The Auth0 Deploy CLI is a tool that helps you manage your Auth0 tenant configuration. It integrates into your development workflows as a standalone CLI or as a node module.
Supported resource types: actions, branding, client grants, clients (applications), connections, custom domains, email templates, emails, grants, guardian, hook secrets, hooks, log streams, migrations, organizations, pages, prompts, resource servers (APIs), roles, rules, rules configs, tenant settings, themes.
- Multi-Environment Oriented: Designed to help you test your applications' Auth0 integrations from feature branch all the way to production.
- Keyword Replacement: Shared resource configurations across all environments with dynamic keyword replacement.
- Versatile: Integrate into your CI/CD workflows either as a CLI or as a Node module.
- Using as a CLI
- Using as a Node Module
- Configuring the Deploy CLI
- Keyword Replacement
- Incorporating Into Multi-environment Workflows
- Excluding Resources From Management
- Available Resource Formats
- Terraform Provider
- How to Contribute
This guide will help you to a working implementation of the Deploy CLI tool used as a standalone CLI. There are three main steps before the Deploy CLI can be run:
⚠️ NOTE: This tool can be destructive to your Auth0 tenant. It is recommended to be familiar with theAUTH0_ALLOW_DELETE
configuration and to test on development tenants prior to using in production.
- Node version 10 or greater
- Auth0 Tenant
To run as a standalone command-line tool:
npm install -g auth0-deploy-cli
In order for the Deploy CLI to call the Management API, a dedicated Auth0 application must be created to make calls on behalf of the tool.
- From the Auth0 dashboard, navigate to Applications > Applications
- Click “Create Application”
- On Create application page: a. Name it “Deploy CLI” or similar b. Select “Machine to Machine Applications” as application type c. Click “Create”
- On the “Authorize Machine to Machine Application” page a. Select “Auth0 Management API” b. Select the appropriate permissions for the resources you wish to manage. Refer to the Client Scopes section for more information. c. Click “Authorize”
The designated application needs to be granted scopes in order to allow the Deploy CLI to execute Management operations.
The principle of least privilege is abided, so it will operate within the set of permissions granted. At a minimum, read:clients
need to be selected, but is is recommended to select read:
, create:
and update:
permissions for all resource types within management purview. To enable deletions, the delete:
scopes are also necessary.
The Deploy CLI can be configured two ways, through a config.json
file and through environment variables. The decision to choose one or both would depend on your specific use case and preferences. More comprehensive information about configuring the tool can be found on the Configuring the Deploy CLI page. However, for this example, the simplest way to get going is by setting the following environment variables:
AUTH0_DOMAIN
AUTH0_CLIENT_ID
AUTH0_CLIENT_SECRET
These values can be found in the “Settings” tab within the Auth0 application created in the previous step.
Finally, with above complete, the Deploy CLI export command can be run:
a0deploy export --format=yaml --output_folder=local
Once the process completes, observe the resource configuration files generated in the local
directory. Then, run the import command, which pushes configuration from the local machine to your Auth0 tenant:
a0deploy import -c=config.json --input_file local/tenant.yaml
For general support or usage questions, use the Auth0 Community forums or raise a support ticket. Only raise an issue if you have found a bug or want to request a feature.
Do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.
Auth0 helps you to:
- Add authentication with multiple sources, either social identity providers such as Google, Facebook, Microsoft Account, LinkedIn, GitHub, Twitter, Box, Salesforce (amongst others), or enterprise identity systems like Windows Azure AD, Google Apps, Active Directory, ADFS, or any SAML identity provider.
- Add authentication through more traditional username/password databases.
- Add support for linking different user accounts with the same user.
- Support for generating signed JSON Web Tokens to call your APIs and flow the user identity securely.
- Analytics of how, when, and where users are logging in.
- Pull data from other sources and add it to the user profile through JavaScript Actions.
Why Auth0? Because you should save time, be happy, and focus on what really matters: building your product.
This project is licensed under the MIT license. See the LICENSE file for more information.