Snowflake Native App manifest reference¶
A manifest file is a text-based YAML file with the filename: manifest.yml. The manifest file is used to define a Snowflake Native App and its associated data and logic. This topic describes the structure and fields of the manifest file.
For information about creating the manifest file for an app, see Create the manifest file for an app.
Snowflake Native App manifest¶
The general format of a Snowflake Native App manifest is:
Manifest fields¶
Snowflake Native App manifests include the following fields. Each section below describes a field’s purpose and structure, and provides an example.
manifest_version field¶
The manifest_version field (Integer, required) specifies the version of the Snowflake Native App manifest file format. This value controls which manifest features are available and how Snowflake interprets the rest of the manifest.
manifest_version: 1¶
This version of the manifest file supports the current and legacy functionality of Snowflake Native Apps.
manifest_version: 2¶
This version of the manifest file provides support for additional features, including automated granting of privileges.
Caution
Before using version 2 of the manifest file, consider the security implications described in About the manifest file.
manifest_version field example¶
version field¶
The version field (block, optional) defines metadata about the version of the Snowflake Native App being published, including the version name, default patch number, display label, and an optional comment. When present, this block helps providers track and present releases. For more information about versions and patches, see Update an app (Legacy).
Note
Versions and patches defined using the CREATE APPLICATION PACKAGE or ALTER APPLICATION PACKAGE commands take precedence over those defined in the manifest file.
version.name field¶
Specifies the name of the version. The version name can only contain alphanumeric characters, underscores (_), hyphens (-), dollar signs ($), periods (.), and spaces.
This field is optional.
Example: name: v1
version.patch field¶
Specifies the default patch number.
This field is optional.
Example: patch: 1
version.label field¶
Specifies a name for the version that is displayed to consumers.
This field is optional.
Example: label: "Initial Release"
version.comment field¶
Specifies a comment for the version. This comment is visible in Snowsight or when the provider runs the SHOW VERSIONS IN APPLICATION PACKAGE command.
This field is optional.
Example: comment: "This is the initial release of the app."
version field example¶
artifacts field¶
The artifacts field (block, required) defines the core resources that the Snowflake Native App uses, such as the setup script, readme, default Streamlit app, and any container image configuration. This block tells Snowflake where to find the code and assets needed to install, upgrade, and run the app.
artifacts.setup_script field¶
Specifies the path and filename of the setup script that is run when
the Snowflake Native App is installed or upgraded. If you do not specify a
value, the app uses the default value of setup.sql in the same
directory as the manifest file. The setup script name and path
can only contain alphanumeric characters, underscores (_), hyphens (-), periods (.), backslashes (), and forward slashes (/).
Example: setup_script: scripts/setup.sh
artifacts.readme field¶
Specifies a path to a Markdown readme file that provides an overview of the app and its functionality.
In the case of a Streamlit app, if no value is specified for the default_streamlit property, the contents of this file is displayed to consumers when viewing the installed Snowflake Native App.
The location of this file is specified relative to the location of the manifest file.
This field is optional, however Snowflake recommends that you include a readme file with your app.
Example: readme: docs/README.md
artifacts.default_streamlit_app field¶
If the Snowflake Native App includes a Streamlit app, this property specifies the schema and name of the default Streamlit app available to consumers.
This field is required if the app includes a Streamlit app.
artifacts.extension_code field¶
Enables or disables the use of extension code languages, including Java, Python, and Scala.
Example: extension_code: true
artifacts.container_services field¶
Specifies the location of the container images used by an app with containers. See Specify the container images used by an app with containers for more information.
This field is required for an app with containers.
artifacts.container_services.uses_gpu field¶
Indicates that the app with containers uses a GPU.
This field is required for an app with containers.
Example: uses_gpu: true
artifacts.container_services.images field¶
Specifies the path to each of the container images used by an app with containers.
This field is required for an app with containers.
Example:
artifacts field example¶
configuration field¶
The configuration field (block, optional) specifies runtime configuration for the Snowflake Native App, including logging, tracing, and metrics levels, and — when applicable — the callback used to provision container resources. Providers use this block to control how much operational telemetry the app emits and how certain setup tasks are performed during installation.
configuration.log_level field¶
Specifies the logging level to use for the app Snowflake Native App.
If you do not set a value for this property, the default log data is not captured.
For information about supported values, see Setting levels for logging, metrics, and tracing.
configuration.trace_level field¶
Specifies the trace event level to use for the app. When a provider enables tracing, the app automatically captures the start and end times for all queries and stored procedure calls.
Caution
Publishing an app with the trace_level property set to a
value other than OFF might expose calls to hidden stored procedures to any user in the consumer account who can view
the event table.
If you do not set a value for this property, trace events are not captured.
For the supported values of the trace_level property, see Setting levels for logging, metrics, and tracing.
configuration.metric_level field¶
Specifies the metric level to use for the app. When a provider enables metrics the app automatically emits auto-instrumented resource metrics data points to the event table.
See Set the log and trace levels for an app for more information.
For the supported values of the metric_level property, see
Setting levels for logging, metrics, and tracing.
log_event_level:¶
Specifies the event logging level to use for the Snowflake Native App.
If you do not set a value for this property, log events are not captured.
For the supported values of the log_event_level property, see
LOG_EVENT_LEVEL.
grant_callback:¶
configuration.grant_callback field¶
Specifies the schema and name of the callback function for an app with containers. The callback function is a stored procedure that can create compute pools, services, and perform other setup tasks required by the application.
This field is required for an app with containers.
For more information, see Create a service by using the grant_callback property.
Example: grant_callback: my_schema.my_grant_callback
configuration field example¶
lifecycle_callbacks field¶
The lifecycle_callbacks field (block, optional) defines stored procedures that Snowflake runs at specific points in the Snowflake Native App lifecycle. Each entry in this block names a lifecycle callback and points to the procedure that implements it, allowing the app to validate configuration changes, prepare resources, or react to other lifecycle events when those callbacks are invoked.
For more information, see Callbacks.
lifecycle_callbacks.<callback_name> field¶
Specifies the name of a lifecycle callback for the app.
This field is required if the lifecycle_callbacks property is specified.
lifecycle_callbacks field example¶
privileges field¶
The privileges field (block, optional) defines the privileges that the Snowflake Native App requests in a consumer account. Each entry in this block describes a specific privilege, along with a human-readable explanation of why the app needs it, so consumers can make informed decisions when granting access.
This field is required if the app requests privileges in the consumer account.
privileges.<privilege_name> field¶
Specifies the name of a privilege that the app requests in a consumer account.
This field is required if the privileges property is specified.
privileges.description field¶
Provides a description of the privilege being requested. The text
specified in description is displayed to the consumer when the
privilege is displayed in Snowsight using the Python Permission SDK, or
when the SHOW PRIVILEGES command is run.
As a provider, you should include as much information as possible about why the Snowflake Native App needs this privilege and if the privilege is required or optional.
This field is required if the privileges field is specified.
privileges field example¶
references field¶
The references field (block, optional) describes the external objects in a consumer account — such as tables, views, secrets, or integrations — that the Snowflake Native App expects to bind to. Each reference entry specifies a label, description, required privileges, and other properties that guide consumers through providing the correct objects and permissions.
This field is required if the app requests references in the consumer account.
references.<reference_name> field¶
Specifies the name of a reference that the app is requesting in a consumer account.
This field is required if the references property is specified.
references.<reference_name>.label field¶
Specifies a label for the reference that is displayed to consumers.
This field is required if the references property is specified.
Example: label: "Orders table"
references.<reference_name>.description field¶
Provides a description of the reference being requested. The text
specified in description is displayed to the consumer when the
reference is displayed in Snowsight using the Python Permission SDK, or
when the SHOW REFERENCES command is run.
This field is required if the references property is specified.
references.<reference_name>.privileges field¶
Specifies a list of privileges that the app requires on the object to which the reference is bound in the consumer account.
This field is required if the references property is specified.
Example:
references.<reference_name>.object_type field¶
Specifies the type of object associated with the reference, such as a schema and table, or an API integration.
This field is required if the references field is specified.
Example: object_type: TABLE
For more information, see Object types and privileges that a reference can contain.
references.<reference_name>.multi_valued field¶
Allows more than one object to be associated with the reference. Use this property to bind multiple consumer objects to the same reference. When this property is specified, the same operations are performed on objects with a single value reference. The property can also be used with objects with multi-valued references.
This field is optional. The default value is false.
For more information, see Request references and object-level privileges from consumers.
Example: multi_valued: true
references.<reference_name>.register_callback field¶
Specifies the schema and name of the callback function that is run when the consumer binds the reference to an object in their account.
This field is required if the references property is specified.
Example: register_callback: my_schema.my_register_callback
references.<reference_name>.configuration_callback field¶
Specifies the name of the callback function that provides the desired configuration for the object to bind to this reference.
This property is required if object_type is
EXTERNAL ACCESS INTEGRATION or SECRET. This property is not applicable to other types of objects.
references.<reference_name>.required_at_setup field¶
Indicates that references must be bound when the app is installed.
Example: required_at_setup: true
references field example¶
restricted_callers_rights field¶
The restricted_callers_rights field (block, optional) controls whether the Snowflake Native App is allowed to create executables — such as stored procedures or services — that run with restricted callers’ rights. Providers use this block to declare that the app needs to run certain logic with the caller’s privileges and to explain why that behavior is required.
This field is required if the app creates stored procedures or Snowpark Container Services services that run with restricted caller’s rights.
For more information, see Use owner’s rights and restricted caller’s rights in an app.
restricted_callers_rights.enabled field¶
Specifies whether the app is allowed to create executables with restricted caller’s rights.
Providers must set this property to true if the app creates stored procedures or Snowpark Container Services services that run with restricted caller’s rights.
restricted_callers_rights.description field¶
Provides a description of why the app needs to create executables with restricted caller’s rights.
restricted_callers_rights field example¶
restricted_features field¶
The restricted_features field (block, optional) declares any features that require explicit consumer approval before the Snowflake Native App can enable them, such as access to external or Apache Iceberg™ data. This block helps providers document potentially sensitive capabilities and allows consumers to review and consent to their use during installation.
restricted_features.external_data field¶
If present, specifies that the app shares external tables or Iceberg tables. For more information, see Request access to external and Apache Iceberg™ tables.
restricted_features.external_data.description field¶
Provides a description of the external or Iceberg table being requested.
This field is required if the restricted_features.external_data property is specified.
restricted_features field example¶
Manifest file example¶
The following code block is an example of a Snowflake Native App manifest file.