DESCRIBE SECRET¶
Describes the properties of a secret.
DESCRIBE can be abbreviated to DESC.
- See also:
Syntax¶
{ DESC | DESCRIBE } SECRET <name>
Parameters¶
name
Specifies the identifier for the secret to describe. If the identifier contains spaces or special characters, the entire string must be enclosed in double quotes. Identifiers enclosed in double quotes are also case-sensitive.
Output¶
The command output provides secret properties and metadata in the following columns:
Column |
Description |
---|---|
|
Date and time when the secret was created. |
|
Name of the secret. |
|
Name of the schema that contains the secret. |
|
Name of the database that contains the secret. |
|
Name of the role that owns the secret. |
|
Comment for the secret or NULL if a comment is not specified. |
|
Either |
|
The username that is stored in the secret. |
|
The timestamp as a string when the OAuth access token expires. |
|
The timestamp as a string when the OAuth refresh token expires or NULL if the secret does not store this value. |
|
A comma-separated list of scopes to use when making a request from the OAuth server by a role with USAGE on the integration during the OAuth client credentials flow or NULL if there are no scopes. |
|
The name of the External API Authentication integration that is referenced in the secret or NULL if the secret does not reference an External API Authentication integration. |
Access control requirements¶
A role used to execute this SQL command must have the following privileges at a minimum:
Privilege |
Object |
Notes |
---|---|---|
USAGE |
Secret |
The USAGE privilege on the parent database and schema are required to perform operations on any object in a schema.
For instructions on creating a custom role with a specified set of privileges, see Creating custom roles.
For general information about roles and privilege grants for performing SQL actions on securable objects, see Overview of Access Control.
Usage notes¶
Snowflake never returns the
PASSWORD
property value.
To post-process the output of this command, you can use the RESULT_SCAN function, which treats the output as a table that can be queried.
Examples¶
Describe the secret:
DESC SECRET service_now_creds_pw;