Using Machine-to-Machine Authentication for CI/CD Environments
Machine-to-machine authentication is a robust and efficient way to automate your CI/CD processes securely. To set it up, you need to configure environment variables and credentials. SuiteCloud SDK tools then handle secure authentication in your CI/CD pipeline, ensuring automated and protected processes.
You need two environment variables for machine-to-machine authentication:
SUITECLOUD_CI:
This variable enables the machine-to-machine authentication mechanism. Set it to 1 or any non-zero value to activate it.
SUITECLOUD_CI_PASSKEY
: This variable stores the passkey for your authentication credentials. Be sure to use a strong, alphanumeric string with 32-100 characters, and update it regularly for better security.
For more information, see Setting Up Environment Variables for SuiteCloud SDK Tools.
To be authenticated using machine-to-machine authentication:
To deploy or validate your project, ensure the auth ID you use matches the one in your credentials file from Step 3.
When you use SuiteCloud CLI for Node.js, ensure the project in your CI/CD pipeline uses the auth ID you created during the authentication setup (Step 3). The default auth ID for deployment or validation can't be changed through SuiteCloud CLI for Node.js in a pipeline. You may need to manually update the DefaultAuthID
parameter in your project.json
file. For example:
-
Generate a secure passkey that meets the required character requirements.
-
Set the
SUITECLOUD_CI_PASSKEY
environment variable to the passkey you generated. -
Run
account:setup:ci
locally to authenticate the accounts you need for deployment and validation in the CI/CD environment.Note:Be sure to save the auth ID—you'll need it later.
SuiteCloud SDK creates the
credentials_ci.p12
file in the user's local home directory at:~/.suitecloud-sdk/credentials_ci.p12
. This file stores the auth ID (that is, your credentials) and is encrypted with the passkey from Step 1.Note:Do the next steps in your pipeline.
-
Transfer the credentials securely. Upload the
credentials_ci.p12
file to your CI/CD environment and place it in the CI/CD user's home directory:~/.suitecoud-sdk/credentials_ci.p12
. You might need to create the.suitecoud-sdk
folder if it doesn't exist. -
Set the
SUITECLOUD_CI
environment variable to 1 in your CI/CD environment to enable the machine-to-machine authentication. -
Ensure the
SUITECLOUD_CI_PASSKEY
environment variable in your CI/CD environment matches the passkey you used to encrypt the credentials.
project.json
{
"defaultAuthId": "locallyCreatedAuthID"
}
Update the passkey regularly. Changing the passkey will invalidate your current credentials file, so you'll need to regenerate the credentials with the new passkey.