Last Updated: Apr 1, 2025
Overview
When the AUTH0_PRESERVE_KEYWORDS is set to true in the config.json file of the Auth0 Deploy CLI as per Preserve Keywords on Export, for example:
"AUTH0_PRESERVE_KEYWORDS": true
The keyword replacement doesn’t work for some configurations, such as the action’s secret values:
secrets: [{ “name”: “secret-name”, “value”: “##SECRET_VALUE##” }]
After export, the value is removed, and the keyword is not preserved. Is there a way to preserve such values?
The issue issue happens with the flow actions as well.
{
"name": "Test Flow",
"actions": [
{
"id": "http_request_XhRz",
"type": "HTTP",
"action": "SEND_REQUEST",
"allow_failure": false,
"mask_output": false,
"params": {
"method": "POST",
"url": "https://api.example.com/accounts/##TEST_KW##",
"content_type": "JSON"
}
}
]
}
Applies To
- AUTH0_PRESERVE_KEYWORDS
- Auth0 Deploy CLI
- Keyword
Cause
This is a limitation of the keyword preservation feature. Arrays without specific identifiers are not eligible for preservation.
- Arrays without a specific identifiers are not eligible for preservation. For example:
["http://site.com/logout", "localhost:3000/logout", "##LOGOUT_URL##"]. This is because the ordering of these values are non-deterministic. Alternatively, to preserve these values, it is recommended to leverage the@@ARRAY_REPLACE@@keyword replace syntax with the entire value.
Solution
Use the @@ARRAY_REPLACE@@ syntax instead. Refer to the example below.
In the action config file:
"secrets": @@ACTION_SECRETS@@
And in the config.json file:
"AUTH0_KEYWORD_REPLACE_MAPPINGS": { "ACTION_SECRETS": [{ "name": "secret", "value": "value" }] }
It is also worth noting that the keyword preservation feature is not perfect and there are no guarantees on how successful preservation will be. It is estimated to work in the majority of cases, but there will be a few where it will not.
This is due to a number of technical challenges that are involved in preserving keywords. To learn more, read the original proposal for keyword preservation.