Skip to content

Commit 03dc9b9

Browse files
nicosuavenicosuave
committed
Add comprehensive environment variable documentation for connections
- Add full connection string examples for all databases - Add component-based environment variable examples - Add security best practices (secret management, .gitignore, file permissions) - Add per-environment configuration examples (dev/staging/prod) - Show how to build connection strings from env vars in shell
1 parent 2162da1 commit 03dc9b9

1 file changed

Lines changed: 124 additions & 8 deletions

File tree

docs/connections.qmd

Lines changed: 124 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -288,7 +288,11 @@ sidemantic query models/ \
288288

289289
## Environment Variables
290290

291-
Store credentials in environment variables for security:
291+
Store credentials in environment variables for security. Never commit credentials to version control.
292+
293+
### Full Connection Strings
294+
295+
Store complete connection string in an environment variable:
292296

293297
**Example .env file:**
294298
```bash
@@ -297,20 +301,132 @@ DATABASE_URL=postgres://user:pass@localhost:5432/analytics
297301

298302
# BigQuery
299303
GOOGLE_APPLICATION_CREDENTIALS=/path/to/service-account.json
300-
DATABASE_URL=bigquery://my-project/my-dataset
304+
BIGQUERY_URL=bigquery://my-project/my-dataset
301305

302306
# Snowflake
303-
DATABASE_URL=snowflake://user:pass@account/db/schema?warehouse=wh
307+
SNOWFLAKE_URL=snowflake://user:pass@account/db/schema?warehouse=wh
308+
309+
# ClickHouse
310+
CLICKHOUSE_URL=clickhouse://user:pass@localhost:8123/default
311+
312+
# Databricks
313+
DATABRICKS_URL=databricks://token@server/http-path?catalog=main
314+
315+
# Spark
316+
SPARK_URL=spark://localhost:10000/default
304317
```
305318

306-
**Reference in YAML:**
307-
```yaml
308-
# Use ${ENV_VAR} syntax (if supported by your tooling)
309-
connection: ${DATABASE_URL}
319+
**Use with CLI:**
320+
```bash
321+
# Load .env file (many tools auto-load)
322+
export $(cat .env | xargs)
323+
324+
# Use environment variable
325+
sidemantic query models/ --connection "$DATABASE_URL" \
326+
--sql "SELECT revenue FROM orders"
327+
328+
sidemantic workbench models/ --connection "$SNOWFLAKE_URL"
329+
330+
sidemantic serve models/ --connection "$BIGQUERY_URL"
310331
```
311332

312-
**Or use CLI flag:**
333+
### Component Environment Variables
334+
335+
Build connection strings from individual components:
336+
337+
**Example .env file:**
338+
```bash
339+
# PostgreSQL components
340+
POSTGRES_HOST=db.example.com
341+
POSTGRES_PORT=5432
342+
POSTGRES_USER=analyst
343+
POSTGRES_PASSWORD=secret
344+
POSTGRES_DB=analytics
345+
346+
# Snowflake components
347+
SNOWFLAKE_ACCOUNT=xy12345.us-east-1
348+
SNOWFLAKE_USER=analyst
349+
SNOWFLAKE_PASSWORD=secret
350+
SNOWFLAKE_DATABASE=ANALYTICS
351+
SNOWFLAKE_SCHEMA=PUBLIC
352+
SNOWFLAKE_WAREHOUSE=COMPUTE_WH
353+
354+
# BigQuery components
355+
BIGQUERY_PROJECT=my-gcp-project
356+
BIGQUERY_DATASET=analytics_dataset
357+
GOOGLE_APPLICATION_CREDENTIALS=/path/to/service-account.json
358+
```
359+
360+
**Build connection string in shell:**
313361
```bash
362+
# PostgreSQL
363+
CONNECTION="postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}"
364+
sidemantic query models/ --connection "$CONNECTION" --sql "SELECT revenue FROM orders"
365+
366+
# Snowflake
367+
CONNECTION="snowflake://${SNOWFLAKE_USER}:${SNOWFLAKE_PASSWORD}@${SNOWFLAKE_ACCOUNT}/${SNOWFLAKE_DATABASE}/${SNOWFLAKE_SCHEMA}?warehouse=${SNOWFLAKE_WAREHOUSE}"
368+
sidemantic workbench models/ --connection "$CONNECTION"
369+
370+
# BigQuery
371+
CONNECTION="bigquery://${BIGQUERY_PROJECT}/${BIGQUERY_DATASET}"
372+
sidemantic serve models/ --connection "$CONNECTION"
373+
```
374+
375+
### Security Best Practices
376+
377+
**Never commit credentials:**
378+
```bash
379+
# Add to .gitignore
380+
echo ".env" >> .gitignore
381+
echo "*.secrets" >> .gitignore
382+
```
383+
384+
**Use secret management:**
385+
```bash
386+
# AWS Secrets Manager
387+
export DATABASE_URL=$(aws secretsmanager get-secret-value \
388+
--secret-id prod/database-url \
389+
--query SecretString \
390+
--output text)
391+
392+
# Google Secret Manager
393+
export DATABASE_URL=$(gcloud secrets versions access latest \
394+
--secret="database-url")
395+
396+
# HashiCorp Vault
397+
export DATABASE_URL=$(vault kv get -field=url secret/database)
398+
```
399+
400+
**Restrict file permissions:**
401+
```bash
402+
chmod 600 .env
403+
```
404+
405+
### Per-Environment Configuration
406+
407+
**Development:**
408+
```bash
409+
# .env.development
410+
DATABASE_URL=duckdb:///dev.duckdb
411+
```
412+
413+
**Staging:**
414+
```bash
415+
# .env.staging
416+
DATABASE_URL=postgres://user:pass@staging-db:5432/analytics
417+
```
418+
419+
**Production:**
420+
```bash
421+
# .env.production
422+
DATABASE_URL=snowflake://user:pass@prod-account/db/schema?warehouse=wh
423+
```
424+
425+
**Load based on environment:**
426+
```bash
427+
ENV=${ENV:-development}
428+
export $(cat .env.${ENV} | xargs)
429+
314430
sidemantic query models/ --connection "$DATABASE_URL" \
315431
--sql "SELECT revenue FROM orders"
316432
```

0 commit comments

Comments
 (0)