Import/Export Tenant Configuration to Directory Structure
The auth0-deploy-cli
tool includes a directory option that allows you to export and import an existing Auth0 tenant configuration into a predefined directory structure.
Import tenant configuration
To import an Auth0 tenant configuration with the directory option:
Copy
config.json.example
, making sure to replace the placeholder values with the values specific to your configuration.Use the{ "AUTH0_DOMAIN": "<YOUR_TENANT>.auth0.com", "AUTH0_CLIENT_ID": "<client_id>", "AUTH0_CLIENT_SECRET": "<client_secret>", "AUTH0_KEYWORD_REPLACE_MAPPINGS": { "AUTH0_TENANT_NAME": "<NAME>", "ENV": "DEV" }, "AUTH0_ALLOW_DELETE": false, "AUTH0_EXCLUDED_RULES": [ "rule-1-name", "rule-2-name" ], "INCLUDED_PROPS": { "clients": [ "client_secret" ] }, "EXCLUDED_PROPS": { "connections": [ "options.client_secret" ] } }
Was this helpful?/client ID
and secret from your newly-created application. If you used the Deploy CLI Extension to create the application, the client is namedauth0-deploy-cli-extension
. By default, the tool merges with your current environment variables and overrides theconfig.json
file (which has the same top key). You can use the--no-env
option to disable the override via the command line. You can either set the environment variables, or you can place the values in a configuration file anywhere on the file system that is accessible by the Deploy CLI Tool.Deploy using the following command:
a0deploy import --config_file config.json --input_file .
Was this helpful?/
Example: configuration file
Here is an example of a config.json
file:
{
"AUTH0_DOMAIN": "<your auth0 domain (e.g., travel0-dev.auth0.com) >",
"AUTH0_CLIENT_SECRET": "<your deploy client secret>",
"AUTH0_CLIENT_ID": "<your deploy client ID>",
"AUTH0_KEYWORD_REPLACE_MAPPINGS": {
"YOUR_ARRAY_KEY": [
"http://localhost:8080",
"https://somedomain.com"
],
"YOUR_STRING_KEY": "some environment-specific string"
},
"AUTH0_ALLOW_DELETE": false,
"INCLUDED_PROPS": {
"clients": [ "client_secret" ]
},
"EXCLUDED_PROPS": {
"connections": [ "options.client_secret" ],
"emailProvider": ["name", "credentials", "default_from_address", "enabled"]
},
"AUTH0_EXCLUDED_RULES": [ "auth0-account-link-extension" ],
"AUTH0_EXCLUDED_CLIENTS": [ "auth0-account-link" ],
"AUTH0_EXCLUDED_RESOURCE_SERVERS": [ "SSO Dashboard API" ],
"AUTH0_EXCLUDED_DEFAULTS": ["emailProvider"]
}
Export tenant configuration
To export your current tenant configuration, run a command that's similar to:
a0deploy export --config_file config.json --format directory --output_folder path/to/export
When importing objects into Auth0 tenants, Auth0 generates new IDs. To avoid import failure, identifier fields are stripped from the Auth0 objects on export by default. To override this behavior, use --export_ids
or AUTH0_EXPORT_IDENTIFIERS: true
.
Limitations
Some of the settings cannot be exported, such as rulesConfigs
values. After exporting, you may need to update the values in tenant.yaml
if you see schema-related errors during the import process.
To learn more, see Deploy CLI Tool Environment Variables and Keyword Mappings.
Directory structure example
The following is a sample of what the export directory structure looks like. For full details on everything that can be included, please see the extension's repository:
repository =>
clients
client1.json
client2.json
connections
connection1.json
database-connections
connection1
database.json
create.js
delete.js
get_user.js
login.js
verify.js
emails
provider.json
verify_email.json
verify_email.html
welcome_email.json
welcome_email.html
grants
grant1.json
pages
login.html
login.json
password_reset.html
password_reset.json
resource-servers
resource_server1.json
resource_server2.json
rules
rule1.js
rule1.json
rule2.js
rules-configs
env_param1.json
some_secret1.json
hooks
hook1.js
hook1.json
guardian
factors
sms.json
email.json
otp.json
push-notification.json
provider
sms-twilio.json
templates
sms.json
Add Hook Secrets
To add hook secrets to your environment, add secrets in the .json configuration file (in this example, hook1.json
) as follows:
"secrets": {
"api-key": "my custom api key"
}
The secrets
object cannot be nested, so remember to prefix your secrets.