CREATE IMAGE REPOSITORY

Creates a new image repository in the current schema.

See also:

DROP IMAGE REPOSITORY , SHOW IMAGE REPOSITORIES

Syntax

CREATE [ OR REPLACE ] IMAGE REPOSITORY [ IF NOT EXISTS ] <name>
  [ ENCRYPTION = ( TYPE = 'SNOWFLAKE_FULL' | TYPE = 'SNOWFLAKE_SSE' ) ]
Copy

Required parameters

name

Specifies the identifier (that is, the name) for the image repository; it must be unique for the schema in which the repository is created.

Quoted names for special characters or case-sensitive names are not supported. The same constraint also applies to database and schema names where you create an image repository. That is, database and schema names without quotes are valid when creating an image repository.

Optional parameters

Snowflake logo in black (no text) Preview Feature — Open

Specifying encryption for binaries stored in an image repository is a preview feature.

ENCRYPTION = ( TYPE = 'SNOWFLAKE_FULL' | TYPE = 'SNOWFLAKE_SSE' )

Specifies the type of encryption to use for binaries stored in the image repository. You cannot change the encryption type after you create the image repository.

TYPE = ...

Specifies the encryption type to use.

Possible values are the following:

  • SNOWFLAKE_FULL: On-host (image registry host) and server-side encryption. Data is first encrypted by Snowflake’s image registry service before sending the data to cloud service provider storage (for example, Amazon S3) where your Snowflake account is hosted.

    Snowflake uses AES-GCM with a 128-bit encryption key by default. You can configure a 256-bit key by setting the CLIENT_ENCRYPTION_KEY_SIZE parameter. All binaries are also automatically encrypted using AES-256 strong encryption on the server side.

  • SNOWFLAKE_SSE: Server-side encryption only. The binaries are encrypted by the cloud service provider (for example, Amazon S3) where your Snowflake account is hosted when they arrive on the image repository storage area.

Default: SNOWFLAKE_SSE

Access control requirements

A role used to execute this operation must have the following privileges at a minimum:

Privilege

Object

Notes

CREATE IMAGE REPOSITORY

Schema

The USAGE privilege on the parent database and schema are required to perform operations on any object in a schema.

For instructions on creating a custom role with a specified set of privileges, see Creating custom roles.

For general information about roles and privilege grants for performing SQL actions on securable objects, see Overview of Access Control.

Usage notes

  • Regarding metadata:

    Attention

    Customers should ensure that no personal data (other than for a User object), sensitive data, export-controlled data, or other regulated data is entered as metadata when using the Snowflake service. For more information, see Metadata fields in Snowflake.

  • The OR REPLACE and IF NOT EXISTS clauses are mutually exclusive. They can’t both be used in the same statement.

  • CREATE OR REPLACE <object> statements are atomic. That is, when an object is replaced, the old object is deleted and the new object is created in a single transaction.

Examples

Create an image repository:

CREATE OR REPLACE IMAGE REPOSITORY tutorial_repository;
Copy

Create an image repository with SNOWFLAKE_FULL encryption:

CREATE OR REPLACE IMAGE REPOSITORY tutorial_repository
ENCRYPTION = (type = 'SNOWFLAKE_FULL');
Copy
Language: English