Skip to content
tonic

Config

Both global and local config files use the same schema.

version: 2


permissions:
  deny:
    - "*"
  allow:
    - select


inspect_cache:
  path: /home/you/.local/state/tonic/inspect-cache.db
  ttl: 168h


snowflake:
  browserauth_cache_dir: /home/you/.cache/snowflake


connections:
  warehouse:
    backend: snowflake
    permissions:
      allow:
        - update
        - transaction
    options:
      account: my-account
      user: my-user
      auth: browserauth
      browserauth_cache: true
    context:
      database: ANALYTICS
      schema: PUBLIC
      warehouse: COMPUTE_WH
      role: ANALYST


  local-pg:
    backend: postgres
    options:
      host: localhost
      port: 5432
      user: app
      sslmode: prefer
    context:
      database: app_db
      schema: public
    secrets:
      password_env: PGPASSWORD


  scratch:
    backend: sqlite
    options:
      path: ./scratch.db


  aurora:
    backend: mysql
    options:
      host: db.example.com
      port: 3306
      user: app
      sslmode: preferred
    context:
      database: analytics
    secrets:
      password_env: MYSQL_PWD


  lakehouse:
    backend: duckdb
    options:
      path: ./analytics.duckdb
      access_mode: automatic
      threads: 4
      memory_limit: 8GB
      temp_directory: ./tmp/duckdb
      max_temp_directory_size: 20GB
    context:
      database: analytics
      schema: marts

Top-Level Fields

Section titled “Top-Level Fields”
FieldPurpose
versionConfig schema version. Current value is 2.
connectionsMap of saved target names to backend-specific connection definitions.
permissionsInherited statement allow/deny defaults.
inspect_cachePersistent inspect cache path and TTL.
snowflakeShared Snowflake runtime settings.

Backend Fields

Section titled “Backend Fields”
BackendOptionsContextSecrets
Postgreshost, port, user, sslmodedatabase, schemapassword_env
Snowflakeaccount, user, auth, browserauth_cache, private_key_pathdatabase, schema, warehouse, rolepassword_env, private_key_passphrase_env
SQLitepathnonenone
MySQLhost, port, user, sslmodedatabase; schema accepted as aliaspassword_env
DuckDBpath, access_mode, threads, memory_limit, temp_directory, max_temp_directory_sizedatabase, schemanone

Context aliases catalog and namespace are accepted where the backend maps them to database/schema concepts.

DuckDB path is optional. When omitted, tonic opens an in-memory DuckDB database. Supported access_mode values are automatic, read_only, and read_write.

File Mode

Section titled “File Mode”

When tonic saves config, it writes with mode 0600.