ManagementClient and secrets with cli deployment

Hi,
I’m working on a migration from Rules to Actions. One of the changes for me was a change in how we are initiating ManagementClient , I have used this help topic as my bases:

Setting up new application, and then storing the clientid and secret in action’s secrets. This works fine when I’m setting this manually.
But now I need to set up deployment using a0deploy with the tenants.yaml.
So for Application(client), it is easy:

clients:
  - name: XYZClientManagement
    app_type: non_interactive
...

but for the action, how do I now reference the generated client_id and client_secret? I basically need something like this? Is it anyhow possible to setup?

actions:
  - name: XYZAction
    code: ../code.js
    secrets:
      - name: MANAGEMENT_CLIENT_CLIENT_ID
        value: ${client.XYZClientManagement.client_id}
      - name: MANAGEMENT_CLIENT_CLIENT_SECRET
        value: ${client.XYZClientManagement.client_secret}

Thank you very much

Curious, if there are any recommendations for this? I’m also trying to instantiate a management client in an action, but do not want our client secret referenced in the auth0 deployment yamls.

Hey @jsteinbrunner - While I’m not super familiar with deploy CLI it does look to be possible, here’s an example:

1 Like

Thanks for the response @tyf!

I found a related post on this topic where @rueben.tiow referenced the same example yaml configuration.

Given his reply, it makes me think _VALUE_NOT_SHOWN_ is static placeholder text for the purpose of the example.

If you know of any other resources that talk more about using secrets in the deploy tool, I would love to take a look.

Happy to help!

I was just able to run the Deploy CLI successfully and create an action with a secret as shown in the example - Both my application’s client_secret and Action secret were set using environment variables. Here’s my tenant.yaml:

actions:
  - name: action-deploy
    code: /Users/me/auth0-dev/test/deploy-cli/code.js
    deployed: true
    secrets:
      - name: MY_SECRET
        value: "#{env.MY_SECRET_VALUE}"
    status: built
    supported_triggers:
      - id: post-login
        version: v2
2 Likes

This is super helpful, thank you!

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.