Secrets & credentials
SnowClaw manages secrets entirely through your local .env file. They are never baked into the Docker image — they're uploaded to Snowflake as individual SECRET objects and mounted into the running container at runtime as environment variables.
How it works
snowclaw setupcollects your Snowflake PAT, channel tokens, and tool credentials during the interactive wizard and writes them to.env.snowclaw deployandsnowclaw pushautomatically read.env, create or update a SnowflakeSECRETfor each variable, and regenerate the SPCS service spec to mount them.- At runtime, secrets are available as environment variables inside the container.
What becomes a secret
| Source | Example | How it's handled |
|---|---|---|
| Snowflake auth | SNOWFLAKE_TOKEN | Created as a dedicated secret during deploy |
| Channel credentials | TELEGRAM_BOT_TOKEN, DISCORD_BOT_TOKEN, SLACK_BOT_TOKEN | Added via snowclaw channel add, auto-detected per channel |
| Tool credentials | GH_TOKEN, BRAVE_API_KEY | Added via setup wizard when tools are selected |
| Custom variables | Any other KEY=value in .env | Automatically becomes a Snowflake secret — no config needed |
Any key=value pair you add to .env is automatically uploaded as a Snowflake secret. There's no separate registration step. Just add the variable, run snowclaw push, and it's available in the container.
Updating secrets
# Edit .env with your new or changed values, then:
snowclaw push # pushes config, workspace, skills, AND secrets
snowclaw push --secrets # push ONLY secrets (skips file sync for speed)
Both commands update the Snowflake SECRET objects and restart the service to pick up changes.
CUSTOM_ vs. bare custom vars
Variables prefixed with CUSTOM_ are surfaced in the generated service spec and documentation as user-managed secrets. Bare custom variables also become secrets, but without the special-case treatment. Prefix with CUSTOM_ if you want the variable to be obvious as "mine, not SnowClaw-internal" to future-you.
Masking
The Cortex proxy scrubs known secret values from outbound LLM payloads before they reach Cortex. See the Security model page for how the masking walkers handle both OpenAI and Anthropic request shapes.
Variables listed in SNOWCLAW_MASK_VARS (auto-generated in .env) are the ones masked. By default this includes every *_TOKEN and *_API_KEY the CLI knows about, plus everything you added via CUSTOM_.
What does not leave your account
.envis gitignored by default — it never ends up in a commit.- Secret values are not printed in CLI output.
SECRETobject contents are never retrievable from Snowflake — they are write-only from the API's perspective.- The masking sidecar means even your agent can't accidentally leak them to the LLM.