Hi @luke-cbs,
Thanks for reaching out to the Auth0 Community!
I understand you would like to store the Action secrets into your repo without exposing sensitive data.
The first thing to note is, by default, the Auth0 Deploy CLI will leverage Environment Variables to replace keywords in your YAML or JSON files.
So, when pushing the data to your repository, you could store your secrets as Environment Variables in your config.json file and reference them in your YAML file.
This way, you can accomplish version control without exposing sensitive data. To do so, you will need to use the AUTH0_KEYWORD_REPLACEMENT_MAPPINGS configuration property to set the appropriate mappings.
For example:
#config.json
{
"AUTH0_DOMAIN": "test-tenant.us.auth0.com",
"AUTH0_CLIENT_ID": "FOO",
"AUTH0_CLIENT_SECRET": "BAR",
"AUTH0_KEYWORD_REPLACE_MAPPINGS": {
"MONGO_URI": "YOUR_MONGO_URI"
}
}
#tenant.yaml
secrets: @@MONGO_URI@@
Here is a reference to the example: Keyword Replacement - Auth0 Deploy CLI
I hope this helps!
Please reach out if you have any additional questions.
Thank you.