Skip to content

Secrets in Maia Foundation runner for Snowflake🔗

Agent Type:
Maia Hybrid
Agent Platform:
Snowflake ✅

Adding secrets🔗

Secrets are stored within a Snowflake schema, and will be available for Maia pipelines to reference. We recommend you use the default secrets schema, but you can specify an alternative if you wish. Both options are described below.

Warning

If you uninstall the Maia Foundation runner application from Snowflake, any secrets created within the default secrets schema will be deleted.

Default secrets schema🔗

The default schema for secrets is defined as <APPLICATION_NAME>.SECRETS, as seen on the configuration screen when creating the Maia Foundation runner application. To create a secret in this schema, execute the following commands, using the same role you used for creating the Maia Foundation runner:

CREATE SECRET <APPLICATION_NAME>.SECRETS.<SECRET_NAME> TYPE = GENERIC_STRING SECRET_STRING = 'some-secret-string';
GRANT USAGE ON SECRET <APPLICATION_NAME>.SECRETS.<SECRET_NAME> TO APPLICATION <APPLICATION_NAME>;
GRANT READ ON SECRET <APPLICATION_NAME>.SECRETS.<SECRET_NAME> TO APPLICATION <APPLICATION_NAME>;

Where:

  • <APPLICATION_NAME> is the name of the application set during installation. By default, this is MATILLION_DATA_PRODUCTIVITY_CLOUD.
  • <SECRET_NAME> is a unique name for the secret.
  • 'some-secret-string' is the secret value.

Alternative secrets schema🔗

If you changed the Default Secrets Schema property when you configured the Maia Foundation runner application, some additional configuration is required.

  1. Grant USAGE permission to the application for the following objects:

    GRANT USAGE ON DATABASE <DATABASE_NAME> TO APPLICATION <APPLICATION_NAME>;
GRANT USAGE ON SCHEMA <DATABASE_NAME>.<SCHEMA_NAME> TO APPLICATION <APPLICATION_NAME>;

    Where:

    • <DATABASE_NAME> and <SCHEMA_NAME> identify the schema you want to use for secrets.
    • <APPLICATION_NAME> is the name of the application set during installation. By default, this is MATILLION_DATA_PRODUCTIVITY_CLOUD.

  2. To allow creation of secrets, you must also grant the following:

    GRANT CREATE SECRET ON SCHEMA <DATABASE_NAME>.<SCHEMA_NAME> TO APPLICATION <APPLICATION_NAME>;

  3. To create secrets in the target schema, use the following commands:

    CREATE SECRET <DATABASE_NAME>.<SCHEMA_NAME>.<SECRET_NAME> TYPE = GENERIC_STRING SECRET_STRING = 'some-secret-string';
GRANT READ ON SECRET <DATABASE_NAME>.<SCHEMA_NAME>.<SECRET_NAME> TO APPLICATION <APPLICATION_NAME>;

    Where:

    • <SECRET_NAME> is a unique name for the secret.
    • 'some-secret-string' is the secret value.
© Copyright 2026 Matillion Ltd | Legal | Privacy Policy | Disclaimer | Modern Slavery Statement