Configure the Deploy CLI

Configuring the Deploy’s CLI is essential for establishing Auth0 credentials as well as generally modifying the behavior of the tool to your specific needs. There are two ways the Deploy CLI can be configured:

  1. Use the configuration file (config.json).

  2. Set environment variables.

Configuration file

A standalone JSON file can be used to configure Deploy CLI. This file will usually reside in the root directory of your project and should be named config.json.

Example

{
  "AUTH0_DOMAIN": "<YOUR_TENANT_DOMAIN>",
  "AUTH0_CLIENT_ID": "<YOUR_CLIENT_ID>",
  "AUTH0_ALLOW_DELETE": false
}

Was this helpful?

/

Environment variables

By default, the Deploy CLI ingests environment variables, providing the ability to pass credentials and other configurations to the tool without needing to publish to the config.json file. Environment variables can either be used to augment the config.json file or replace it altogether depending on the project needs.

Non-primitive configuration values like AUTH0_KEYWORD_REPLACE_MAPPINGS and AUTH0_EXCLUDED can also be passed in through environment variables so long as these values are properly serialized JSON.

To disable the consumption of environment variables for either the import or export commands, pass the --env=false argument.

Examples

Deploying configuration for YAML formats without a config.json file

$ export AUTH0_DOMAIN=<YOUR_AUTH0_DOMAIN>
$ export AUTH0_CLIENT_ID=<YOUR_CLIENT_ID>
$ export AUTH0_CLIENT_SECRET=<YOUR_CLIENT_SECRET>
$ a0deploy import --input_file=local/tenant.yaml

Was this helpful?

/

Disable environment variable ingestion

$ a0deploy export -c=config.json --format=yaml --output_folder=local --env=false

Was this helpful?

/

Non-primitive configuration values

$ export AUTH0_EXCLUDED='["actions","organizations"]'
$ export AUTH0_KEYWORD_REPLACE_MAPPINGS='{"ENVIRONMENT":"dev"}'
$ a0deploy export -c=config.json --format=yaml --output_folder=local

Was this helpful?

/

Available Configuration Properties

AUTH0_DOMAIN

String. The domain of the target Auth0 tenant.

AUTH0_CLIENT_ID

String. The ID of the designated Auth0 application used to make API requests.

AUTH0_CLIENT_SECRET

String. The secret of the designated Auth0 application used to make API requests.

AUTH0_ACCESS_TOKEN

String. Short-lived access token for Management API from designated Auth0 application. Can be used in replacement to client ID and client secret combination.

AUTH0_CLIENT_SIGNING_KEY_PATH

String. The path to the private key used by the client when facilitating Private Key JWT authentication. Path relative to the working directory. Also note AUTH0_CLIENT_SIGNING_ALGORITHM for specifying signing algorithm.

AUTH0_CLIENT_SIGNING_ALGORITHM

String. Specifies the JWT signing algorithms used by the client when facilitating Private Key JWT authentication. Only used in combination with AUTH0_CLIENT_SIGNING_KEY_PATH.

Accepted values: RS256RS384PS256.

AUTH0_ALLOW_DELETE

Boolean. When enabled, will allow the tool to delete resources. Default: false.

AUTH0_EXCLUDED

Array of strings. Excludes entire resource types from being managed, bi-directionally. To learn more, read Exclude Resources from Management.

Cannot be used simultaneously with AUTH0_INCLUDED_ONLY.

Possible values: actions, attackProtection, branding, clientGrants, clients, connections, customDomains, databases, emailProvider, emailTemplates, guardianFactorProviders, guardianFactorTemplates, guardianFactors, guardianPhoneFactorMessageTypes, guardianPhoneFactorSelectedProvider, guardianPolicies, logStreams, migrations, organizations, pages, prompts, resourceServers, roles, tenant, triggers.

Example

{
  "AUTH0_EXCLUDED": ["organizations", "connections", "hooks"]
}

Was this helpful?

/

AUTH0_INCLUDED_ONLY

Array of strings. Specifies which resource types to manage bi-directionally. To learn more, read Exclude Resources from Management.

Cannot be used simultaneously with AUTH0_EXCLUDED.

Possible values: actions, attackProtection, branding, clientGrants, clients, connections, customDomains, databases, emailProvider, emailTemplates, guardianFactorProviders, guardianFactorTemplates, guardianFactors, guardianPhoneFactorMessageTypes, guardianPhoneFactorSelectedProvider, guardianPolicies, logStreams, migrations, organizations, pages, prompts, resourceServers, roles, tenant, triggers.

Example

{
  "AUTH0_INCLUDED_ONLY": ["clients", "connections", "tenant", "branding"]
}

Was this helpful?

/

AUTH0_KEYWORD_REPLACE_MAPPINGS

Mapping of specific keywords to facilities dynamic replacement. To learn more, read Keyword Replacement.

Example

{
  "ENVIRONMENT": "DEV",
  "ALLOWED_ORIGINS": ["https://dev.test-site.com", "localhost"]
}

Was this helpful?

/

AUTH0_PRESERVE_KEYWORDS

Boolean. When enabled, will attempt to preserve keyword replacement markers in local resource files during export. Otherwise, the remote values will overwrite those manually-placed keyword markers.

This configuration requires the presence of local configuration files and defined keyword replace mappings via the AUTH0_KEYWORD_REPLACE_MAPPINGS configuration property.

See also: Preserve Keywords on Export.

AUTH0_EXPORT_IDENTIFIERS

Boolean. When enabled, will return identifiers of all resources. May be useful for certain debugging or record-keeping scenarios within a single-tenant context. Default: false.

EXCLUDED_PROPS

Provides ability to exclude any unwanted properties from management.

Example

{
  "connections": ["options.twilio_token"]
}

Was this helpful?

/

AUTH0_AUDIENCE

String. Separate value from audience value while retrieving an access token for the Management API. Useful when default Management API endpoints are not publicly exposed.

AUTH0_EXCLUDED_RULES

Array of strings. Excludes the management of specific rules by ID. Note: This configuration may be subject to deprecation in the future. To learn more, read Exclude Resources from Management.

AUTH0_EXCLUDED_CLIENTS

Array of strings. Excludes the management of specific clients by ID. Note: This configuration may be subject to deprecation in the future. To learn more, read Exclude Resources from Management.

AUTH0_EXCLUDED_DATABASES

Array of strings. Excludes the management of specific databases by ID. Note: This configuration may be subject to deprecation in the future. To learn more, read Exclude Resources from Management.

AUTH0_EXCLUDED_CONNECTIONS

Array of strings. Excludes the management of specific connections by ID. Note: This configuration may be subject to deprecation in the future. To learn more, read Exclude Resources from Management.

AUTH0_EXCLUDED_RESOURCE_SERVERS

Array of strings. Excludes the management of specific resource servers by ID. Note: This configuration may be subject to deprecation in the future. To learn more, read Exclude Resources from Management.