SECRET
Last updated
Last updated
Config path: /<database>/<schema>/secret/<name>.yaml
Example:
type (str) - secret type (OAUTH2
, PASSWORD
, GENERIC_STRING
)
api_authentication (str) - name of Snowflake
oauth_scopes (list)
{items} (str) - list of scopes to use when making a request from the OAuth server
oauth_refresh_token (str) - token that is used to obtain a new access token from the OAuth authorization server when the access token expires
oauth_refresh_token_expiry_time (str) - timestamp when the OAuth refresh token expires
username (str) - username value to store in the secret
password (str) - password value to store in the secret
secret_string (str) - string to store in the secret
algorithm (str)
comment (str)
Snowflake does not return actual secret values from SHOW
and DESC
commands, so SnowDDL is unable to properly detect changes in config secret values. If you update any secret values in config, you should use additional CLI option --refresh-secrets
to enforce update in Snowflake account.
In order to avoid storing secrets in config files as plain text, you may use or .
Security integrations are not managed by SnowDDL and should be .