name: streamlit-snowflake
description: |
Build and deploy Streamlit apps natively in Snowflake. Covers snowflake.yml scaffolding, Snowpark sessions, multi-page structure, Marketplace publishing as Native Apps, and caller's rights connections (v1.53.0+).

Use when building data apps on Snowflake, deploying SiS, fixing package channel errors, authentication issues, cache key bugs, or path resolution errors.
user-invocable: true
license: MIT
metadata:
last_verified: 2026-01-21
streamlit_version: 1.53.0
errors_prevented: 14

Streamlit in Snowflake Skill

Build and deploy Streamlit apps natively within Snowflake, including Marketplace publishing as Native Apps.

Quick Start

1. Initialize Project

Copy the templates to your project:

# Create project directory
mkdir my-streamlit-app && cd my-streamlit-app

# Copy templates (Claude will provide these)

2. Configure snowflake.yml

Update placeholders in snowflake.yml:

definition_version: 2
entities:
  my_app:
    type: streamlit
    identifier: my_streamlit_app        # ← Your app name
    stage: my_app_stage                 # ← Your stage name
    query_warehouse: my_warehouse       # ← Your warehouse
    main_file: streamlit_app.py
    pages_dir: pages/
    artifacts:
      - common/
      - environment.yml

3. Deploy

# Deploy to Snowflake
snow streamlit deploy --replace

# Open in browser
snow streamlit deploy --replace --open

When to Use This Skill

Use when:
- Building data apps that run natively in Snowflake
- Need Snowpark integration for data access
- Publishing apps to Snowflake Marketplace
- Setting up CI/CD for Streamlit in Snowflake

Don't use when:
- Hosting Streamlit externally (use Streamlit Community Cloud)
- Building general Snowpark pipelines (use a Snowpark-specific skill)
- Need custom Streamlit components (not supported in SiS)

Runtime Environments

Snowflake offers two runtime options for Streamlit apps:

Warehouse Runtime (Default)

• Creates a personal instance for each viewer
• Uses environment.yml with Snowflake Anaconda Channel
• Python 3.9, 3.10, or 3.11
• Streamlit 1.22.0 - 1.35.0
• Best for: Sporadic usage, isolated sessions

Container Runtime (Preview)

• Creates a shared instance for all viewers
• Uses requirements.txt or pyproject.toml with PyPI packages
• Python 3.11 only
• Streamlit 1.49+
• Significantly lower cost (~$2.88/day vs ~$48/day for equivalent compute)
• Best for: Frequent usage, cost optimization

Container Runtime Configuration:

CREATE STREAMLIT my_app
  FROM '@my_stage/app_folder'
  MAIN_FILE = 'streamlit_app.py'
  RUNTIME_NAME = 'SYSTEM$ST_CONTAINER_RUNTIME_PY3_11'
  COMPUTE_POOL = my_compute_pool
  QUERY_WAREHOUSE = my_warehouse;

Key difference: Container runtime allows external PyPI packages - not limited to Snowflake Anaconda Channel.

See: Runtime Environments

Security Model

Streamlit apps support two privilege models:

Owner's Rights (Default)

• Apps execute with the owner's privileges, not the viewer's
• Apps use the warehouse provisioned by the owner
• Viewers can interact with data using all owner role privileges

Security implications:
- Exercise caution when granting write privileges to app roles
- Use dedicated roles for app creation/viewing
- Viewers can access any data the owner role can access
- Best for: Internal tools with trusted users

Caller's Rights (v1.53.0+)

• Apps execute with the viewer's privileges
• Each viewer sees only data they have permission to access
• Provides data isolation in multi-tenant scenarios

Use caller's rights when:
- Building public or external-facing apps
- Need per-user data access control
- Multi-tenant applications requiring data isolation

See Caller's Rights Connection pattern below.

Project Structure

my-streamlit-app/
├── snowflake.yml           # Project definition (required)
├── environment.yml         # Package dependencies (required)
├── streamlit_app.py        # Main entry point
├── pages/                  # Multi-page apps
│   └── data_explorer.py
├── common/                 # Shared utilities
│   └── utils.py
└── .gitignore

Key Patterns

Snowpark Session Connection

import streamlit as st

# Get Snowpark session (native SiS connection)
conn = st.connection("snowflake")
session = conn.session()

# Query data
df = session.sql("SELECT * FROM my_table LIMIT 100").to_pandas()
st.dataframe(df)

Caller's Rights Connection (v1.53.0+)

Execute queries with viewer's privileges instead of owner's privileges:

import streamlit as st

# Use caller's rights for data isolation
conn = st.connection("snowflake", type="callers_rights")

# Each viewer sees only data they have permission to access
df = conn.query("SELECT * FROM sensitive_customer_data")
st.dataframe(df)

Security comparison:

Source: Streamlit v1.53.0 Release

Caching Expensive Queries

@st.cache_data(ttl=600)  # Cache for 10 minutes
def load_data(query: str):
    conn = st.connection("snowflake")
    return conn.session().sql(query).to_pandas()

# Use cached function
df = load_data("SELECT * FROM large_table")

Warning: In Streamlit v1.22.0-1.53.0, params argument is not included in cache key. Use ttl=0 to disable caching when using parametrized queries, or upgrade to 1.54.0+ when available (Issue #13644).

Optimizing Snowpark DataFrame Performance

When using Snowpark DataFrames with charts or tables, select only required columns to avoid fetching unnecessary data:

# ❌ Fetches all 50 columns even though chart only needs 2
df = session.table("wide_table")  # 50 columns
st.line_chart(df, x="date", y="value")

# ✅ Fetch only needed columns for better performance
df = session.table("wide_table").select("date", "value")
st.line_chart(df, x="date", y="value")
# 5-10x faster for wide tables

Why it matters: st.dataframe() and chart components call df.to_pandas() which evaluates ALL columns, even if the visualization only needs some. Pre-selecting columns reduces data transfer and improves performance (Issue #11701).

Environment Configuration

environment.yml (required format):

name: sf_env
channels:
  - snowflake          # REQUIRED - only supported channel
dependencies:
  - streamlit=1.35.0   # Explicit version (default is old 1.22.0)
  - pandas
  - plotly
  - altair=4.0         # Version 4.0 supported in SiS
  - snowflake-snowpark-python

Error Prevention

This skill prevents 14 documented errors:

Deployment Commands

Basic Deployment

# Deploy and replace existing
snow streamlit deploy --replace

# Deploy and open in browser
snow streamlit deploy --replace --open

# Deploy specific entity (if multiple in snowflake.yml)
snow streamlit deploy my_app --replace

CI/CD Deployment

See references/ci-cd.md for GitHub Actions workflow template.

Marketplace Publishing (Native App)

To publish your Streamlit app to Snowflake Marketplace:

1. Convert to Native App - Use templates-native-app/ templates
2. Create Provider Profile - Required for Marketplace listings
3. Submit for Approval - Snowflake reviews before publishing

See templates-native-app/README.md for complete workflow.

Native App Structure

my-native-app/
├── manifest.yml            # Native App manifest
├── setup.sql               # Installation script
├── streamlit/
│   ├── environment.yml
│   ├── streamlit_app.py
│   └── pages/
└── README.md

Package Availability

Only packages from the Snowflake Anaconda Channel are available:

-- Query available packages
SELECT * FROM information_schema.packages
WHERE language = 'python'
ORDER BY package_name;

-- Search for specific package
SELECT * FROM information_schema.packages
WHERE language = 'python'
AND package_name ILIKE '%plotly%';

Common available packages:
- pandas, numpy, scipy
- plotly, altair (4.0), matplotlib
- scikit-learn, xgboost
- snowflake-snowpark-python
- streamlit (1.22.0 default, 1.35.0 with explicit version)

Not available:
- Packages from conda-forge
- Custom/private packages
- Packages requiring native compilation

See: Snowpark Python Packages Explorer

Known Limitations

Data & Size Limits

• 32 MB message size between backend/frontend (affects large st.dataframe)
• 200 MB file upload limit via st.file_uploader
• No .so files - Native compiled libraries unsupported
• No external stages - Internal stages only (client-side encryption)

UI Restrictions

• st.set_page_config - page_title, page_icon, menu_items not supported
• st.bokeh_chart - Not supported
• Custom Streamlit components - Only components without external service calls
• Content Security Policy - Blocks external scripts, styles, fonts, iframes
• eval() blocked - CSP prevents unsafe JavaScript execution

Caching (Warehouse Runtime)

• Session-scoped only - st.cache_data and st.cache_resource don't persist across users
• Container runtime has full caching support across viewers

Package Restrictions (Warehouse Runtime)

• Snowflake Anaconda Channel only - No conda-forge, no pip
• Container runtime allows PyPI packages

Network & Access

• No Azure Private Link / GCP Private Service Connect
• No replication of Streamlit objects

Authentication (Important - 2026 Deadline)

Password-only authentication is being deprecated:

Recommended authentication methods:
- Key-pair authentication (for service accounts)
- OAuth client credentials (for M2M)
- Workload Identity Federation (for cloud-native apps)

See references/authentication.md for implementation patterns.

Resources

Official Documentation

• Streamlit in Snowflake
• Snowflake CLI Streamlit Commands
• Native Apps with Streamlit
• Marketplace Publishing

Examples

• snowflake-demo-streamlit
• native-apps-templates
• GitLab's Streamlit Framework

Tools

• Snowpark Python Packages Explorer
• Snowflake MCP Server (for Claude integration)