Environments¶

An environment is a named Snowflake connection profile. Environments are stored in ~/.clair/environments.yml — outside the project directory so credentials are never committed.

~/.clair/environments.yml¶

dev:
  account: myorg-myaccount
  user: alice@example.com
  authenticator: externalbrowser
  warehouse: dev_warehouse
  role: analyst
  region: us-east-1
  account_locator: abc12345

prod:
  account: myorg-myaccount
  user: ci_service_user
  private_key_path: ~/.clair/snowflake_key.p8
  warehouse: prod_warehouse
  role: transformer
  region: us-east-1
  account_locator: abc12345

Authentication methods¶

dev:
  account: myorg-myaccount
  user: alice@example.com
  private_key_path: ~/.clair/snowflake_key.p8
  warehouse: my_warehouse

  private_key_passphrase: your-passphrase

dev:
  account: myorg-myaccount
  user: alice@example.com
  password: your-password
  warehouse: my_warehouse

dev:
  account: myorg-myaccount
  user: alice@example.com
  authenticator: externalbrowser
  warehouse: my_warehouse

Field reference¶

Selecting an environment¶

The environment name is resolved in this order:

1. --env CLI flag
2. CLAIR_ENV environment variable
3. "dev" (default)

clair run --project . --env prod
CLAIR_ENV=prod clair run --project .

CI usage¶

In CI, set CLAIR_ENV and use key-pair authentication (no browser interaction required):

# GitHub Actions example
- name: Run clair
  env:
    CLAIR_ENV: prod
    SNOWFLAKE_PRIVATE_KEY: ${{ secrets.SNOWFLAKE_PRIVATE_KEY }}
  run: clair run --project .

Routing policies¶

Each environment can optionally include a routing policy that remaps logical Snowflake names to physical targets. See Routing Policies.