Skip to content

ADR-0001 — Connectors run inside Snowflake Stored Procedures

Status: accepted Date: 2026-05-31

Context

pinky-connect modules (http, notify, workday, insee) could run either inside Snowflake Stored Procedures or in an external service (a sidecar, a Lambda, an Airflow task). The choice has implications for deployment, secrets management, and operational surface.

Decision

All connectors run inside Snowflake Stored Procedures. No external scheduler, no intermediary service. Secrets are stored in Snowflake Secrets and injected at SP call time.

Consequences

  • No additional infrastructure to provision or operate.
  • Secret rotation happens in one place (Snowflake).
  • Network egress is subject to Snowflake's external network rules — requires EXTERNAL ACCESS INTEGRATION.
  • Large file handling (>100 MB) is constrained by SP memory — addressed separately by stream-to-stage (see features.md).
  • Connector logic is versionable, testable, and deployable via the same CI/CD as the rest of the suite.