snowclaw push
Sync local config, skills, and secrets to a deployed SPCS service — without rebuilding or redeploying the image.
Usage
snowclaw push # config + skills + secrets
snowclaw push --config-only # just openclaw.json
snowclaw push --skills-only # just skills/
snowclaw push --secrets # just secrets + connections.toml
What it does
The openclaw.json config, skills, and secrets don't live inside the Docker image. They live on the SPCS stage-backed volume and in Snowflake SECRET objects. That means you can iterate on them without a full image rebuild.
| Flag | What syncs |
|---|---|
| (none) | openclaw.json, skills/, and secrets |
--config-only | Just openclaw.json |
--skills-only | Just skills/ |
--secrets | Just the Snowflake SECRET objects and connections.toml (fastest — skips file sync entirely) |
After pushing, the service keeps running with old config. Run snowclaw restart to pick up the new config without redeploying.
What does not push
Workspace files are intentionally excluded from push — they can be large, agent-generated, and out of your control. Use the dedicated upload / download / ls commands for workspace files.
Secrets behavior
When secrets sync:
- Every
KEY=valuein.envbecomes a SnowflakeSECRETobject (created viaCREATE OR REPLACE SECRET). CUSTOM_-prefixed variables become individual secrets automatically — no registration step.SNOWCLAW_MASK_VARSis regenerated to list everything the Cortex proxy should mask in outbound LLM traffic.- The service spec is regenerated so new secrets get mounted as container env vars on the next restart.