1. SuiteCloud Platform
  2. SuiteCloud SDK
  3. SuiteCloud SDK Overview
  4. SuiteCloud SDK Overview
  5. Secure Credentials Storage for SuiteCloud SDK
  6. Using Machine-to-Machine Authentication for CI/CD Environments

Using Machine-to-Machine Authentication for CI/CD Environments

Machine-to-machine authentication is a robust and efficient way to automate your CI/CD processes securely. To set it up, you need to configure environment variables and credentials. SuiteCloud SDK tools then handle secure authentication in your CI/CD pipeline, ensuring automated and protected processes.

Note:

You need two environment variables for machine-to-machine authentication:

SUITECLOUD_CI: This variable enables the machine-to-machine authentication mechanism. Set it to 1 or any non-zero value to activate it.

SUITECLOUD_CI_PASSKEY: This variable stores the passkey for your authentication credentials. Be sure to use a strong, alphanumeric string with 32-100 characters, and update it regularly for better security.

For more information, see Setting Up Environment Variables for SuiteCloud SDK Tools.

To be authenticated using machine-to-machine authentication:

To deploy or validate your project, ensure the auth ID you use matches the one in your credentials file from Step 3.

When you use SuiteCloud CLI for Node.js, ensure the project in your CI/CD pipeline uses the auth ID you created during the authentication setup (Step 3). The default auth ID for deployment or validation can't be changed through SuiteCloud CLI for Node.js in a pipeline. You may need to manually update the DefaultAuthID parameter in your project.json file. For example:

  1. Generate a secure passkey that meets the required character requirements.

  2. Set the SUITECLOUD_CI_PASSKEY environment variable to the passkey you generated.

  3. Run account:setup:ci locally to authenticate the accounts you need for deployment and validation in the CI/CD environment.

    Note:

    Be sure to save the auth ID—you'll need it later.

    SuiteCloud SDK creates the credentials_ci.p12 file in the user's local home directory at: ~/.suitecloud-sdk/credentials_ci.p12. This file stores the auth ID (that is, your credentials) and is encrypted with the passkey from Step 1.

    Note:

    Do the next steps in your pipeline.

  4. Transfer the credentials securely. Upload the credentials_ci.p12 file to your CI/CD environment and place it in the CI/CD user's home directory: ~/.suitecoud-sdk/credentials_ci.p12. You might need to create the .suitecoud-sdk folder if it doesn't exist.

  5. Set the SUITECLOUD_CI environment variable to 1 in your CI/CD environment to enable the machine-to-machine authentication.

  6. Ensure the SUITECLOUD_CI_PASSKEY environment variable in your CI/CD environment matches the passkey you used to encrypt the credentials.

          project.json
{
  "defaultAuthId": "locallyCreatedAuthID"
}
Note:

Update the passkey regularly. Changing the passkey will invalidate your current credentials file, so you'll need to regenerate the credentials with the new passkey.

General Notices