streamlit-snowflake

Name: streamlit-snowflake
Author: JezWeb

StreamlitSnowflakeData AppsSnowparkPythonCloud DevelopmentCI/CDNative Apps

⭐ 860📄 MIT🕒 2026-06-11Source ↗

Install this skill

npx skills add jezweb/claude-skills

Works across Claude Code, Cursor, Codex, Copilot & Antigravity

The streamlit-snowflake skill streamlines the development and deployment of Python-based data applications directly within the Snowflake ecosystem. By facilitating the integration of Snowpark and Streamlit, it enables developers to transform SQL data into interactive dashboards without managing external servers or infrastructure. This skill provides structural templates for project configuration via snowflake.yml, ensuring files like environment.yml and application scripts are properly indexed within Snowflake stages. It handles the nuances of deployment, including the selection between Warehouse-based runtimes for session-isolated execution and Container-based runtimes for cost-efficient, shared-instance scaling. Developers can manage security via owner-rights or caller-rights models, ensuring sensitive data remains accessible only to authorized individuals. It simplifies the bridge between Snowflake's query execution engine and the Streamlit frontend, centralizing code management for native applications.

When to Use This Skill

•Building internal data reporting dashboards for non-technical stakeholders
•Developing secure customer-facing apps that respect user-level data permissions
•Deploying cost-effective data tools using Container runtime compute pools
•Publishing native data applications to the Snowflake Marketplace

How to Invoke This Skill

Example prompts that trigger this skill in Claude Code, Cursor, or Antigravity:

“Deploy my Streamlit app to Snowflake
“How do I set up a project for Streamlit in Snowflake?
“Configure Snowflake container runtime for my app
“Switch my Streamlit app to caller's rights
“Create a snowflake.yml for a new data dashboard

Pro Tips

💡Optimize your `environment.yml` file to include only essential Python packages to minimize deployment time and improve app performance.
💡Leverage Snowflake's native role-based access control (RBAC) to manage permissions for your Streamlit app and underlying data securely.
💡Utilize the `snow streamlit logs` command for efficient debugging and monitoring of your deployed Streamlit in Snowflake application.

What this skill does

•Declarative deployment of Streamlit apps to Snowflake internal stages
•Switching between Warehouse and Container runtimes for performance optimization
•Defining security boundaries with Caller's Rights for multi-tenant data isolation
•Managing dependency versions through environment.yml or PyPI package configuration
•Executing Snowpark sessions to bridge SQL data with Streamlit UI components

When not to use it

✕Hosting Streamlit applications outside of the Snowflake ecosystem
✕Building general ETL or data transformation pipelines without a frontend
✕Projects requiring custom Streamlit components not permitted in SiS

Example workflow

Create a new directory structure for the app
Initialize snowflake.yml with the target stage and warehouse details
Write the streamlit_app.py logic using st.connection to access Snowflake data
Define package dependencies in environment.yml
Run the deployment command to push code to the Snowflake stage
Verify the app status and open it via the Snowflake interface

Prerequisites

–Active Snowflake account with permission to create Streamlit apps
–Snowflake CLI installed and configured
–Access to a Warehouse for executing queries

Pitfalls & limitations

!Mixing up Warehouse runtime limits with Container runtime package flexibility
!Accidentally exposing sensitive data when using Owner's Rights instead of Caller's Rights
!Incompatibility of specific Python libraries that aren't on the Anaconda channel in standard runtime

FAQ

What is the primary difference between Warehouse and Container runtimes?

Warehouse runtime creates isolated sessions for each viewer and uses the Anaconda channel, whereas the Container runtime allows external PyPI packages and shares instances for lower costs.

How can I ensure my app only shows data relevant to the person viewing it?

Use the 'caller's rights' model by configuring your Snowflake connection with type='callers_rights', which enforces the viewer's specific database permissions.

Are custom Streamlit components supported?

No, standard custom Streamlit components are not supported within the Streamlit in Snowflake environment.

Can I use external libraries not found in the Anaconda channel?

Yes, but you must use the Container runtime to enable support for standard PyPI package installations.

How it compares

Generic prompts often miss the specific file structure, YML configuration, and security context (Owner vs. Caller rights) unique to the native Snowflake environment.

Source & trust

⭐ 860 stars📄 MIT🕒 Updated 2026-06-11

View original skill on GitHub →

📄 Full skill instructions — original source: jezweb/claude-skills

# Streamlit in Snowflake Skill

Build and deploy Streamlit apps natively within Snowflake, including Marketplace publishing as Native Apps.

## Quick Start

### 1. Initialize Project

Copy the templates to your project:

# Create project directory
mkdir my-streamlit-app && cd my-streamlit-app

# Copy templates (Claude will provide these)

### 2. Configure snowflake.yml

Update placeholders in snowflake.yml:

definition_version: 2
entities:
  my_app:
    type: streamlit
    identifier: my_streamlit_app        # ← Your app name
    stage: my_app_stage                 # ← Your stage name
    query_warehouse: my_warehouse       # ← Your warehouse
    main_file: streamlit_app.py
    pages_dir: pages/
    artifacts:
      - common/
      - environment.yml

### 3. Deploy

# Deploy to Snowflake
snow streamlit deploy --replace

# Open in browser
snow streamlit deploy --replace --open

## When to Use This Skill

**Use when:**
- Building data apps that run natively in Snowflake
- Need Snowpark integration for data access
- Publishing apps to Snowflake Marketplace
- Setting up CI/CD for Streamlit in Snowflake

**Don't use when:**
- Hosting Streamlit externally (use Streamlit Community Cloud)
- Building general Snowpark pipelines (use a Snowpark-specific skill)
- Need custom Streamlit components (not supported in SiS)

## Runtime Environments

Snowflake offers **two runtime options** for Streamlit apps:

### Warehouse Runtime (Default)

- Creates a **personal instance** for each viewer
- Uses environment.yml with Snowflake Anaconda Channel
- Python 3.9, 3.10, or 3.11
- Streamlit 1.22.0 - 1.35.0
- Best for: Sporadic usage, isolated sessions

### Container Runtime (Preview)

- Creates a **shared instance** for all viewers
- Uses requirements.txt or pyproject.toml with **PyPI packages**
- Python 3.11 only
- Streamlit 1.49+
- **Significantly lower cost** (~$2.88/day vs ~$48/day for equivalent compute)
- Best for: Frequent usage, cost optimization

**Container Runtime Configuration:**

CREATE STREAMLIT my_app
  FROM '@my_stage/app_folder'
  MAIN_FILE = 'streamlit_app.py'
  RUNTIME_NAME = 'SYSTEM$ST_CONTAINER_RUNTIME_PY3_11'
  COMPUTE_POOL = my_compute_pool
  QUERY_WAREHOUSE = my_warehouse;

**Key difference:** Container runtime allows **external PyPI packages** - not limited to Snowflake Anaconda Channel.

See: [Runtime Environments](https://docs.snowflake.com/en/developer-guide/streamlit/app-development/runtime-environments)

## Security Model

Streamlit apps support **two privilege models**:

### Owner's Rights (Default)

- Apps execute with the **owner's privileges**, not the viewer's
- Apps use the warehouse provisioned by the owner
- Viewers can interact with data using all owner role privileges

**Security implications:**
- Exercise caution when granting write privileges to app roles
- Use dedicated roles for app creation/viewing
- Viewers can access any data the owner role can access
- Best for: Internal tools with trusted users

### Caller's Rights (v1.53.0+)

- Apps execute with the **viewer's privileges**
- Each viewer sees only data they have permission to access
- Provides data isolation in multi-tenant scenarios

**Use caller's rights when:**
- Building public or external-facing apps
- Need per-user data access control
- Multi-tenant applications requiring data isolation

See [Caller's Rights Connection](#callers-rights-connection-v1530) pattern below.

## Project Structure

my-streamlit-app/
├── snowflake.yml           # Project definition (required)
├── environment.yml         # Package dependencies (required)
├── streamlit_app.py        # Main entry point
├── pages/                  # Multi-page apps
│   └── data_explorer.py
├── common/                 # Shared utilities
│   └── utils.py
└── .gitignore

## Key Patterns

### Snowpark Session Connection

import streamlit as st

# Get Snowpark session (native SiS connection)
conn = st.connection("snowflake")
session = conn.session()

# Query data
df = session.sql("SELECT * FROM my_table LIMIT 100").to_pandas()
st.dataframe(df)

### Caller's Rights Connection (v1.53.0+)

Execute queries with viewer's privileges instead of owner's privileges:

import streamlit as st

# Use caller's rights for data isolation
conn = st.connection("snowflake", type="callers_rights")

# Each viewer sees only data they have permission to access
df = conn.query("SELECT * FROM sensitive_customer_data")
st.dataframe(df)

**Security comparison:**

| Connection Type | Privilege Model | Use Case |
|-----------------|-----------------|----------|
| type="snowflake" (default) | Owner's rights | Internal tools, trusted users |
| type="callers_rights" (v1.53.0+) | Caller's rights | Public apps, data isolation |

**Source**: [Streamlit v1.53.0 Release](https://github.com/streamlit/streamlit/releases/tag/1.53.0)

### Caching Expensive Queries

@st.cache_data(ttl=600)  # Cache for 10 minutes
def load_data(query: str):
    conn = st.connection("snowflake")
    return conn.session().sql(query).to_pandas()

# Use cached function
df = load_data("SELECT * FROM large_table")

**Warning**: In Streamlit v1.22.0-1.53.0, params argument is not included in cache key. Use ttl=0 to disable caching when using parametrized queries, or upgrade to 1.54.0+ when available ([Issue #13644](https://github.com/streamlit/streamlit/issues/13644)).

### Optimizing Snowpark DataFrame Performance

When using Snowpark DataFrames with charts or tables, select only required columns to avoid fetching unnecessary data:

# ❌ Fetches all 50 columns even though chart only needs 2
df = session.table("wide_table")  # 50 columns
st.line_chart(df, x="date", y="value")

# ✅ Fetch only needed columns for better performance
df = session.table("wide_table").select("date", "value")
st.line_chart(df, x="date", y="value")
# 5-10x faster for wide tables

**Why it matters**: st.dataframe() and chart components call df.to_pandas() which evaluates ALL columns, even if the visualization only needs some. Pre-selecting columns reduces data transfer and improves performance ([Issue #11701](https://github.com/streamlit/streamlit/issues/11701)).

### Environment Configuration

**environment.yml** (required format):

name: sf_env
channels:
  - snowflake          # REQUIRED - only supported channel
dependencies:
  - streamlit=1.35.0   # Explicit version (default is old 1.22.0)
  - pandas
  - plotly
  - altair=4.0         # Version 4.0 supported in SiS
  - snowflake-snowpark-python

## Error Prevention

This skill prevents **14 documented errors**:

| Error | Cause | Prevention |
|-------|-------|------------|
| PackageNotFoundError | Using conda-forge or external channel | Use channels: - snowflake (or Container Runtime for PyPI) |
| Missing Streamlit features | Default version 1.22.0 | Explicitly set streamlit=1.35.0 (or use Container Runtime for 1.49+) |
| ROOT_LOCATION deprecated | Old CLI syntax | Use Snowflake CLI 3.14.0+ with FROM source_location |
| Auth failures (2026+) | Password-only authentication | Use key-pair or OAuth (see references/authentication.md) |
| File upload fails | File >200MB | Keep uploads under 200MB limit |
| DataFrame display fails | Data >32MB | Paginate or limit data before display |
| page_title not supported | SiS limitation | Don't use page_title, page_icon, or menu_items in st.set_page_config() |
| Custom component error | SiS limitation | Only components without external service calls work |
| _snowflake module not found | Container Runtime migration | Use from snowflake.snowpark.context import get_active_session instead of from _snowflake import get_active_session ([Migration Guide](https://docs.snowflake.com/en/developer-guide/streamlit/migrations-and-upgrades/runtime-migration)) |
| Cached query returns wrong data with different params | params not in cache key (v1.22.0-1.53.0) | Use ttl=0 to disable caching for parametrized queries, or upgrade to 1.54.0+ when available ([Issue #13644](https://github.com/streamlit/streamlit/issues/13644)) |
| Invalid connection_name 'default' with kwargs only | Missing secrets.toml or connections.toml | Create minimal .streamlit/secrets.toml with [connections.snowflake] section ([Issue #9016](https://github.com/streamlit/streamlit/issues/9016)) |
| Native App upgrades unexpectedly | Implicit default Streamlit version (BCR-1857) | Explicitly set streamlit=1.35.0 in environment.yml to prevent automatic version changes ([BCR-1857](https://docs.snowflake.com/en/release-notes/bcr-bundles/2025_01/bcr-1857)) |
| File paths fail in Container Runtime subdirectories | Some commands use entrypoint-relative paths | Use pathlib to resolve absolute paths: Path(__file__).parent / "assets/logo.png" ([Runtime Docs](https://docs.snowflake.com/en/developer-guide/streamlit/app-development/runtime-environments)) |
| Slow performance with wide Snowpark DataFrames | st.dataframe() fetches all columns even if unused | Pre-select only needed columns: df.select("col1", "col2") before passing to Streamlit ([Issue #11701](https://github.com/streamlit/streamlit/issues/11701)) |

## Deployment Commands

### Basic Deployment

# Deploy and replace existing
snow streamlit deploy --replace

# Deploy and open in browser
snow streamlit deploy --replace --open

# Deploy specific entity (if multiple in snowflake.yml)
snow streamlit deploy my_app --replace

### CI/CD Deployment

See references/ci-cd.md for GitHub Actions workflow template.

## Marketplace Publishing (Native App)

To publish your Streamlit app to Snowflake Marketplace:

1. **Convert to Native App** - Use templates-native-app/ templates
2. **Create Provider Profile** - Required for Marketplace listings
3. **Submit for Approval** - Snowflake reviews before publishing

See templates-native-app/README.md for complete workflow.

### Native App Structure

my-native-app/
├── manifest.yml            # Native App manifest
├── setup.sql               # Installation script
├── streamlit/
│   ├── environment.yml
│   ├── streamlit_app.py
│   └── pages/
└── README.md

## Package Availability

Only packages from the **Snowflake Anaconda Channel** are available:

-- Query available packages
SELECT * FROM information_schema.packages
WHERE language = 'python'
ORDER BY package_name;

-- Search for specific package
SELECT * FROM information_schema.packages
WHERE language = 'python'
AND package_name ILIKE '%plotly%';

**Common available packages:**
- pandas, numpy, scipy
- plotly, altair (4.0), matplotlib
- scikit-learn, xgboost
- snowflake-snowpark-python
- streamlit (1.22.0 default, 1.35.0 with explicit version)

**Not available:**
- Packages from conda-forge
- Custom/private packages
- Packages requiring native compilation

See: [Snowpark Python Packages Explorer](https://snowpark-python-packages.streamlit.app/)

## Known Limitations

### Data & Size Limits
- **32 MB message size** between backend/frontend (affects large st.dataframe)
- **200 MB file upload limit** via st.file_uploader
- **No .so files** - Native compiled libraries unsupported
- **No external stages** - Internal stages only (client-side encryption)

### UI Restrictions
- **st.set_page_config** - page_title, page_icon, menu_items not supported
- **st.bokeh_chart** - Not supported
- **Custom Streamlit components** - Only components without external service calls
- **Content Security Policy** - Blocks external scripts, styles, fonts, iframes
- **eval() blocked** - CSP prevents unsafe JavaScript execution

### Caching (Warehouse Runtime)
- **Session-scoped only** - st.cache_data and st.cache_resource don't persist across users
- Container runtime has full caching support across viewers

### Package Restrictions (Warehouse Runtime)
- **Snowflake Anaconda Channel only** - No conda-forge, no pip
- Container runtime allows PyPI packages

### Network & Access
- **No Azure Private Link / GCP Private Service Connect**
- **No replication** of Streamlit objects

## Authentication (Important - 2026 Deadline)

Password-only authentication is being deprecated:

| Milestone | Date | Requirement |
|-----------|------|-------------|
| Milestone 1 | Sept 2025 - Jan 2026 | MFA required for Snowsight users |
| Milestone 2 | May - July 2026 | All new users must use MFA |
| Milestone 3 | Aug - Oct 2026 | All users must use MFA or key-pair/OAuth |

**Recommended authentication methods:**
- Key-pair authentication (for service accounts)
- OAuth client credentials (for M2M)
- Workload Identity Federation (for cloud-native apps)

See references/authentication.md for implementation patterns.

## Resources

### Official Documentation
- [Streamlit in Snowflake](https://docs.snowflake.com/en/developer-guide/streamlit/about-streamlit)
- [Snowflake CLI Streamlit Commands](https://docs.snowflake.com/en/developer-guide/snowflake-cli/command-reference/streamlit-commands/overview)
- [Native Apps with Streamlit](https://docs.snowflake.com/en/developer-guide/native-apps/adding-streamlit)
- [Marketplace Publishing](https://docs.snowflake.com/en/developer-guide/native-apps/publish-guidelines)

### Examples
- [snowflake-demo-streamlit](https://github.com/Snowflake-Labs/snowflake-demo-streamlit)
- [native-apps-templates](https://github.com/snowflakedb/native-apps-templates)
- [GitLab's Streamlit Framework](https://about.gitlab.com/blog/how-we-built-a-structured-streamlit-application-framework-in-snowflake/)

### Tools
- [Snowpark Python Packages Explorer](https://snowpark-python-packages.streamlit.app/)
- [Snowflake MCP Server](https://github.com/Snowflake-Labs/mcp) (for Claude integration)

By JezWeb

How to Use This Skill Unit

Option A: Project-Specific (Recommended)

Click "Download" above
In your project, create the directory: .agent/skills/streamlit-snowflake/
Save the file as SKILL.md
The agent will automatically discover the skill based on its description.

Option B: Global Installation (All Agents)

Save the file to these locations to make it available across all projects:

Claude Code: ~/.claude/skills/jezweb/claude-skills/streamlit-snowflake/SKILL.md
Cursor: ~/.cursor/skills/jezweb/claude-skills/streamlit-snowflake/SKILL.md
Antigravity: ~/.gemini/antigravity/skills/jezweb/claude-skills/streamlit-snowflake/SKILL.md

🚀 Install with CLI:
npx skills add jezweb/claude-skills

Read the Master Guide: Mastering Agent Skills →

Recommended Rules

View more rules →

Recommended Workflows

View more workflows →

Pre-Flight Check

CI/CDTestingBuild

--- description: Run type checking, linting, and build verification before pushing --- 1. **Type Check**: - Ensure there are no TypeScript errors....

Setup Husky Git Hooks

GitAutomationQuality

--- description: Automate code quality checks with pre-commit and pre-push hooks --- 1. **Install Husky**: - Install husky and lint-staged. // ...

Setup Environment Variables Per Branch

DevOpsEnvironmentVercel

--- description: Configure different env vars for dev, staging, and production --- 1. **Local Development (.env.local)**: - Create `.env.local` fo...

Recommended MCP Servers

View more MCP servers →

Alkemi

Official

Query Snowflake, Google BigQuery, DataBricks Data Products through Alkemi.ai.

Dot (GetDot.ai)

Official

Fetch, analyze or visualize data from your favorite database or data warehouse (Snowflake, BigQuery, Redshift, Databricks, Clickhouse, ...) with [Dot](https://getdot.ai), your AI Data Analyst. This remote MCP server is a one-click integration for user that have setup Dot.