Config
Both global and local config files use the same schema.
version: 2
permissions: deny: - "*" allow: - select
inspect_cache: path: /home/you/.local/state/tonic/inspect-cache.db ttl: 168h
snowflake: browserauth_cache_dir: /home/you/.cache/snowflake
connections: warehouse: backend: snowflake permissions: allow: - update - transaction options: account: my-account user: my-user auth: browserauth browserauth_cache: true context: database: ANALYTICS schema: PUBLIC warehouse: COMPUTE_WH role: ANALYST
local-pg: backend: postgres options: host: localhost port: 5432 user: app sslmode: prefer context: database: app_db schema: public secrets: password_env: PGPASSWORD
scratch: backend: sqlite options: path: ./scratch.db
aurora: backend: mysql options: host: db.example.com port: 3306 user: app sslmode: preferred context: database: analytics secrets: password_env: MYSQL_PWDTop-Level Fields
Section titled “Top-Level Fields”| Field | Purpose |
|---|---|
version | Config schema version. Current value is 2. |
connections | Map of saved target names to backend-specific connection definitions. |
permissions | Inherited statement allow/deny defaults. |
inspect_cache | Persistent inspect cache path and TTL. |
snowflake | Shared Snowflake runtime settings. |
Backend Fields
Section titled “Backend Fields”| Backend | Options | Context | Secrets |
|---|---|---|---|
| Postgres | host, port, user, sslmode | database, schema | password_env |
| Snowflake | account, user, auth, browserauth_cache, private_key_path | database, schema, warehouse, role | password_env, private_key_passphrase_env |
| SQLite | path | none | none |
| MySQL | host, port, user, sslmode | database; schema accepted as alias | password_env |
Context aliases catalog and namespace are accepted where the backend maps them to database/schema concepts.
File Mode
Section titled “File Mode”When tonic saves config, it writes with mode 0600.