Configuring Snowflake CLI

Snowflake CLI uses a global configuration file called config.toml configure connections and logs for Snowflake CLI. If the file does not exist, running any snow command for the first time automatically creates an empty config.toml file that you can then populate with the desired connections. For more information about toml file formats, see TOML (Tom’s Obvious Minimal Language). Snowflake Python libraries currently support TOML version 1.0.0.

The config.toml supports the following sections:

  • [connections] for defining and managing connections

  • [logs] for configuring which types of messages are saved to log files

A Snowflake CLI configuration file has the following structure:

default_connection_name = "myconnection"

[connections]
[connections.myconnection]
account = "myorganzation-myaccount"
user = "jdoe"
...

[connections.testingconnection]
account = "myorganzation-myaccount"
user = "jdoe"
...

[cli.logs]
save_logs = true
level = "info"
path = "/home/<username>/.snowflake/logs"
Copy

Location of the .toml configuration file

By default Snowflake CLI looks for the config.toml file in the ~/.snowflake directory or, in case this directory does not exist, in a system-specific location, as listed below. You can also specify which configuration file should be used using --config-file flag or SNOWFLAKE_HOME environment variable.

  • If you specify the --config-file option (such as, snow --config-file ./my-config-file-path), Snowflake CLI uses the specified configuration file.

  • If the SNOWFLAKE_HOME environment variable is set, Snowflake CLI uses the location specified by this variable.

  • If a ~/.snowflake directory exists on your machine, Snowflake CLI uses the ~/.snowflake/config.toml file.

  • Otherwise, Snowflake CLI uses the config.toml file in the one of the following locations, based on your operating system:

    • Linux: ~/.config/snowflake/config.toml, but you can update it with XDG vars

    • Windows: %USERPROFILE%\AppData\Local\snowflake\config.toml

    • Mac: ~/Library/Application Support/snowflake/config.toml

Note

For MacOS and Linux systems, Snowflake CLI requires the config.toml file to limit its file permissions to read and write for the file owner only. To set the file required file permissions execute the following commands:

chown $USER config.toml
chmod 0600 config.toml
Copy

Choose a different configuration file

In some situations, such as a continuous integration and continuous deployment (CI/CD) environments, you might prefer to create dedicated configuration files for testing and deployment pipelines instead of defining all of the possible configurations in a single Snowflake default configuration file.

To use a different configuration file that your default file, you can use the --config-file option for the snow command, as shown:

snow --config-file="my_config.toml" connection test
Copy

Support for system environment variables

Snowflake CLI supports using system environment variables to override parameter values defined in your config.toml file, using the following format:

SNOWFLAKE_<config-section>_<variable>=<value>
Copy

where:

  • <config_section> is the name of a section in the configuration file with periods (.) replaced with underscores (_), such as CLI_LOGS.

  • variable is the name of a variable defined in that section, such as path.

Some examples include:

  • Override the path parameter in the [cli.logs] section in the config.toml file:

    export SNOWFLAKE_CLI_LOGS_PATH="/Users/jondoe/snowcli_logs"
    
    Copy
  • Set the password for the myconnection connection:

    export SNOWFLAKE_CONNECTIONS_MYCONNECTION_PASSWORD="*******"
    
    Copy
  • Set the default connection name:

    export SNOWFLAKE_DEFAULT_CONNECTION_NAME="myconnection"
    
    Copy

Use a proxy server

To use a proxy server, configure the following environment variables:

  • HTTP_PROXY

  • HTTPS_PROXY

  • NO_PROXY

For example:

Linux or macOS:
export HTTP_PROXY='http://username:password@proxyserver.company.com:80'
export HTTPS_PROXY='http://username:password@proxyserver.company.com:80'
Copy
Windows:
set HTTP_PROXY=http://username:password@proxyserver.company.com:80
set HTTPS_PROXY=http://username:password@proxyserver.company.com:80
Copy

Tip

Snowflake’s security model does not allow Secure Sockets Layer (SSL) proxies (using an HTTPS certificate). Your proxy server must use a publicly-available Certificate Authority (CA), reducing potential security risks such as a MITM (Man In The Middle) attack through a compromised proxy.

If you must use your SSL proxy, we strongly recommend that you update the server policy to pass through the Snowflake certificate such that no certificate is altered in the middle of communications.

Optionally NO_PROXY can be used to bypass the proxy for specific communications. For example, access to Amazon S3 can bypass the proxy server by specifying NO_PROXY=".amazonaws.com".

NO_PROXY does not support wildcards. Each value specified should be one of the following:

  • The end of a hostname (or a complete hostname), for example:

    • .amazonaws.com

    • myorganization-myaccount.snowflakecomputing.com

  • An IP address, for example:

    • 192.196.1.15

If more than one value is specified, values should be separated by commas, for example:

localhost,.my_company.com,.snowflakecomputing.com,192.168.1.15,192.168.1.16
Copy

Configure logging

By default, Snowflake CLI automatically saves INFO, WARNING, and ERROR level messages to log files. To disable or customize logging, create a [cli.logs] section in your config.toml file:

[cli.logs]
save_logs = true
level = "info"
path = "/home/<username>/.snowflake/logs"
Copy

where:

  • save_logs indicates whether to save logs to files. Default: true.

  • level specifies which levels of messages to save to log files. Choose from the following levels, which includes all levels below the selected one:

    • debug

      Warning

      Switching to the debug logging level can expose sensitive information, such as executed SQL queries. Use caution when enabling this level.

    • info

    • warning

    • error

    Default: info

  • path specifies the absolute path to save the log files. The format of the path varies based on your operating system, as shown:

    • Linux: path = "/home/<your_username>/.config/snowflake/logs"

    • MacOS: path = "/Users/<your_username>/Library/Application Support/snowflake/logs"

    • Windows: path = "C:\\Users\\<your_username>\\AppData\\Local\\snowflake\\logs"

    If not specified, the command creates a logs directory in the default config.toml file location.

If your config.toml was created automatically, the config.toml file contains the |cli.logs| section filled with default values.

Logs from a single day are appended to file snowflake-cli.log, which is later renamed to snowflake-cli.log.YYYY-MM-DD, as shown.

ls logs/
Copy
snowflake-cli.log            snowflake-cli.log.2024-10-22