> ## Documentation Index
> Fetch the complete documentation index at: https://docs.maia.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Using secrets in a Maia runner for Snowflake

export const m_runner = "Maia runner";

export const maia = "Maia";

export const RunnerMetadata = ({runnerType, platforms = []}) => {
  return <div style={{
    background: 'var(--colors-background-light, #f9fafb)',
    border: '1px solid var(--colors-border-default, #e5e7eb)',
    borderRadius: '12px',
    padding: '20px 28px',
    marginBottom: '28px'
  }}>
      <table style={{
    width: '100%',
    borderCollapse: 'collapse'
  }}>
        <tbody>
          <tr>
            <td style={{
    fontWeight: '600',
    paddingRight: '32px',
    paddingBottom: '14px',
    whiteSpace: 'nowrap',
    verticalAlign: 'middle',
    width: '180px'
  }}>Runner type</td>
            <td style={{
    paddingBottom: '14px',
    verticalAlign: 'middle'
  }}>{runnerType}</td>
          </tr>
          <tr>
            <td style={{
    fontWeight: '600',
    paddingRight: '32px',
    whiteSpace: 'nowrap',
    verticalAlign: 'middle'
  }}>Runner platform</td>
            <td style={{
    verticalAlign: 'middle'
  }}>
              <div style={{
    display: 'flex',
    flexWrap: 'wrap',
    gap: '8px'
  }}>
                {platforms.map((platform, i) => <span key={i} style={{
    background: '#dcfce7',
    color: '#15803d',
    border: '1px solid #bbf7d0',
    borderRadius: '9999px',
    padding: '3px 12px',
    fontSize: '0.85rem',
    fontWeight: '500',
    whiteSpace: 'nowrap'
  }}>
                    {platform} ✅
                  </span>)}
              </div>
            </td>
          </tr>
        </tbody>
      </table>
    </div>;
};

<RunnerMetadata runnerType={`${maia} Hybrid`} platforms={["Snowflake"]} />

## Adding secrets

Secrets are stored within a Snowflake schema, and will be available for {maia} pipelines to reference. We recommend you use the default secrets schema, but you can specify an alternative if you wish. Both options are described below.

<Warning>
  If you [uninstall](/docs/guides/snowflake-runner-install#uninstalling-the-application) the {m_runner} application from Snowflake, any secrets created within the default secrets schema will be deleted.
</Warning>

***

## Default secrets schema

The default schema for secrets is defined as `<APPLICATION_NAME>.SECRETS`, as seen on the configuration screen when creating the {m_runner} application. To create a secret in this schema, execute the following commands, using the same role you used for creating the {m_runner}:

```sql theme={null}
CREATE SECRET <APPLICATION_NAME>.SECRETS.<SECRET_NAME> TYPE = GENERIC_STRING SECRET_STRING = 'some-secret-string';
GRANT USAGE ON SECRET <APPLICATION_NAME>.SECRETS.<SECRET_NAME> TO APPLICATION <APPLICATION_NAME>;
GRANT READ ON SECRET <APPLICATION_NAME>.SECRETS.<SECRET_NAME> TO APPLICATION <APPLICATION_NAME>;
```

Where:

* `<APPLICATION_NAME>` is the name of the application set during installation. By default, this is `MATILLION_DATA_PRODUCTIVITY_CLOUD`.
* `<SECRET_NAME>` is a unique name for the secret.
* `'some-secret-string'` is the secret value.

***

## Alternative secrets schema

If you changed the **Default Secrets Schema** property when you configured the {m_runner} application, some additional configuration is required.

1. Grant **USAGE** permission to the application for the following objects:

   ```sql theme={null}
   GRANT USAGE ON DATABASE <DATABASE_NAME> TO APPLICATION <APPLICATION_NAME>;
   GRANT USAGE ON SCHEMA <DATABASE_NAME>.<SCHEMA_NAME> TO APPLICATION <APPLICATION_NAME>;
   ```

   Where:

   * `<DATABASE_NAME>` and `<SCHEMA_NAME>` identify the schema you want to use for secrets.
   * `<APPLICATION_NAME>` is the name of the application set during installation. By default, this is `MATILLION_DATA_PRODUCTIVITY_CLOUD`.

2. To allow creation of secrets, you must also grant the following:

   ```sql theme={null}
   GRANT CREATE SECRET ON SCHEMA <DATABASE_NAME>.<SCHEMA_NAME> TO APPLICATION <APPLICATION_NAME>;
   ```

3. To create secrets in the target schema, use the following commands:

   ```sql theme={null}
   CREATE SECRET <DATABASE_NAME>.<SCHEMA_NAME>.<SECRET_NAME> TYPE = GENERIC_STRING SECRET_STRING = 'some-secret-string';
   GRANT READ ON SECRET <DATABASE_NAME>.<SCHEMA_NAME>.<SECRET_NAME> TO APPLICATION <APPLICATION_NAME>;
   ```

   Where:

   * `<SECRET_NAME>` is a unique name for the secret.
   * `'some-secret-string'` is the secret value.