Alternative to copying secret data to cloud for snowflake database connectivity?

Why do we have to copy secret to cloud? Our firm don’t allow sharing confidential info about database connectivity.

## Copy your app secrets to the cloud

Also for snowflake account, does user credentials mentioned in secret is for the entire snowflake or secret file can be created per each database? thanks

Hi @vbabaria, welcome to the Streamlit community!

If your app is deployed from a public GitHub repo, the secrets functionality keeps your secrets from being publicly exposed. If you are deploying from a private GitHub repo, then you could in fact keep your passwords in the Git repo, but that is also “in the cloud” in the sense that it’s on GitHub’s servers.

Whatever you would’ve done without using Streamlit to access Snowflake can be also done when using Streamlit. So if your company uses service accounts, then those are the credentials you would use. Or credentials per database, per user, or any combination of that.

Best,
Randy

1 Like

Thanks for the response Randy.

So without sharing secret file to streamit cloud, i can not test snowflake connectivity from a streamlit sample python project, right?

also by any chance do you know how can i create separate authentication for each database on snowflake so i don’t have to share main password to the cloud. Yes i am not going to upload secret file to github but i am also trying to avoid sharing to cloud when i am trying to run project locally for POC if it is possible.

Thanks again.

You don’t have to commit a file into your repo, but you eventually have to provide the secrets to the app somehow (irrespective of how you deploy your app). The secrets functionality in Streamlit Cloud keeps your secrets separated from your code and injects the secrets in when the Streamlit Cloud container is created. This is similar to how other services like Heroku work.

As far as Snowflake specific questions, I’m not currently familiar with the product.

Best,
Randy

1 Like