YAML tag !decrypt

SnowDDL supports custom !decrypt tag in YAML configs. When parser encounters this tag, it decrypts string previously encrypted with using keys stored in env variable SNOWFLAKE_CONFIG_FERNET_KEYS.

It is primarily intended to be used for USER passwords and for SECRETs.

You may read more about config value encryption in guide.

Example

user.yaml config file:

john_doe:
  first_name: John
  last_name: Doe
  password: !decrypt gAAAAABmlTWBmENR0wIG2naG3PW8B3Li-9tw2UQAb9yB22V_R-SEEq6Vli5m9-w5_tI3jlftIGxlXxPhsLNMngxnjG6XdySHpQ==

my_secret.yaml config file:

type: generic_string
secret_string: !decrypt gAAAAABmlTXPlpJotMpEkuH44ptENk_9Uh1k8mqLPdP2Bi_0dJyk1Qdjr36Cq2mvhRpxRRIvuh8X3zYC--sBveOWPEjmKtb2UQ==