Import/Export Tenant Configuration to Directory Structure

The auth0-deploy-cli tool includes a directory option that allows you to export and import an existing Auth0 tenant configuration into a predefined directory structure.

To learn more about how the files are expected to be laid out to work with the source control configuration utilities, see GitHub Deployments.

To import an Auth0 tenant configuration with the directory option:

Copy config.json.example, making sure to replace the placeholder values with the values specific to your configuration.
{ "AUTH0_DOMAIN": "<YOUR_TENANT>.auth0.com", "AUTH0_CLIENT_ID": "<client_id>", "AUTH0_CLIENT_SECRET": "<client_secret>", "AUTH0_KEYWORD_REPLACE_MAPPINGS": { "AUTH0_TENANT_NAME": "<NAME>", "ENV": "DEV" }, "AUTH0_ALLOW_DELETE": false, "AUTH0_EXCLUDED_RULES": [ "rule-1-name", "rule-2-name" ], "INCLUDED_PROPS": { "clients": [ "client_secret" ] }, "EXCLUDED_PROPS": { "connections": [ "options.client_secret" ] } }
Was this helpful?/
Use the client ID and secret from your newly-created application. If you used the Deploy CLI Extension to create the application, the client is named auth0-deploy-cli-extension. By default, the tool merges with your current environment variables and overrides the config.json file (which has the same top key). You can use the --no-env option to disable the override via the command line. You can either set the environment variables, or you can place the values in a configuration file anywhere on the file system that is accessible by the Deploy CLI Tool.

Deploy using the following command:

a0deploy import --config_file config.json --input_file .

Was this helpful?/

Here is an example of a config.json file:

{
  "AUTH0_DOMAIN": "<your auth0 domain (e.g., travel0-dev.auth0.com) >",
  "AUTH0_CLIENT_SECRET": "<your deploy client secret>",
  "AUTH0_CLIENT_ID": "<your deploy client ID>",
  "AUTH0_KEYWORD_REPLACE_MAPPINGS": {
    "YOUR_ARRAY_KEY": [
      "http://localhost:8080",
      "https://somedomain.com"
    ],
    "YOUR_STRING_KEY": "some environment-specific string"
  },
  "AUTH0_ALLOW_DELETE": false,
  "INCLUDED_PROPS": {
    "clients": [ "client_secret" ]
  },
  "EXCLUDED_PROPS": {
    "connections": [ "options.client_secret" ],
    "emailProvider": ["name", "credentials", "default_from_address", "enabled"]
  },
  "AUTH0_EXCLUDED_RULES": [ "auth0-account-link-extension" ],
  "AUTH0_EXCLUDED_CLIENTS": [ "auth0-account-link" ],
  "AUTH0_EXCLUDED_RESOURCE_SERVERS": [ "SSO Dashboard API" ],
  "AUTH0_EXCLUDED_DEFAULTS": ["emailProvider"]
}

Was this helpful?/

To export your current tenant configuration, run a command that's similar to:

a0deploy export --config_file config.json --format directory --output_folder path/to/export

Was this helpful?/

When importing objects into Auth0 tenants, Auth0 generates new IDs. To avoid import failure, identifier fields are stripped from the Auth0 objects on export by default. To override this behavior, use --export_ids or AUTH0_EXPORT_IDENTIFIERS: true.

Some of the settings cannot be exported, such as rulesConfigs values. After exporting, you may need to update the values in tenant.yaml if you see schema-related errors during the import process.

To learn more, see Deploy CLI Tool Environment Variables and Keyword Mappings.

The following is a sample of what the export directory structure looks like. For full details on everything that can be included, please see the extension's repository:

repository =>
  clients
    client1.json
    client2.json
  connections
    connection1.json
  database-connections
    connection1
      database.json
      create.js
      delete.js
      get_user.js
      login.js
      verify.js
  emails
    provider.json
    verify_email.json
    verify_email.html
    welcome_email.json
    welcome_email.html
  grants
    grant1.json
  pages
    login.html
    login.json
    password_reset.html
    password_reset.json
  resource-servers
    resource_server1.json
    resource_server2.json
  rules
    rule1.js
    rule1.json
    rule2.js
  rules-configs
    env_param1.json
    some_secret1.json
  hooks
     hook1.js
     hook1.json
  guardian
    factors
      sms.json
      email.json
      otp.json
      push-notification.json
    provider
      sms-twilio.json
    templates
      sms.json

Was this helpful?/

To add hook secrets to your environment, add secrets in the .json configuration file (in this example, hook1.json) as follows:

"secrets": { 
  "api-key": "my custom api key" 
}

Was this helpful?/

The secrets object cannot be nested, so remember to prefix your secrets.

Docs

Import/Export Tenant Configuration to Directory Structure

Import/Export Tenant Configuration to Directory Structure

Import tenant configuration

Example: configuration file

Export tenant configuration

Limitations

Directory structure example

Add Hook Secrets

Keep reading

Was this article helpful?