Auth0 CLI and action secrets

Hi there!

I am busy working with the CLI and 2 tenants (dev and prod).

I have managed to export my dev tenant into a yaml file and we get something like:

    secrets:
      - name: MONGO_URI

Now I am wanting to then import this into my prod tenant. However I imagine the URI will not be populated. Is there a way we can add the secrets via the Yaml or some config? Or do we just have to ensure that they are populated?

I saw this: Auth0-deploy-cli directory configuration: Add secrets to action

However my concern here is if I wanted to push my tenants up to a repo I am now pushing secret data?

Is this expected best practice? Or what would be suggested?

Thanks!

Hi @luke-cbs,

Thanks for reaching out to the Auth0 Community!

I understand you would like to store the Action secrets into your repo without exposing sensitive data.

The first thing to note is, by default, the Auth0 Deploy CLI will leverage Environment Variables to replace keywords in your YAML or JSON files.

So, when pushing the data to your repository, you could store your secrets as Environment Variables in your config.json file and reference them in your YAML file.

This way, you can accomplish version control without exposing sensitive data. To do so, you will need to use the AUTH0_KEYWORD_REPLACEMENT_MAPPINGS configuration property to set the appropriate mappings.

For example:

#config.json
{
  "AUTH0_DOMAIN": "test-tenant.us.auth0.com",
  "AUTH0_CLIENT_ID": "FOO",
  "AUTH0_CLIENT_SECRET": "BAR",
  "AUTH0_KEYWORD_REPLACE_MAPPINGS": {
    "MONGO_URI": "YOUR_MONGO_URI"
  }
}
#tenant.yaml
  secrets: @@MONGO_URI@@

Here is a reference to the example: Keyword Replacement - Auth0 Deploy CLI

I hope this helps!

Please reach out if you have any additional questions.

Thank you.