Deploy CLI Tool Environment Variables and Keyword Mappings

Deploy CLI Tool Environment Variables and Keyword Mappings

Using environment variables and keyword mappings with the Deploy CLI Tool allows you to:

  • Use the same configuration file for all of your environments (e.g., dev, uat, staging, and prod).

  • Replace certain values in your configuration repo with environment-specific values. To use the keyword mappings, you can wrap the key in two ways:

    • @@key@@: Using the @ symbols causes the tool to perform a JSON.stringify on your value before replacing it. So if your value is a string, the tool will add quotes; if your value is an array or object, the tool will add braces.

    • ##key##: Using the # symbol causes the tool to perform a literal replacement; it will not add quotes or brackets.

For example, you could specify a different JWT timeout in your dev environment, and then use prod for testing and a different environment URL.

Examples

Client.json

{
  ...
  "callbacks": [
    "##ENVIRONMENT_URL##/auth/callback"
  ],
  "jwt_configuration": {
    "lifetime_in_seconds": ##JWT_TIMEOUT##,
    "secret_encoded": true
  }
  ...
}

Was this helpful?

/
Dev Config.json

"AUTH0_KEYWORD_REPLACE_MAPPINGS": {
  "ENVIRONMENT_URL": "http://dev.travel0.com",
  "JWT_TIMEOUT": 120,
  ...
}

Was this helpful?

/

Prod Config.json

"AUTH0_KEYWORD_REPLACE_MAPPINGS": {
  "ENVIRONMENT_URL": "http://travel0.com",
  "JWT_TIMEOUT": 3600,
  ...
}

Was this helpful?

/

Import client grants

If you want to use the same grants for other environments and import those variables with the Deploy CLI tool, you will need to do an extra step since API identifiers for Auth0's Management API are hardcoded.

Notice the identifier in the audience parameter in the following example:

clientGrants:
  - client_id: My Machine 2 Machine Application
    audience: 'https://source-tenant.us.auth0.com/api/v2/'
    scope:
      - 'read:client_grants'
      - 'create:client_grants'
      - 'delete:client_grants'

Was this helpful?

/

The import will fail because the https://source-tenant.us.auth0.com/api/v2/ identifier won't exist in the target environment.

Solution

First, search for all Management API identifiers (https://source-tenant.us.auth0.com/api/v2/ from the example above) in the JSON or YAML source file. Replace the domain with a variable: https://##AUTH0_DOMAIN##/api/v2/.

Example:

clientGrants:
  - client_id: API Explorer Application
  - audience: 'https://##AUTH0_DOMAIN##/api/v2/'
  - scope:
      - 'read:client_grants'
      - 'create:client_grants'

Was this helpful?

/

Next, in the configuration file, include the AUTH0_DOMAIN in the list of variables to substitute in the AUTH0_KEYWORD_REPLACE_MAPPINGS entry.

Example:

{
"AUTH0_DOMAIN": "tenant-deploy-target.us.auth0.com",
"AUTH0_CLIENT_ID": "...",
"AUTH0_CLIENT_SECRET": "...",
"AUTH0_KEYWORD_REPLACE_MAPPINGS": { 
"AUTH0_TENANT_NAME": "tenant-deploy-target",
"AUTH0_DOMAIN": "tenant-deploy-target.us.auth0.com"
},
"AUTH0_ALLOW_DELETE": false,
"AUTH0_EXCLUDED_RULES": [ "rule-1-name" ]
}

Was this helpful?

/

Learn more