<aside> ⚠️ DEPRECATED!!! This guide migrated to our docs. Please view the current version at: https://docs.streamlit.io/en/stable/tutorial/bigquery.html

</aside>

Introduction

This guide explains how to securely access a BigQuery database from Streamlit sharing or Streamlit for Teams. It uses the google-cloud-bigquery library and Streamlit's secrets management (requires streamlit v0.80.0 or higher).

Step 1: Create a BigQuery database

<aside> 🏃 If you already have a database that you want to use, feel free to skip this step.

</aside>

For this example, we will simply use one of the sample datasets from BigQuery (namely the shakespeare table). If you want to create a new dataset instead, follow Google's quickstart guide.

Step 2: Enable the BigQuery API

Programmatic access to BigQuery is controlled through Google Cloud Platform. Create an account or sign in and head over to the APIs & Services dashboard (select or create a project if asked). As shown below, search for the BigQuery API and enable it (double click on images to enlarge):

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/bce97cc7-64b0-425a-9936-271d6c8afc62/Screenshot_2021-05-07_at_23.23.48.png

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/74ae9c99-2524-495d-ba60-2059615086c4/Screenshot_2021-05-07_at_23.40.34.png

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/2cb8a9d0-5981-45b1-a79e-9f65eb99c418/Screenshot_2021-05-07_at_23.41.25.png

Step 3: Create a service account & key file

To use the BigQuery API from the Streamlit Cloud, you need a Google Cloud Platform service account (a special account type for programmatic data access). Go to the Service Accounts page and create an account with the Viewer permission (this will let the account access data but not change it):

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/75a11e1e-4e66-4e4b-b1e5-514bfbae7f66/Screenshot_2021-04-13_at_20.25.23.png

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/d37b9fd6-c367-4e95-9b65-547e636bb6a8/Screenshot_2021-04-13_at_20.26.38.png

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/454d58a2-3470-428b-8c36-ce41e96cdafc/Screenshot_2021-04-13_at_20.26.55.png

<aside> ☝ If the button CREATE SERVICE ACCOUNT is gray, you don't have the correct permissions. Ask the admin of your Google Cloud project for help.

</aside>

After clicking DONE, you should be back on the service accounts overview. Create a JSON key file for the new account and download it:

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/1d82958b-5499-4e58-944a-e7650bda4fb3/Screenshot_2021-04-13_at_20.28.43.png

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/6a02c5ac-a928-4d19-9339-1e653bdb03d0/Screenshot_2021-04-13_at_20.29.54.png

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/778e5387-c989-49e8-9aa2-1336f4f8ef6e/Screenshot_2021-04-13_at_20.30.44.png

<aside> 🤫 Store the key file in a safe location and don't share it with anyone.

</aside>

Step 4: Add the key file to your local app secrets

Your local Streamlit app will read secrets from a file .streamlit/secrets.toml in your app's root dir. Create this file if it doesn't exist yet and add the content of the key file you just downloaded to it as shown below: