ManagementClient and secrets with cli deployment

libor.vozdek · July 14, 2023, 10:15am

Hi,
I’m working on a migration from Rules to Actions. One of the changes for me was a change in how we are initiating ManagementClient , I have used this help topic as my bases:

Setting up new application, and then storing the clientid and secret in action’s secrets. This works fine when I’m setting this manually.
But now I need to set up deployment using a0deploy with the tenants.yaml.
So for Application(client), it is easy:

clients:
  - name: XYZClientManagement
    app_type: non_interactive
...

but for the action, how do I now reference the generated client_id and client_secret? I basically need something like this? Is it anyhow possible to setup?

actions:
  - name: XYZAction
    code: ../code.js
    secrets:
      - name: MANAGEMENT_CLIENT_CLIENT_ID
        value: ${client.XYZClientManagement.client_id}
      - name: MANAGEMENT_CLIENT_CLIENT_SECRET
        value: ${client.XYZClientManagement.client_secret}

Thank you very much

jsteinbrunner · April 25, 2024, 10:25pm

Curious, if there are any recommendations for this? I’m also trying to instantiate a management client in an action, but do not want our client secret referenced in the auth0 deployment yamls.

tyf · April 25, 2024, 10:47pm

Hey @jsteinbrunner - While I’m not super familiar with deploy CLI it does look to be possible, here’s an example:

github.com

auth0/auth0-deploy-cli/blob/16dee06e5109e493e64a1895118a81c45206d554/examples/directory/actions/action-example.json#L11


      
          {
            "name": "action-example",
            "code": "directory/actions/action-example/code.js",
            "status": "built",
            "dependencies": [
              {
                "name": "lodash",
                "version": "4.17.21"
              }
            ],
            "secrets": [
              {
                "name": "MY_SECRET",
                "value": "_VALUE_NOT_SHOWN_"
              }
            ],
            "supported_triggers": [
              {
                "id": "post-login",
                "version": "v1"
              }

jsteinbrunner · April 26, 2024, 1:44pm

Thanks for the response @tyf!

I found a related post on this topic where @rueben.tiow referenced the same example yaml configuration.

Given his reply, it makes me think _VALUE_NOT_SHOWN_ is static placeholder text for the purpose of the example.

If you know of any other resources that talk more about using secrets in the deploy tool, I would love to take a look.

tyf · April 26, 2024, 8:56pm

Happy to help!

I was just able to run the Deploy CLI successfully and create an action with a secret as shown in the example - Both my application’s client_secret and Action secret were set using environment variables. Here’s my tenant.yaml:

actions:
  - name: action-deploy
    code: /Users/me/auth0-dev/test/deploy-cli/code.js
    deployed: true
    secrets:
      - name: MY_SECRET
        value: "#{env.MY_SECRET_VALUE}"
    status: built
    supported_triggers:
      - id: post-login
        version: v2

jsteinbrunner · April 26, 2024, 9:22pm

This is super helpful, thank you!

system · May 10, 2024, 9:23pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Using the management API in flow actions Get Help auth0 , actions	6	8297	April 24, 2021
Using the Management API in Actions Knowledge Articles actions	1	28464	June 23, 2021
Client credentials missing from custom action Get Help user-profile , user-management	6	360	March 11, 2024
Management API in actions Get Help actions	4	5045	October 11, 2021
Conver auth0-account-link-extensions to action Get Help missing-category , other	4	451	March 14, 2024

ManagementClient and secrets with cli deployment

Related topics