Sharing Snapshots

Once a snapshot lives in Clonit Cloud (see Push & Pull via Cloud), you can share it so other people in your organization can find and pull it. Sharing is how a sanitized snapshot moves from “mine” to “the team’s” without anyone touching production again.

This page covers what sharing controls, how to share and unshare a snapshot, how the Shared filter works, and exactly which snapshots a given user is allowed to see and pull.

Note

Sharing applies only to snapshots that have been uploaded to Clonit Cloud. Local snapshots and snapshots in your own S3/R2 bucket are not affected by these controls. Make sure you have connected your agent and are signed in first.

What sharing does

Every cloud snapshot starts out private: only your organization’s owners and admins can see it. Sharing widens that audience:

• Share within the org — a single toggle that makes the snapshot visible and pullable to everyone in your organization, regardless of role.
• Share with a team (group) — grant access to a specific group of people instead of the whole org. Useful when only one team should pull a particular dataset.

Sharing never changes the snapshot’s contents or its checksum. It only changes who is allowed to list, download, and delete it.

Tip

Sanitize before you share. Sharing makes a snapshot reachable by more people, so run it through sanitization (and optionally cloud AI analysis) before you flip the share toggle.

Listing cloud snapshots

To see the snapshots your organization has in the cloud, run:

clonit cloud snapshots

The output includes a Shared column so you can tell at a glance which snapshots are shared org-wide:

ID        Target    Name                    Type       Size    Shared  Created
a1b2c3d4  mydb      mydb-20260622T120000    sanitized  120 MB  Yes     2026-06-22 12:00:00
e5f6g7h8  mydb      mydb-20260621T090000    snapshot   245 MB  No      2026-06-21 09:00:00

The ID column is the cloud snapshot ID (shown truncated). You’ll use it when pulling a specific snapshot from the cloud.

Note

clonit cloud snapshots requires a configured cloud connection. Without it, all core clonit operations still work standalone — see the Cloud Overview.

Sharing and unsharing a snapshot

Share and unshare are managed from the Cloud dashboard in the web UI. Start the web UI and open it in your browser:

clonit serve

Then open http://127.0.0.1:8484 and go to the Cloud section.

On the snapshots list, each row has a share control:

• A snapshot that is not shared shows a Share button. Click it to make the snapshot visible to your whole organization. The Shared column flips to Yes.
• A snapshot that is already shared shows a Shared indicator. Click it to unshare — the snapshot becomes private again and the column flips back to No.

Unsharing takes effect immediately: people who could only see the snapshot because it was shared will no longer find it in their listings.

Caution

Unsharing does not delete the snapshot or revoke any copies people have already pulled. It only stops new access through the cloud. If a snapshot was shared by mistake, unshare it and rotate the data if the contents were sensitive.

The Shared filter

The Cloud dashboard’s snapshot view has two tabs:

• All Snapshots — every cloud snapshot you’re allowed to see (see Who can see and pull a snapshot below).
• Shared — only the snapshots that are shared with your organization.

Switch to the Shared tab to focus on the snapshots that have been published for the team — this is usually where you’ll go to find a ready-to-pull, sanitized dataset that someone else built.

Sharing with a team

If you only want one team to access a snapshot — rather than the entire organization — you can share it with a group instead of toggling the org-wide share.

Groups in Clonit Cloud come from your identity provider via the external auth service (for example, the SSO groups you already use for your company). Clonit reads your group memberships when you sign in; it does not manage user accounts or group membership itself. See Sign In & Login for how identity works.

From the snapshot’s detail view in the Cloud dashboard, you can:

• Share with a group — grant a specific group access to that one snapshot.
• Remove a group share — revoke that group’s access.
• View group shares — see which groups currently have access.

A snapshot can be shared org-wide, shared with one or more groups, or both at the same time. Group shares are independent of the org-wide toggle, so you can grant a single team access without making the snapshot visible to everyone.

Who can see and pull a snapshot

The same access rules decide which snapshots appear in your listings (in the CLI and the web UI) and which ones you can pull. Access depends on your role in the organization:

• Owners and admins can see, pull, and delete every snapshot in the organization, shared or not.
• Members and viewers can see and pull a snapshot only if at least one of the following is true:
  • the snapshot is shared with the whole org, or
  • the snapshot is shared with a group you belong to, or
  • the snapshot was shared to your organization by another organization.

Snapshots you’re not allowed to access are simply hidden — they don’t show up in any listing, and trying to reach one directly behaves as if it doesn’t exist. This is deliberate: it avoids revealing that a snapshot exists at all.

Note

Roles in short: owner and admin have full access; member and viewer see only what’s been shared with them. Sharing a snapshot is the action that brings it into a member’s or viewer’s view.

Pulling a shared snapshot

Once a snapshot is shared with you, find its ID and pull it from the cloud:

# 1. Find the snapshot you're allowed to pull
clonit cloud snapshots

# 2. Pull it from the cloud by ID
clonit pull mydb --cloud --snapshot-id a1b2c3d4...

The --cloud flag tells clonit to download through Clonit Cloud (using a presigned URL) instead of a local storage profile, and --snapshot-id selects the exact cloud snapshot. After it downloads, load it into your dev database as usual:

clonit load mydb

For the full push/pull flow and verification options, see Push & Pull via Cloud.

Typical workflow

A common end-to-end flow for publishing a sanitized snapshot to your team:

# 1. Build and sanitize a snapshot locally
clonit build mydb
clonit sanitize mydb

# 2. Push the sanitized snapshot to the cloud
clonit push mydb --cloud

# 3. Share it (Cloud dashboard → snapshot → Share), then teammates pull it
clonit cloud snapshots          # teammate finds the shared snapshot + its ID
clonit pull mydb --cloud --snapshot-id <id>
clonit load mydb

See also

• Push & Pull via Cloud — upload and download cloud snapshots
• Connect Your Agent — register your agent with the cloud
• Sign In & Login — clonit login and how identity works
• Organizations & Teams — roles, members, and groups
• cloud command reference — all clonit cloud subcommands
• pull command reference — flags for pulling snapshots