Configure Cloud providers
Configure cloud providers in dbvr to use remote files in SQL commands.
Use this when your scripts or query results are stored in cloud storage instead of the local filesystem. For example, in CI/CD pipelines or shared environments.
Cloud configurations are defined as JSON files in the workspace and allow dbvr to access Azure Blob Storage, Google Cloud Storage, and Amazon S3.
Configuration¶
Cloud configurations are stored as JSON files in the workspace metadata directory:
Tip
For details on workspace paths, see Workspace location.
Each provider has its own file:
| File | Provider |
|---|---|
aws-clouds.json |
Amazon S3 |
azure-clouds.json |
Azure Blob Storage |
gcp-clouds.json |
Google Cloud Storage |
Create or edit these files manually to add or update cloud configurations.
AWS cloud configuration¶
Define AWS configs in aws-clouds.json.
Each config maps to one credential type from UI:
Important
Enable only one auth mode per config.
AWS profile¶
Uses a named profile from ~/.aws/credentials.
[
{
"defaultRegions": [
"us-east-1"
],
"credentials": {
"profileName": "<profileName>"
},
"cloudId": "aws_profile",
"cloudName": "AWS profile"
}
]
Info
Configure the AWS profile using the AWS CLI. For setup steps, see AWS CLI configuration.
Access/secret keys¶
Uses static credentials (access key + secret).
[
{
"defaultRegions": [
"us-east-1"
],
"credentials": {
"awsAccessKey": "<awsAccessKey>",
"awsSecretKey": "<awsSecretKey>"
},
"cloudId": "aws_keys",
"cloudName": "AWS (access/secret keys)"
}
]
Warning
Avoid hardcoding keys in CI.
Default credentials¶
Uses AWS default provider chain.
[
{
"defaultRegions": [
"us-east-1"
],
"credentials": {
"defaultAwsCredentials": true
},
"cloudId": "default_creds",
"cloudName": "AWS default"
}
]
Tip
For details on how the default credential chain works and how to configure it, see AWS SDK credential provider chain.
Azure cloud configuration¶
Define Azure configs in azure-clouds.json.
Each config maps to one credential type from UI:
Important
Enable only one auth mode per config.
Azure default credentials¶
Uses Azure default credential chain.
[
{
"credentials": {
"authType": "DEFAULT"
},
"cloudId": "azure_default",
"cloudName": "Azure default"
}
]
Enterprise application¶
Uses Azure AD application (client ID + tenant).
[
{
"credentials": {
"authType": "ENTERPRISE",
"clientId": "<clientId>",
"tenantId": "<tenantId>"
},
"cloudId": "azure_app",
"cloudName": "Azure enterprise app"
}
]
Client secret¶
Uses client ID + tenant ID + client secret.
[
{
"credentials": {
"authType": "CLIENT_SECRET",
"clientId": "<clientId>",
"clientSecret": "<clientSecret>",
"tenantId": "<tenantId>"
},
"cloudId": "azure_secret",
"cloudName": "Azure (client secret)"
}
]
Warning
Avoid hardcoding secrets in CI.
Client certificate¶
Uses certificate-based authentication.
[
{
"credentials": {
"authType": "CLIENT_CERTIFICATE",
"clientId": "<clientId>",
"clientCertificatePath": "<pathToCert>",
"tenantId": "<tenantId>"
},
"cloudId": "azure_cert",
"cloudName": "Azure (certificate)"
}
]
GCP cloud configuration¶
Define GCP configs in gcp-clouds.json.
Each config maps to one credential type from UI:
Important
Enable only one auth mode per config.
GCP default credentials¶
[
{
"credentials": {
"authType": "DEFAULT"
},
"cloudId": "gcp_default",
"cloudName": "GCP default"
}
]
Key file¶
[
{
"credentials": {
"authType": "SERVICE_ACCOUNT",
"serviceAccountConfigPath": "<pathToJsonKey>"
},
"cloudId": "gcp_key",
"cloudName": "GCP (key file)"
}
]
Web browser¶
[
{
"credentials": {
"authType": "WEB_BROWSER"
},
"cloudId": "gcp_browser",
"cloudName": "GCP (web browser)"
}
]
Note
Requires Google Cloud CLI (gcloud) to be installed and available in PATH.
OAuth (pregenerated)¶
[
{
"credentials": {
"authType": "OAUTH_PREGENERATED",
"accessToken": "<accessToken>"
},
"cloudId": "gcp_oauth",
"cloudName": "GCP (OAuth)"
}
]
Verify connectivity¶
After creating a configuration file, verify that dbvr can connect:
Info
See cloud list and cloud test.
Use with sql¶
Use cloud URIs with -in/-input-file and -out/-output-file in the
sql command.
Supported URI schemes:
| Provider | URI format |
|---|---|
| Azure Blob Storage | azb:///<path>?endpoint=https://<account>.blob.core.windows.net |
| Google Cloud Storage | gs://<bucket>/<path> |
| Amazon S3 | s3:///<bucket>/<path> |
Info
For usage examples, see how to use cloud storage with SQL.