Sendgrid Api Key Resetting Upon Using Deploy CLI


I’ve noticed that our Sendgrid API key (set via the Auth0 UI, Branding > Email Provider > Sendgrid > API Key) is lost/changed every time we deploy the config via the Auth0 deploy CLI.

We are able to tell the change has happened only because the forgot password flow no longer actually sends an email to the user. And when using the Send Test Email button, it also doesn’t work.

Steps to reproduce:

  1. Set the Sendgrid API Key
  2. Click the button to Send Test Email
  3. Verify you have received the email
  4. Using the auth0 deploy CLI, pull down the config for that tenant
  5. Deploy that exact same config that you just pulled down
  6. Click the button to Send Test Email again
  7. This time, you will not receive the email
  8. Replace the Sendgrid API Key again, with the same value you did the first time
  9. Click the button to Send Test Email
  10. You will receive the email

So this shows that somehow the deployment is removing/changing our API Key, even though the config files do not seem to store it anywhere.

I do not need to be able to change/pull down the API key with the CLI, I just need it to not be lost every time we do a deploy. As of now, after each deploy we have to log onto Auth0 and manually paste back in the same Sendgrid API key to make it keep working normally.

Maybe we’re doing something wrong with the deploy? I noticed there were some other posts here that were related, but my core issue hasn’t been directly addressed/fixed.

The user in this post found the same problem, but no solution was offered.


1 Like

I talked to support and found a solution to the problem. Basically, we had emailProvider info in our tenant.yaml that was being uploaded, and since you can’t input an API key there, it was resetting it. Just excluding the emailProvider config did the trick! Here is the support response below:

You cannot export or import secrets like API using the Auth0 Deploy CLI Tool and that is the reason it erases the api key from the email provider.

I recommend excluding those resources from the pipeline, like the email provider configuration. This should resolve the issue you are encountering.

Check the following documentation for more information on this: