Keyword Preservation not Working with Action Secrets

Problem statement

Keyword replacement for Action’s secret values does not work with the Auth0 CLI Tool. For example:

secrets: [{ "name": "secret-name", "value": "##SECRET_VALUE##" }]

After export, the value is removed, and the keyword is not preserved. Is there a way to preserve such values?


This is a limitation of the keyword preservation feature. Arrays without specific identifiers are not eligible for preservation:

Arrays without a specific identifiers are not eligible for preservation. Ex: [""", "localhost:3000/logout", "##LOGOUT_URL##"]. This is because the ordering of these values are non-deterministic. Alternatively, to preserve these values, it is recommended to leverage the @@ARRAY_REPLACE@@ keyword replace syntax with the entire value.

In short, it is necessary to use the @@ARRAY_REPLACE@@ syntax instead. Refer to the example below.

In the Action config file:

"secrets": @@ACTION_SECRETS@@

And in the config.json file:

    "name": "secret",
    "value": "value"

It’s also worth noting that the keyword preservation feature is not perfect and there are no guarantees on how successful preservation will be. It is estimated to work in the majority of cases but there will be a few where it will not.

This is due to a number of technical challenges that are involved in preserving keywords. To learn more, read the original proposal for keyword preservation.