Skip to main content

A DuckDB-powered command line interface for Snowflake security, governance, operations, and cost optimization.

Project description

What is Snowflakecli?

Snowflakecli is a DuckDB-powered command line interface for Snowflake security, governance, operations, and cost optimization.

Snowflakecli is not endorsed or sponsored by Snowflake in any manner. It is vendor-neutral and entirely dedicated to the mission of making your cloud data warehouse safer and more cost efficient.

snowflakecli

Installation

$ pip install snowflakecli

Who is Snowflakecli for?

Snowflakecli is built for:

  • Security threat-hunting teams still dealing with the fallout of the UNC5537 breach.
  • Data and Ops teams looking to proactively improve and continuously monitor their security posture.
  • Operations teams looking to optimize their virtual warehouses and workloads.
  • Data engineers looking to grasp the complexities of their Snowflake account.

What does Snowflakecli do?

Snowflakecli includes:

  • Key-Pair utilities so you can establish and maintain secure access to your Snowflake account.
  • Customizable security threat hunting, with the UNC5537 threat hunt being the default.
  • Customizable security and auditing benchmarks, with well-known industry standards being the default.
  • CLI-based SQL execution
  • Simplified SQL migration management - think a lightweight, Python-based Flyway
  • Configuration management
  • Connection management

Snowflakecli is quickly growing to include:

  • Data loading and unloading tools
  • Account snapshotting and state diff-ing
  • Declarative, idempotent resource management with fewer dangerous surprises
  • ACL exploration - "Can user X access Y? How?"
  • Virtual warehouse utilization and workload optimization tools
  • Tiered compute so local queries don't have to use a virtual warehouse to do local analytics
  • AI-powered PII governance
  • AI-powered account recommendations

Why are we building it?

We first adopted Snowflake in 2017 and it was absolutely game-changing. The separation of compute and storage allowed our data teams to quickly implement analytical systems that would have taken months (or years) to roll out.

But a series of common patterns have since emerged across industry:

Snowflake accounts often fail to implement best-in-class security and data security practices...

Which has lead to unfortunate situations like UNC5537.

Snowflake usage and activity often goes unaudited...

Which leads to a lack of insight into what is actually happening to organizations' data resources.

Snowflake accounts often have runaway costs...

Which means either a dedicated hire (who quickly pays for themselves) or onboarding third-party software like Select or Keebo.

Why are we the right people to build it?

We have:

..while helping many companies along the way.

Documentation

Full documentation will be published shortly so stay tuned.

In the meantime, snowflakecli is entirely self-documenting thanks to great tools like Typer and Rich.

Q&A

Can I contribute?

Please do.

We are readily accepting new contributions and understand the power of collective, collaborative knowledge. If you have thoughts, ideas, suggestions, or innovative use cases please create an issue and let's start the conversation. Or just pull a PR 😀. Or find one of us on LinkedIn 😀.

Is it secure?

Yes. The codebase is entirely open, MIT-licensed, and built with best-in-class Python tooling.

Unlike other command line tools which promote insecure practices such as username and password-based authentication without MFA, Snowflakecli explicitly mandates key-pair authentication.

Can it be used to keep my Snowflake account more secure?

Yes.

Data security has never been more important and Snowflakecli was explicitly built to help Snowflake customers enhance the security of their accounts.

Many Snowflake accounts have been set up quickly with less-than-ideal configuration. As these accounts grow they usually store increasingly-sensitive information and become targets for malicious activity.

Snowflakecli helps automate the process of establishing and maintaining secure accounts.

License

MIT

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

snowflakecli-0.4.4.tar.gz (23.6 kB view details)

Uploaded Source

Built Distribution

snowflakecli-0.4.4-py3-none-any.whl (30.2 kB view details)

Uploaded Python 3

File details

Details for the file snowflakecli-0.4.4.tar.gz.

File metadata

  • Download URL: snowflakecli-0.4.4.tar.gz
  • Upload date:
  • Size: 23.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: pdm/2.13.2 CPython/3.12.4 Darwin/22.3.0

File hashes

Hashes for snowflakecli-0.4.4.tar.gz
Algorithm Hash digest
SHA256 29b6cc368ce3f699bad89ff83224cf9d86e052e37fcd100cb46a878219db7726
MD5 65fd450f55e6e1c801fe53883b164275
BLAKE2b-256 33de84b2e67350705a1439de4fda617e3775c81847a18cf359362715f78c145c

See more details on using hashes here.

File details

Details for the file snowflakecli-0.4.4-py3-none-any.whl.

File metadata

  • Download URL: snowflakecli-0.4.4-py3-none-any.whl
  • Upload date:
  • Size: 30.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: pdm/2.13.2 CPython/3.12.4 Darwin/22.3.0

File hashes

Hashes for snowflakecli-0.4.4-py3-none-any.whl
Algorithm Hash digest
SHA256 6d61f2d2a83d9bd81cdf00c5ccb63e57fceec3970468867b8d122b45adcc60fb
MD5 c00acf73d43fa801ffca17538606522a
BLAKE2b-256 b8de26bd6348ff09c0d930f42e1c80cd70c2634c4247110f7c80f7cd29414405

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page