Execution Context for Secure Credentials Storage

The execution context in SuiteCloud SDK controls how authentication and credential management work. It is used by the SuiteCloud SDK tools to determine the following:

Note:

Auth IDs created in the browser-based context aren't accessible in the machine-to-machine context, and inversely. So, an auth ID made in one context can't be used in the other.

The environment variables on your machine and whether secure storage is available determine the execution context. You can set up one or more of these environment variables—or none, if you want to use the default context.

The table below shows the conditions for each execution context and gives more details. If your setup doesn't match any of these, it's considered an invalid execution context.

Execution Context

Environment variable configuration and secure storage status

Description

Browser-based (default)

Secure storage is available.

Environment variables configuration:

  • SUITECLOUD_FALLBACK_PASSKEY is not set

  • SUITECLOUD_CI_PASSKEY is not set

  • SUITECLOUD_CI is not set

  • Allows browser- based authentication.

  • This is the default execution context, meant for use on a user's machine.

  • Uses the credentials_browser_based.p12 credentials file.

  • Uses the auto-generated passkey stored in your machine's secure storage to unlock the credentials file. This passkey is automatically refreshed when the token changes.

  • Allows all other operations, except for machine-to-machine authentication.

Browser-based fallback

Secure storage is unavailable.

Environment variables configuration:

  • SUITECLOUD_FALLBACK_PASSKEY is set to a value between 32 and 100 alphanumeric characters.

  • SUITECLOUD_CI_PASSKEY is not set

  • SUITECLOUD_CI is not set

  • Allows browser- based authentication.

  • This execution context is for when secure storage isn't available on a user's machine.

  • Uses the credentials_browser_based.p12 credentials file.

  • Uses the passkey defined in the SUITECLOUD_FALLBACK_PASSKEY environment variable to unlock the credentials file. This passkey isn't automatically refreshed and must be manually updated.

  • Allows all other operations, except for machine-to-machine authentication.

Machine-to-machine authentication setup

Secure storage status is not relevant in this case.

Environment variables configuration:

  • SUITECLOUD_FALLBACK_PASSKEY is not set

  • SUITECLOUD_CI_PASSKEY is set to a value between 32 and 100 alphanumeric characters.

  • SUITECLOUD_CI is not set

  • Allows machine-to-machine authentication.

  • This execution context can be used to set up and manage authentication IDs for a CI/CD environment.

  • Uses the credentials_ci.p12 credentials file.

  • Uses the passkey defined in the SUITECLOUD_CI_PASSKEY environment variable to unlock the credentials file. This passkey isn't refreshed automatically and has to be updated manually.

  • Only allows operations for management of authentication IDs.

Machine-to-machine

Secure storage status is not relevant in this case.

Environment variables configuration:

  • SUITECLOUD_FALLBACK_PASSKEY is not set

  • SUITECLOUD_CI_PASSKEY is set to a value between 32 and 100 alphanumeric characters.

  • SUITECLOUD_CI is set to 1

  • Allows machine-to-machine authentication.

  • This execution context is meant for use in a CI/CD environment.

  • Uses the credentials_ci.p12 credentials file.

  • Uses the passkey defined in the SUITECLOUD_CI_PASSKEY environment variable to unlock the credentials file. This passkey is not automatically refreshed and must be manually updated.

  • Allows all other operations, except for browser- based authentication.

For more information, see Setting Up Environment Variables for SuiteCloud SDK Tools.

Related Topics

General Notices