNOWFLAKE_WAREHOUSE env variable)
  --authenticator AUTHENTICATOR    Authenticator: 'snowflake', 'externalbrowser', 'oauth_snowpark` (default: SNOWFLAKE_AUTHENTICATOR env variable or 'snowflake')
  --passphrase PASSPHRASE          Passphrase for private key file (default: SNOWFLAKE_PRIVATE_KEY_PASSPHRASE env variable)
  --env-prefix ENV_PREFIX          Env prefix added to global object names, used to separate environments (e.g. DEV, PROD)
  --env-prefix-separator {__,_,$}  Custom separator for Env prefix (supported values are: '__', '_', '$')
  --env-admin-role ENV_ADMIN_ROLE  Super administration role which should inherit env prefixed SnowDDL role
  --max-workers MAX_WORKERS        Maximum number of workers to resolve objects in parallel
  --query-tag QUERY_TAG            Add QUERY_TAG to all queries produced by SnowDDL
  --log-level LOG_LEVEL            Log level (possible values: DEBUG, INFO, WARNING; default: INFO)
  --show-sql                       Show executed DDL queries
  --show-timers                    Show debug timers
  --show-unused-files              Show warnings for unused config files
  --placeholder-path               Path to config file with environment-specific placeholders
  --placeholder-values             Environment-specific placeholder values in JSON format
  --exclude-object-types           Comma-separated list of object types NOT to resolve
  --include-object-types           Comma-separated list of object types TO resolve, all other types are excluded
  --apply-unsafe                   Additionally apply unsafe changes, which may cause loss of data (ALTER, DROP, etc.)
  --apply-replace-table            Additionally apply REPLACE TABLE when ALTER TABLE is not possible
  --apply-all-policy               Additionally apply changes for all types of policies
  --apply-account-level-policy     Additionally apply changes for ACCOUNT-level policies
  --apply-aggregation-policy       Additionally apply changes to AGGREGATION POLICIES
  --apply-authentication-policy    Additionally apply changes to AUTHENTICATION POLICIES
  --apply-masking-policy           Additionally apply changes to MASKING POLICIES
  --apply-projection-policy        Additionally apply changes to PROJECTION POLICIES
  --apply-row-access-policy        Additionally apply changes to ROW ACCESS POLICIES
  --apply-account-params           Additionally apply changes to ACCOUNT PARAMETERS
  --apply-network-policy           Additionally apply changes to NETWORK POLICIES
  --apply-resource-monitor         Additionally apply changes to RESOURCE MONITORS
  --apply-outbound-share           Additionally apply changes to OUTBOUND SHARES
  --refresh-user-passwords         Additionally refresh passwords of users
  --refresh-future-grants          Additionally refresh missing grants for existing objects derived from future grants
  --refresh-stage-encryption       Additionally refresh stage encryption parameters for existing external stages
  --refresh-secrets                Additionally refresh secrets
  --clone-table                    Clone all tables from source databases to destination databases (with env_prefix)
  --clone-source-env-prefix        Clone from another environment with different env_prefix
  --destroy-without-prefix         Allow {destroy} action without --env-prefix

Usage notes

  • Action argument is mandatory:

    • Use plan action to preview changes.

    • Use apply action to apply OR suggest changes, depending on other settings.

    • Use destroy action to drop all objects created by SnowDDL previously.

    • Use validate action to validate the declared config only without connecting to Snowflake.

  • SnowDDL provides a few bundled configs for testing and demonstration purposes. You may use such config by passing its name to -c argument.

  • Account identifier should be passed to -a argument without .snowflakecomputing.com.

  • You may use password OR private key for authentication. Private key is recommended for production environment.

  • Object types for --include and --exclude arguments can be found here.

  • Suggested & optionally executed DDL queries are outputted to STDOUT. Logs are outputted to STDERR.

PreviousIceberg TablesNextYAML configs

Last updated 24 days ago

💻