Skip to main content

Authenticating to a Provider

See also:
[exec] [shell] [ StackQL Provider Registry ]

Authenticating to a cloud provider is often the first step in an StackQL routine. Meta commands such as SHOW and DESCRIBE can be run against a provider without authenticating, but SELECT, INSERT and EXEC commands generally require an authenticated session.

Authentication can be done in one of two ways, interactive (which requires a browser on the machine you are using) and non-interactive (using a service account key file or API credentials). Interactive authentication is not available for all providers, see the specific provider documentation in the StackQL Provider Registry for more information.


Here are some examples of various methods of provider authentication, it is important to see the supported options for your provider, see StackQL Provider Registry.


You can authenticate to multiple providers in the same interactive shell or non-interactive batch routine by supplying multiple authentication objects, for example:

AUTH='{ "google": { "credentialsfilepath": "creds/stackql-demo.json",  "type": "service_account" }, "okta": { "credentialsenvvar": "OKTA_SECRET_KEY", "type": "api_key" }}'

This is especially useful when you are joining data between multiple providers in a single query.

Service Account Key File Authentication

AUTH='{ "google": { "type": "service_account",  "credentialsfilepath": "creds/sa-key.json" }}
stackql shell --auth="${AUTH}"

Interactive Authentication

AUTH='{ "google": { "type": "interactive" }}
stackql shell --auth="${AUTH}"

Not supported for every provider, check the provider documentation at StackQL Provider Registry.

API Key Authentication

AUTH='{ "okta": { "type": "api_key", "credentialsenvvar": "OKTA_SECRET_KEY" }}'
stackql shell --auth="${AUTH}"