Deploy CLI Tool Environment Variables and Keyword Mappings
Using environment variables and keyword mappings with the Deploy CLI Tool allows you to:
Use the same configuration file for all of your environments (e.g., dev, uat, staging, and prod).
Replace certain values in your configuration repo with environment-specific values. To use the keyword mappings, you can wrap the key in two ways:
@@key@@: Using the@symbols causes the tool to perform aJSON.stringifyon your value before replacing it. So if your value is a string, the tool will add quotes; if your value is an array or object, the tool will add braces.##key##: Using the#symbol causes the tool to perform a literal replacement; it will not add quotes or brackets.
By default, the CLI tool also merges your current environment variables and overrides AUTH0_KEYWORD_REPLACE_MAPPINGS that have the same top key. You can disable this via the command line with the --env=false option.
For example, you could specify a different JWT timeout in your dev environment, and then use prod for testing and a different environment URL.
Examples
Client.json
{
...
"callbacks": [
"##ENVIRONMENT_URL##/auth/callback"
],
"jwt_configuration": {
"lifetime_in_seconds": ##JWT_TIMEOUT##,
"secret_encoded": true
}
...
}Was this helpful?
"AUTH0_KEYWORD_REPLACE_MAPPINGS": {
"ENVIRONMENT_URL": "http://dev.travel0.com",
"JWT_TIMEOUT": 120,
...
}Was this helpful?
Prod Config.json
"AUTH0_KEYWORD_REPLACE_MAPPINGS": {
"ENVIRONMENT_URL": "http://travel0.com",
"JWT_TIMEOUT": 3600,
...
}Was this helpful?
Import client grants
If you want to use the same grants for other environments and import those variables with the Deploy CLI tool, you will need to do an extra step since API identifiers for Auth0's Management API are hardcoded.
Notice the identifier in the audience parameter in the following example:
clientGrants:
- client_id: My Machine 2 Machine Application
audience: 'https://source-tenant.us.auth0.com/api/v2/'
scope:
- 'read:client_grants'
- 'create:client_grants'
- 'delete:client_grants'Was this helpful?
The import will fail because the https://source-tenant.us.auth0.com/api/v2/ identifier won't exist in the target environment.
Solution
First, search for all Management API identifiers (https://source-tenant.us.auth0.com/api/v2/ from the example above) in the JSON or YAML source file. Replace the domain with a variable: https://##AUTH0_DOMAIN##/api/v2/.
Example:
clientGrants:
- client_id: API Explorer Application
- audience: 'https://##AUTH0_DOMAIN##/api/v2/'
- scope:
- 'read:client_grants'
- 'create:client_grants'Was this helpful?
Next, in the configuration file, include the AUTH0_DOMAIN in the list of variables to substitute in the AUTH0_KEYWORD_REPLACE_MAPPINGS entry.
Example:
{
"AUTH0_DOMAIN": "tenant-deploy-target.us.auth0.com",
"AUTH0_CLIENT_ID": "...",
"AUTH0_CLIENT_SECRET": "...",
"AUTH0_KEYWORD_REPLACE_MAPPINGS": {
"AUTH0_TENANT_NAME": "tenant-deploy-target",
"AUTH0_DOMAIN": "tenant-deploy-target.us.auth0.com"
},
"AUTH0_ALLOW_DELETE": false,
"AUTH0_EXCLUDED_RULES": [ "rule-1-name" ]
}Was this helpful?