A0deploy export fails with Problem exporting databases

Tried to export my tenant which I have done many times in the past and got an error. Updated to the latest CLI ("auth0-deploy-cli": "^8.8.2") and got slightly different error messages. Did some research and found a support topic that mentioned using a newer Node runtime fixed their issue, so I updated from super-old Node12 to Node22 and now I receive this error when trying to export:

2025-05-16T14:33:48.029Z - error: Problem running command export
2025-05-16T14:33:48.029Z - error: Problem exporting databases

Here is the full log:

2025-05-16T14:32:12.971Z - warn: Usage of the AUTH0_EXCLUDED_CLIENTS exclusion param is deprecated and may be removed from future major versions. See: https://github.com/auth0/auth0-deploy-cli/issues/451#user-content-deprecated-exclusion-props for details.
2025-05-16T14:32:12.972Z - info: To enable experimental early access features use --experimental_ea flag or set AUTH0_EXPERIMENTAL_EA=true in configuration JSON.
2025-05-16T14:32:13.215Z - info: Loading Auth0 Tenant Data
2025-05-16T14:32:13.515Z - info: Retrieving rules data from Auth0
2025-05-16T14:32:13.645Z - info: Retrieving rulesConfigs data from Auth0
2025-05-16T14:32:13.920Z - info: Retrieving hooks data from Auth0
2025-05-16T14:32:14.112Z - info: Retrieving pages data from Auth0
2025-05-16T14:32:14.201Z - info: Retrieving resourceServers data from Auth0
2025-05-16T14:32:14.314Z - info: Retrieving clients data from Auth0
2025-05-16T14:32:14.697Z - info: Retrieving databases data from Auth0
2025-05-16T14:32:15.236Z - info: Reviewing connections for SCIM support. This may take a while...
2025-05-16T14:32:15.237Z - info: Retrieving connections data from Auth0
2025-05-16T14:32:15.348Z - warn: The following tenant flags have not been updated because deemed incompatible with the target tenant: allow_changing_enable_sso, disable_impersonation, new_universal_login_experience_enabled, universal_login
      These flags can likely be removed from the tenant definition file. If you believe this removal is an error, please report via a Github issue.
2025-05-16T14:32:15.349Z - info: Retrieving tenant data from Auth0
2025-05-16T14:32:15.457Z - info: Retrieving emailProvider data from Auth0
2025-05-16T14:32:24.061Z - info: Retrieving emailTemplates data from Auth0
2025-05-16T14:32:24.209Z - info: Retrieving clientGrants data from Auth0
2025-05-16T14:32:24.333Z - info: Retrieving guardianFactors data from Auth0
2025-05-16T14:32:24.434Z - info: Retrieving guardianFactorProviders data from Auth0
2025-05-16T14:32:24.517Z - info: Retrieving guardianFactorTemplates data from Auth0
2025-05-16T14:32:24.633Z - info: Retrieving guardianPolicies data from Auth0
2025-05-16T14:32:24.724Z - info: Retrieving guardianPhoneFactorSelectedProvider data from Auth0
2025-05-16T14:32:26.526Z - info: Retrieving guardianPhoneFactorMessageTypes data from Auth0
2025-05-16T14:32:26.812Z - info: Retrieving roles data from Auth0
2025-05-16T14:32:28.813Z - info: Retrieving branding data from Auth0
2025-05-16T14:32:28.877Z - warn: Cannot retrieve phoneProviders due to missing scopes: read:phone_providers
2025-05-16T14:33:35.881Z - warn: Partial Prompts feature is not supported for the tenant
2025-05-16T14:33:35.897Z - warn: Partial Prompts feature is not supported for the tenant
2025-05-16T14:33:38.032Z - warn: Partial Prompts feature is not supported for the tenant
2025-05-16T14:33:38.032Z - info: Retrieving prompts data from Auth0
2025-05-16T14:33:38.123Z - info: Retrieving actions data from Auth0
2025-05-16T14:33:43.008Z - info: Retrieving triggers data from Auth0
2025-05-16T14:33:47.103Z - info: Retrieving organizations data from Auth0
2025-05-16T14:33:47.257Z - info: Retrieving attackProtection data from Auth0
2025-05-16T14:33:47.356Z - info: Retrieving logStreams data from Auth0
2025-05-16T14:33:47.437Z - info: Retrieving customDomains data from Auth0
2025-05-16T14:33:47.577Z - info: Retrieving themes data from Auth0
2025-05-16T14:33:47.658Z - warn: Cannot retrieve forms due to missing scopes: read:flows
2025-05-16T14:33:47.724Z - warn: Cannot retrieve flows due to missing scopes: read:flows
2025-05-16T14:33:47.793Z - warn: Cannot retrieve flowVaultConnections due to missing scopes: read:flows_vault_connections
2025-05-16T14:33:47.910Z - warn: Cannot retrieve selfServiceProfiles due to missing scopes: read:self_service_profiles
2025-05-16T14:33:47.999Z - info: Retrieving networkACLs data from Auth0
2025-05-16T14:33:48.000Z - info: Writing exports/dev/pages/login.html
2025-05-16T14:33:48.002Z - info: Writing exports/dev/pages/password_reset.html
2025-05-16T14:33:48.020Z - info: Writing exports/dev/emailTemplates/verify_email.html
2025-05-16T14:33:48.020Z - info: Writing exports/dev/emailTemplates/verify_email_by_code.html
2025-05-16T14:33:48.021Z - info: Writing exports/dev/emailTemplates/reset_email.html
2025-05-16T14:33:48.021Z - info: Writing exports/dev/emailTemplates/welcome_email.html
2025-05-16T14:33:48.021Z - info: Writing exports/dev/emailTemplates/blocked_account.html
2025-05-16T14:33:48.021Z - info: Writing exports/dev/emailTemplates/stolen_credentials.html
2025-05-16T14:33:48.022Z - info: Writing exports/dev/emailTemplates/mfa_oob_code.html
2025-05-16T14:33:48.022Z - info: Writing exports/dev/emailTemplates/user_invitation.html
2025-05-16T14:33:48.024Z - info: Writing exports/dev/actions/Restrict Access to Web Apps/code.js
2025-05-16T14:33:48.024Z - info: Writing exports/dev/actions/Add roles to tokens/code.js
2025-05-16T14:33:48.026Z - info: Exporting rules
2025-05-16T14:33:48.026Z - info: Exporting rulesConfigs
2025-05-16T14:33:48.026Z - info: Exporting hooks
2025-05-16T14:33:48.026Z - info: Exporting pages
2025-05-16T14:33:48.026Z - info: Exporting clientGrants
2025-05-16T14:33:48.026Z - info: Exporting resourceServers
2025-05-16T14:33:48.027Z - info: Exporting clients
2025-05-16T14:33:48.028Z - info: Exporting connections
2025-05-16T14:33:48.028Z - info: Exporting tenant
2025-05-16T14:33:48.028Z - info: Exporting emailProvider
2025-05-16T14:33:48.028Z - info: Exporting emailTemplates
2025-05-16T14:33:48.028Z - info: Exporting guardianFactors
2025-05-16T14:33:48.028Z - info: Exporting guardianFactorProviders
2025-05-16T14:33:48.028Z - info: Exporting guardianFactorTemplates
2025-05-16T14:33:48.028Z - info: Exporting roles
2025-05-16T14:33:48.028Z - info: Exporting guardianPhoneFactorMessageTypes
2025-05-16T14:33:48.028Z - info: Exporting guardianPhoneFactorSelectedProvider
2025-05-16T14:33:48.028Z - info: Exporting guardianPolicies
2025-05-16T14:33:48.028Z - info: Exporting actions
2025-05-16T14:33:48.028Z - info: Exporting organizations
2025-05-16T14:33:48.028Z - info: Exporting triggers
2025-05-16T14:33:48.028Z - info: Exporting attackProtection
2025-05-16T14:33:48.028Z - info: Exporting branding
2025-05-16T14:33:48.028Z - info: Exporting logStreams
2025-05-16T14:33:48.028Z - info: Exporting prompts
2025-05-16T14:33:48.028Z - info: Exporting customDomains
2025-05-16T14:33:48.028Z - info: Exporting themes
2025-05-16T14:33:48.029Z - error: Problem running command export
2025-05-16T14:33:48.029Z - error: Problem exporting databases

Any ideas on how I can resolve this problem? We are having a separate issue where folks in our production tenant seem to get forced to log on more than they should and I want to export both tenants and compare to make sure something isn’t off somewhere (since I don’t see this behavior using our development tenant).

FWIW, I have exported this tenant many times in the past. Not sure why it quit working. The last time I exported it was probably around 6 months ago. Let me know if there are any other details I can provide… thanks!

Hi @jeff_gg

Welcome to the Auth0 Community!

By any chance, do you have any databases which are using a custom database connection?

If so, there is a recently opened issue on Github:

In the meantime, you can use “AUTH0_EXCLUDED”: [“databases”] as a workaround in order to export all the other configuration.

Let me know if you have any other questions!

Kind Regards,
Nik

1 Like

Thanks for the reply Nik!

I do not have “Use my own database” enabled on my database connection. As far as I know, I have never touched it (other than to allow my applications to access it).

Having said that, adding the "AUTH0_EXCLUDED": ["databases"] to my config JSON did allow me to complete the export. Thanks for the workaround!

I was experiencing the same issue and solved it. It comes down to aodeploy having no logging when something goes wrong. The issue is simply that your a0deploy machine to machine application you are using to run the deploy commands through doesnt have the required scopes. I can only assume the required scopes have changed sometime recently.

Anyway, solution is to just go into your m2m application and update its scopes (i set it to all scopes since im the only one who uses it. If you want to be more secure about it you can whackamole trying new scopes until it works.