Auth0 Home Blog Docs

Preserve environment variables when exporting from Auth0

We have many environment variables, such as ##BASE_URL##. We frequently export our Auth0 settings in order to update our Git repo with the latest configuration. However, the values are replaced with whatever they currently are in Auth0 (e.g. https://stage.mycompany.com), which means we have to go through each changed file and manually change back each value to its variable. On one occasion, we missed one and production credentials were committed to our VCS.

Is there a way to preserve the variables when exporting?

Hi @mr-newell,

Typically you will seperate the env variables into a separate file like in this example the auth_config.json.example:

I not sure I understand what you mean when you say:

However, the values are replaced with whatever they currently are in Auth0

How are you replacing them?

I think we may need some more context to solve this. What framework, how you are replacing the variables, etc.

Thank,
Dan

Hi @dan.woda. Re-reading my question, I see how it was poorly worded, sorry about that.

I am talking about the Auth0 Deploy CLI tool and its environment variables: https://auth0.com/docs/extensions/deploy-cli/references/environment-variables-keyword-mappings

We exported our Auth0 settings to a Git repo because we want to keep our configuration under version control. We use the aforementioned environment variables to set things like different callback URLs for our different environments. When our CI uses the Auth0 Deploy CLI tool to import the repo back into Auth0, Auth0 automatically converts the variables like ##CALLBACK_URL## into the appropriate values.

The problem is that when we make changes in the dashboard and re-export to our repo, all the environment variables we’ve defined are overwritten by the actual values currently stored in Auth0 (like https://staging-env.company.com) which requires us to manually go through each file changed before committing and make sure the variables are preserved. I am currently thinking that maybe I just need to create a Git pre-commit hook or something to check that strings of the pattern ##text## haven’t been replaced but I am wondering if this is something you guys have seen and have a solution for.

@mr-newell,

I haven’t done much work witht the Deploy CLI. Let me see if I can get someone with more expertise on the topic in here.

1 Like

I reached out to the team on this and it sounds like there is not a specific solution for this scenario atm. It sounds like it has been brought up before, and we would love to hear your feedback on it.

If you have the time to submit a feedback ticket we would greatly appreciate it.

Thanks,
Dan