SnowDDL
  • 👋Introduction
  • 🚩Getting started
  • 📋Main features
  • 🪤SnowDDL vs. Declarative DCM
  • In-depth guides
    • 👓Object identifiers
    • 📐Data types
    • 📦Object types
    • 🎭Role hierarchy
    • 🚧Permission model
    • 🔦Other guides
      • Administration user
      • Integrations
      • Inbound shares
      • Object OWNERSHIP
      • Safe & unsafe DDL
      • Dependency management
      • Short hash explained
      • Env Prefix explained
      • Team workflow
      • Limitations & workarounds
      • Fivetran
      • Airbyte
      • Encrypt user passwords
      • Iceberg Tables
  • Basic usage (CLI + YAML)
    • 💻CLI interface
    • 📦YAML configs
      • ACCOUNT PARAMETER
      • ACCOUNT POLICY
      • AGGREGATION POLICY
      • ALERT
      • AUTHENTICATION POLICY
      • BUSINESS ROLE
      • DATABASE
      • DYNAMIC TABLE
      • EVENT TABLE
      • EXTERNAL ACCESS INTEGRATION
      • EXTERNAL FUNCTION
      • EXTERNAL TABLE
      • FILE FORMAT
      • FUNCTION
      • HYBRID TABLE
      • ICEBERG TABLE
      • MASKING POLICY
      • MATERIALIZED VIEW
      • NETWORK POLICY
      • NETWORK RULE
      • PERMISSION MODEL
      • PIPE
      • PLACEHOLDER
      • PROCEDURE
      • PROJECTION POLICY
      • RESOURCE MONITOR
      • ROW ACCESS POLICY
      • SCHEMA
      • SECRET
      • SEQUENCE
      • SHARE (outbound)
      • STAGE
      • STAGE FILE
      • STREAM
      • TABLE
      • TASK
      • TECHNICAL ROLE
      • USER
      • VIEW
      • WAREHOUSE
    • 🏷️YAML placeholders
    • 📬YAML tag !include
    • 🔐YAML tag !decrypt
  • Single DB
    • 🦀Overview
  • Advanced usage (Python)
    • ⚙️Programmatic config
    • 🐍Architecture overview
      • 🔵Blueprints
      • 🟣Config
      • 🟠Parsers
      • 🟢Resolvers
      • 🔴Engine
    • 🏗️Query builder & formatter
  • Breaking changes log
    • 0.45.0 - March 2025
    • 0.41.0 - January 2025
    • 0.37.0 - December 2024
    • 0.36.0 - November 2024
    • 0.33.0 - October 2024
    • 0.27.0 - May 2024
  • Links
    • GitHub repository
    • PyPI package
    • YouTube tutorials
    • Changelog
    • LinkedIn profile
Powered by GitBook
On this page
  • Schema
  • Usage notes
  • Additional privileges
  • Encryption updates
  • Safe & unsafe operations
  • Links
  1. Basic usage (CLI + YAML)
  2. YAML configs

STAGE

PreviousSHARE (outbound)NextSTAGE FILE

Last updated 11 months ago

Config path: /<database>/<schema>/stage/<name>.yaml

Example for internal stage:

file_format: test_csv_format
copy_options:
  on_error: ABORT_STATEMENT
  enforce_length: true

Example of external stage:

url: "gcs://test-bucket"
storage_integration: test_storage_integration
file_format: test_avro_format

Schema

  • url (str) - bucket URL for external stage

  • storage_integration (ident) - name of for external stage

  • encryption (dict)

    • {key} (ident) - name of encryption parameter

    • {value} (bool, float, int, str) - value of encryption parameter

  • directory (dict)

    • {key} (ident) - name of directory parameter

    • {value} (bool, float, int, str) - value of directory parameter

  • file_format (ident) - for files in stage

  • copy_options (dict)

    • {key} (ident) - COPY option name

    • {value} (bool, float, int, list, str) - COPY option value

  • comment (str)

Usage notes

  1. Stages with url and storage_integration are EXTERNAL. Stages without these parameters are INTERNAL.

  2. When INTERNAL stage is being dropped, all files will be lost. When EXTERNAL stage is being dropped, nothing happens. EXTERNAL stage is just a metadata pointing to location in bucket.

  3. Business users should only access buckets through stages. Business users should never use STORAGE INTEGRATION objects directly for security reasons.

  5. file_format can only be specified by name referencing to FILE_FORMAT object.

Additional privileges

  • owner_integration_usage - please specify names of STORAGE INTEGRATION objects used by external stages. Stages may work without explicit INTEGRATION USAGE grant to OWNER role, but it is not guaranteed for Snowflake keep it this way forever.

Encryption updates

Encryption on existing EXTERNAL stages cannot be updated by SnowDDL. Snowflake does not provide meta-data, so it is not possible to compare config with existing object.

In order to update encryption information manually, you should use an additional CLI argument:

--refresh-stage-encryption

If you want to remove an encryption from EXTERNAL stage, you should set encryption type to NONE explicitly. It is not enough to remove encryption section from config, since default encryption settings are different for each cloud provider and may change in future.

Safe & unsafe operations

All operations on stages are considered as "safe", EXCEPT:

  • Replace existing stage due to change of stage type (INTERNAL to EXTERNAL or vice versa) or due to change of INTERNAL stage encryption method.

  • Drop existing stage, both INTERNAL and EXTERNAL.

Links

SnowDDL is able to maintain not only stages in general, but also .

In order for STAGE objects to operate properly, the following additional grants should be added to OWNER role in :

"Unsafe" operations on stages lead to loss of data or meta-data. Also, it may affect other objects depending on stages, like or .

📦
storage integration
file format
specific files in stages
schema config
PIPES
EXTERNAL TABLES
CREATE STAGE
ALTER STAGE
SHOW STAGES
DESC STAGE
Parser & JSON Schema (GitHub)