Snowflakecli is a DuckDB-powered command line interface for Snowflake security, governance, operations, and cost optimization.
Snowflakecli is not endorsed or sponsored by Snowflake in any manner. It is vendor-neutral and entirely dedicated to the mission of making your cloud data warehouse safer and more cost efficient.
$ pip install snowflakecli
Snowflakecli is built for:
- Security threat-hunting teams still dealing with the fallout of the UNC5537 breach.
- Data and Ops teams looking to proactively improve and continuously monitor their security posture.
- Operations teams looking to optimize their virtual warehouses and workloads.
- Data engineers looking to grasp the complexities of their Snowflake account.
Snowflakecli includes:
- Key-Pair utilities so you can establish and maintain secure access to your Snowflake account.
- Customizable security threat hunting, with the UNC5537 threat hunt being the default.
- Customizable security and auditing benchmarks, with well-known industry standards being the default.
- CLI-based SQL execution
- Simplified SQL migration management - think a lightweight, Python-based Flyway
- Configuration management
- Connection management
Snowflakecli is quickly growing to include:
- Data loading and unloading tools
- Account snapshotting and state diff-ing
- Declarative, idempotent resource management with fewer dangerous surprises
- ACL exploration - "Can user X access Y? How?"
- Virtual warehouse utilization and workload optimization tools
- Tiered compute so local queries don't have to use a virtual warehouse to do local analytics
- AI-powered PII governance
- AI-powered account recommendations
We first adopted Snowflake in 2017 and it was absolutely game-changing. The separation of compute and storage allowed our data teams to quickly implement analytical systems that would have taken months (or years) to roll out.
But a series of common patterns have since emerged across industry:
Which has lead to unfortunate situations like UNC5537.
Which leads to a lack of insight into what is actually happening to organizations' data resources.
Snowflake accounts often have runaway costs...
Which means either a dedicated hire (who quickly pays for themselves) or onboarding third-party software like Select or Keebo.
We have:
- Helped companies get started on Snowflake by teaching O'Reilly courses
- Contributed to Snowflake The Definitive Guide
- Built and presented Okta's next-gen SIEM on Snowflake at Snowflake Summit
- Reduced Snowflake costs by hundreds of thousands of dollars using embedded OLAP
..while helping many companies along the way.
Full documentation will be published shortly so stay tuned.
In the meantime, snowflakecli is entirely self-documenting thanks to great tools like Typer and Rich.
Please do.
We are readily accepting new contributions and understand the power of collective, collaborative knowledge. If you have thoughts, ideas, suggestions, or innovative use cases please create an issue and let's start the conversation. Or just pull a PR 😀. Or find one of us on LinkedIn 😀.
Yes. The codebase is entirely open, MIT-licensed, and built with best-in-class Python tooling.
Unlike other command line tools which promote insecure practices such as username and password-based authentication without MFA, Snowflakecli explicitly mandates key-pair authentication.
Yes.
Data security has never been more important and Snowflakecli was explicitly built to help Snowflake customers enhance the security of their accounts.
Many Snowflake accounts have been set up quickly with less-than-ideal configuration. As these accounts grow they usually store increasingly-sensitive information and become targets for malicious activity.
Snowflakecli helps automate the process of establishing and maintaining secure accounts.