Sendgrid Api Key Resetting Upon Using Deploy CLI

rchenore · April 11, 2024, 5:42pm

Hello,

I’ve noticed that our Sendgrid API key (set via the Auth0 UI, Branding > Email Provider > Sendgrid > API Key) is lost/changed every time we deploy the config via the Auth0 deploy CLI.

We are able to tell the change has happened only because the forgot password flow no longer actually sends an email to the user. And when using the Send Test Email button, it also doesn’t work.

Steps to reproduce:

Set the Sendgrid API Key
Click the button to Send Test Email
Verify you have received the email
Using the auth0 deploy CLI, pull down the config for that tenant
Deploy that exact same config that you just pulled down
Click the button to Send Test Email again
This time, you will not receive the email
Replace the Sendgrid API Key again, with the same value you did the first time
Click the button to Send Test Email
You will receive the email

So this shows that somehow the deployment is removing/changing our API Key, even though the config files do not seem to store it anywhere.

I do not need to be able to change/pull down the API key with the CLI, I just need it to not be lost every time we do a deploy. As of now, after each deploy we have to log onto Auth0 and manually paste back in the same Sendgrid API key to make it keep working normally.

Maybe we’re doing something wrong with the deploy? I noticed there were some other posts here that were related, but my core issue hasn’t been directly addressed/fixed.

The user in this post found the same problem, but no solution was offered.

Thanks!

rchenore · May 22, 2024, 6:38pm

I talked to support and found a solution to the problem. Basically, we had emailProvider info in our tenant.yaml that was being uploaded, and since you can’t input an API key there, it was resetting it. Just excluding the emailProvider config did the trick! Here is the support response below:

You cannot export or import secrets like API using the Auth0 Deploy CLI Tool and that is the reason it erases the api key from the email provider.

I recommend excluding those resources from the pipeline, like the email provider configuration. This should resolve the issue you are encountering.

Check the following documentation for more information on this:

github.com

auth0/auth0-deploy-cli/blob/master/docs/excluding-from-management.md

# Excluding Resources From Management

In many cases, you may find it useful to exclude resources from being managed. This could be because your tenant has a large number of a particular resource and thus it is operationally burdensome to manage. Other times, you may wish to exclude them as your development workflow only pertains to a specific subset of resources and you’d like to omit all other resources for performance. Regardless of the use case, there are several options available for expressing exclusions in the Deploy CLI.

## Excluding entire resources by type

For more complex tenants, you may find yourself wanting to omit entire resource types. Some common use cases for wanting this capability:

- Enterprise tenant with thousands of organizations, managing all would be operationally burdensome
- CI/CD process only focuses on managing roles, you may wish to exclude all others
- Feature development pertains to hook, you may wish to temporarily exclude all others to optimize performance

This type of exclusion is expressed by passing an array of resource names into either the `AUTH0_EXCLUDED` or `AUTH0_INCLUDED_ONLY` configuration properties. The `AUTH0_EXCLUDED` configuration property excludes only the resource types provided to it. Inversely, the `AUTH0_INCLUDED_ONLY` property excludes all properties except the ones defined. Exclusion works **bi-directionally**, that is, both when export from Auth0 and importing to Auth0, regardless if resource configuration files exist or not.

All supported resource values for exclusion:

`actions`, `attackProtection`, `branding`, `clientGrants`, `clients`, `connections`, `customDomains`, `databases`, `emailProvider`, `emailTemplates`, `guardianFactorProviders`, `guardianFactorTemplates`, `guardianFactors`, `guardianPhoneFactorMessageTypes`, `guardianPhoneFactorSelectedProvider`, `guardianPolicies`, `logStreams`, `migrations`, `organizations`, `pages`, `prompts`, `resourceServers`, `roles`, `tenant`, `triggers`

### Exclusion Example

This file has been truncated. show original

system · June 5, 2024, 6:39pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

andersonclane77 · June 10, 2024, 5:38pm

Before you can start using the API, you need to do the following: Create a SendGrid account. Create an API Key.