Import/Export Tenant Configuration to YAML File
The Deploy CLI tool's YAML option supports the exporting to and importing of an Auth0 tenant configuration using a YAML file.
Import tenant configuration
To import an Auth0 tenant configuration:
Copy
config.json.example
, making sure to replace the placeholder values with the values specific to your configuration.Use theto configure this snippet with your account
{ "AUTH0_DOMAIN": "{yourDomain}", "AUTH0_CLIENT_ID": "{yourClientId}", "AUTH0_CLIENT_SECRET": "{yourClientSecret}", "AUTH0_KEYWORD_REPLACE_MAPPINGS": { "AUTH0_TENANT_NAME": "{yourAccountName}", "ENV": "DEV" }, "AUTH0_ALLOW_DELETE": false, "AUTH0_EXCLUDED_RULES": [ "rule-1-name", "rule-2-name" ], "INCLUDED_PROPS": { "clients": [ "client_secret" ] }, "EXCLUDED_PROPS": { "connections": [ "options.client_secret" ] } }
Was this helpful?
/client ID
and secret from your newly-created application. If you followed our guide to create the application, the client is namedauth0-deploy-cli
.By default, the tool merges with your current environment variables and overrides the
config.json
file (which has the same top key). You can use the--no-env
option to disable the override via the command line. You can either set the environment variables, or you can place the values in a configuration file anywhere on the file system that is accessible by the Deploy CLI Tool.Deploy using the following command:
a0deploy import --config_file config.json --input_file tenant.yaml
Was this helpful?
/
Example: configuration file
Here is an example of a config.json
file:
to configure this snippet with your account
{
"AUTH0_DOMAIN": "{yourDomain}",
"AUTH0_CLIENT_SECRET": "<yourClientSecret}",
"AUTH0_CLIENT_ID": "{yourClientId}",
"AUTH0_KEYWORD_REPLACE_MAPPINGS": {
"YOUR_ARRAY_KEY": [
"http://localhost:8080",
"https://somedomain.com"
],
"YOUR_STRING_KEY": "{someEnvironmentSpecificString}"
},
"AUTH0_ALLOW_DELETE": false,
"INCLUDED_PROPS": {
"clients": [ "client_secret" ]
},
"EXCLUDED_PROPS": {
"connections": [ "options.client_secret" ],
"emailProvider": ["name", "credentials", "default_from_address", "enabled"]
},
"AUTH0_EXCLUDED_RULES": [ "auth0-account-link-extension" ],
"AUTH0_EXCLUDED_CLIENTS": [ "auth0-account-link" ],
"AUTH0_EXCLUDED_RESOURCE_SERVERS": [ "SSO Dashboard API" ],
"AUTH0_EXCLUDED_DEFAULTS": ["emailProvider"]
}
Was this helpful?
Import configuration example
The following is an example of an import config file called tenant.yaml
. For full details on everything that can be included, please see the Deploy CLI tool's repository.
tenant:
# Any tenant settings can go here https://auth0.com/docs/api/management/v2#!/Tenants/get_settings
friendly_name: 'Auth0 Deploy Example'
pages:
- name: "login"
html: "pages/login.html"
- name: "password_reset"
html: "pages/password_reset.html"
- name: "guardian_multifactor"
html: "pages/guardian_multifactor.html"
enabled: false
- name: "error_page"
html: "pages/error_page.html"
clients:
-
name: "My SPA"
app_type: "spa"
# Add other client settings https://auth0.com/docs/api/management/v2#!/Clients/post_clients
-
name: "My M2M"
app_type: "non_interactive"
# Add other client settings https://auth0.com/docs/api/management/v2#!/Clients/post_clients
databases:
- name: "users"
enabled_clients:
- "My SPA"
options:
enabledDatabaseCustomization: true
customScripts:
login: "databases/users/login.js"
create: "databases/users/create.js"
delete: "databases/users/delete.js"
get_user: "databases/users/get_user.js"
change_email: "databases/users/change_email.js"
change_password: "databases/users/change_password.js"
verify: "databases/users/verify.js"
connections:
- name: "myad-waad"
strategy: "waad"
enabled_clients:
- "My SPA"
options:
tenant_domain: 'office.com'
client_id: 'some_client_id'
client_secret: 'some_client_secret'
domain: 'office.com'
waad_protocol: 'openid-connect'
api_enable_users: true
basic_profile: true
ext_profile: true
ext_groups: true
# Add other connection settings (https://auth0.com/docs/api/management/v2#!/Connections/post_connections)
rules:
- name: "Common-Functions"
order: 10
script: "rules/enrich_tokens.js"
rulesConfigs:
# Key/Value pairs for Rule configuration settings
- key: "SOME_SECRET"
value: 'some_key'
hooks:
- name: "Client Credentials Exchange"
triggerId: "credentials-exchange"
enabled: true
secrets:
api-key: "my custom api key"
dependencies:
bcrypt: "3.0.6"
script: "hooks/client-credentials-exchange.js"
resourceServers:
-
name: "My API"
identifier: "https://##ENV##.myapp.com/api/v1"
scopes:
- value: "update:account"
description: "update account"
- value: "read:account"
description: "read account"
# Add other resource server settings (https://auth0.com/docs/api/management/v2#!/Resource_Servers/post_resource_servers)
emailProvider:
name: "smtp"
enabled: true
credentials:
smtp_host: "smtp.mailtrap.io"
smtp_port: 2525
smtp_user: "smtp_user"
smtp_pass: "smtp_secret_password"
emailTemplates:
- template: "verify_email"
enabled: true
syntax: "liquid"
from: "test@email.com"
subject: "something"
body: "emails/change_email.html"
- template: "welcome_email"
enabled: true
syntax: "liquid"
from: "test@email.com"
subject: "something"
body: "emails/change_email.html"
clientGrants:
- client_id: "My M2M"
audience: "https://##ENV##.myapp.com/api/v1"
scope:
- "update:account"
guardianFactors:
- name: sms
enabled: true
- name: push-notification
enabled: true
- name: otp
enabled: true
- name: email
enabled: false
- name: duo
enabled: false
guardianFactorProviders:
- name: sms
provider: twilio
auth_token: "some_token"
sid: "some_sid"
messaging_service_sid: "some_message_sid"
guardianFactorTemplates:
- name: sms
enrollment_message: >-
{{code}} is your verification code for {{tenant.friendly_name}}. Please
enter this code to verify your enrollment.
verification_message: '{{code}} is your verification code for {{tenant.friendly_name}}'
roles:
- name: Admin
description: App Admin
permissions:
- permission_name: 'update:account'
resource_server_identifier: 'https://##ENV##.myapp.com/api/v1'
- permission_name: 'read:account'
resource_server_identifier: 'https://##ENV##.myapp.com/api/v1'
- name: User
description: App User
permissions:
- permission_name: 'read:account'
resource_server_identifier: 'https://##ENV##.myapp.com/api/v1'
organizations:
- name: testorg1
connections:
- name: Username-Password-Authentication
assign_membership_on_login: false
display_name: Test Org1
Was this helpful?
Export tenant configuration
To export your current tenant configuration, run a command that's similar to:
a0deploy export --config_file config.json --format yaml --output_folder path/to/export
Was this helpful?
When importing objects into Auth0 tenants, Auth0 generates new IDs. To avoid import failure, identifier fields are stripped from the Auth0 objects on export by default. To override this behavior, use --export_ids
or AUTH0_EXPORT_IDENTIFIERS: true
.
Limitations
Some of the settings cannot be exported, such as rulesConfigs
values. After exporting, you may need to update the values in tenant.yaml
if you see schema-related errors during the import process.
To learn more, see Deploy CLI Tool Environment Variables and Keyword Mappings.