READ_DUCKLAKE and LIST_DUCKLAKE_FILES on every call, you reference the location by name.
A DuckLake location captures:
- The DuckLake catalog connection string — a PostgreSQL connection string that points to the catalog database. This is encrypted at rest because it usually contains a password.
- An optional S3 endpoint and storage credentials for the Parquet data files. Omit these when the data files live on a local filesystem.
- An optional default schema and table, so callers can reference the location without repeating them.
Syntax
Parameters
Common parameters
DuckLake parameters
Credentials
CREDENTIALS accepts AWS authentication fields in one of two combinations: key-based (AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY, optionally with AWS_SESSION_TOKEN) or role-based (AWS_ROLE_ARN, optionally with AWS_ROLE_EXTERNAL_ID). You must provide either the access-key pair or AWS_ROLE_ARN, and AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY must be supplied together.
Catalog-level and table-level locations
A DuckLake location can describe a whole catalog or a single table, depending on how much you embed in it.-
Catalog-level location. Set only
CATALOG(plusENDPOINTandCREDENTIALSif the data is in object storage). Callers supplySCHEMAandTABLEat the call site, so one location serves every table in the catalog. -
Table-level location. Also set
SCHEMAandTABLE. Callers can then reference the location with no further arguments.
SCHEMA or TABLE and the caller also passes one, the two values must match. Otherwise the query fails with a mismatch error.
Examples
Local catalog with on-disk data files
When the catalog is a local PostgreSQL instance and the Parquet files are on a local filesystem (for example, a Firebolt Core deployment),CATALOG is the only required field — no endpoint or credentials are needed:
Object storage with access key and secret
Object storage with a session token
Object storage with a role
The following example uses a role and includes a recommended external ID:For role-based AWS access you can additionally set an external ID. An external ID is a value you choose and control that AWS checks when Firebolt assumes your role, adding a second condition on top of your account’s unique IAM principal. Configuring one is a recommended best practice. See IAM roles.
AWS_ROLE_EXTERNAL_ID is optional. To assume the role without an external ID, omit it:
MinIO endpoint
DuckLake data files can be served from any S3-compatible store, such as MinIO:Related
- READ_DUCKLAKE — Read a DuckLake table using a location object.
- LIST_DUCKLAKE_FILES — List the data files behind a DuckLake table.
- DuckLake functions overview — All DuckLake functions in one place.
- Query DuckLake tables with Firebolt Core — A step-by-step guide to setting up a DuckLake catalog and reading it from Firebolt.
- DROP LOCATION — Remove a location object.