auth0-deploy-cli icon indicating copy to clipboard operation
auth0-deploy-cli copied to clipboard

Published 20 hours ago verified publisher icon auth0

Export placeholders for encrypted `options.configuration` values for databases

Open larryaubstore opened this issue 1 year ago • 2 comments

Checklist

  • [X] I have looked into the README and have not found a suitable solution or answer.
  • [X] I have looked into the documentation and have not found a suitable solution or answer.
  • [X] I have searched the issues and have not found a suitable solution or answer.
  • [X] I have upgraded to the latest version of this tool and the issue still persists.
  • [X] I have searched the Auth0 Community forums and have not found a suitable solution or answer.
  • [X] I agree to the terms within the Auth0 Code of Conduct.

Description

Hi,

I've used the latest version which is 7.17.7 and I noticed that options.configuration are not exported.

For importation, I tried the format available returned with the Auth0 management api and it does not work:

{
  "options": {
      "passwordPolicy": "low",
      "password_complexity_options": {
          "min_length": 10
      },
      "disable_signup": false,
      "requires_username": false,
      "brute_force_protection": true,
      "enabledDatabaseCustomization": true,
      "import_mode": true,
      "customScripts": {
          "login": "login.js",
          "get_user": "get_user.js"
      },
      "configuration": {
          "TEST_CONFIG": "TEST"
      }
  },
  "strategy": "auth0",
  "name": "test",
  "is_domain_connection": false,
  "enabled_clients": [],
  "realms": ["test"]
}

Expectation

Import and export of the options.configuration should work.

Reproduction

To reproduce the export problem, export a database with values in options.configuration. To reproduce the import problem, export a database with values in options.configuration using Auth0 Management Api and try to import the configuration.

Deploy CLI version

7.17.7

Node version

v12.22.6

larryaubstore avatar Jul 12 '23 15:07 larryaubstore

The options.configuration property is intentionally omitted from export because it becomes encrypted when stored; the Management API cannot return the unencrypted values thereafter. If you GET your connection via the API you'll see something like this:

"configuration": {
        "TEST_CONFIG": "2.0$26efecff8162aff6c65696f034d4a8a1$b012dd920361da4c43f575a38c8e6695$0aae5717b1fc0a961eb79c90c9f2555d1dfb306d3d0c6dffc699ab53814ee9ba"
},

However, the options.configuration property will update the connection on import. If it is important to continually update these values, I'd recommend implementing a uni-directional workflow, otherwise you'll need to continually reconcile on export.

One thing that we could potentially explore in the future is to replace encrypted values with a designated placeholder to show that configurations exist, it would help visualize these values but doesn't seem like it would enable your intention of exporting the unencrypted values.

Hope that clears things up!

willvedd avatar Jul 14 '23 12:07 willvedd

Hi, thank you for your quick response. You're correct, the import is working, sorry my mistake.

I understand now why the values are not exported since they are secrets.

larryaubstore avatar Jul 17 '23 13:07 larryaubstore