Execution Context for Secure Credentials Storage

The execution context in SuiteCloud SDK controls the way authentication and credential management work. It is used by the SuiteCloud SDK tools to determine the following:

The authentication option that you are allowed to use, either browser-based authentication or machine-to-machine authentication
The credentials file used to store authentication details and perform operations that require authentication
The passkey used to encrypt and decrypt the credentials file

The environment variables set in your machine and the availability of secure storage are used to determine the execution context. You can set up one or more of the following environment variables (or none of them, if you want to use the default execution context).

SUITECLOUD_FALLBACK_PASSKEY – Used to store the passkey to encrypt and decrypt the credentials_browser_based.p12 file when you are using browser-based authentication in fallback mode.
SUITECLOUD_CI – Used to indicate that you want to run operations in a CI/CD environment using machine-to-machine authentication.
SUITECLOUD_CI_PASSKEY – Used to store the passkey to encrypt and decrypt the credentials_ci.p12 file when you are using machine-to-machine authentication.

The following table shows the conditions used to determine the execution context, and how each execution context works.

Execution Context	Conditions	Description
Browser-based context (default)	Secure storage is available. None of these three environment variables is set: `SUITECLOUD_FALLBACK_PASSKEY`, `SUITECLOUD_CI_PASSKEY`, `SUITECLOUD_CI`.	Allows browser-based authentication. This is the default execution context. It is meant to be used on a user machine. Uses the `credentials_browser_based.p12` credentials file. Uses the auto-generated passkey stored in the machine's secure storage to unlock the credentials file. This passkey is automatically refreshed when the token changes. Allows all other operations, except for machine-to-machine authentication.
Browser-based fallback context	Secure storage is unavailable. Only `SUITECLOUD_FALLBACK_PASSKEY` is set.	Allows browser-based authentication. This execution context is meant to be used when secure storage is unavailable on a user machine. Uses the `credentials_browser_based.p12` credentials file. Uses the passkey defined in the `SUITECLOUD_FALLBACK_PASSKEY` environment variable to unlock the credentials file. This passkey is not automatically refreshed and must be manually updated. Allows all other operations, except for machine-to-machine authentication.
Machine-to-machine authentication setup context	Only `SUITECLOUD_CI_PASSKEY` is set.	Allows machine-to-machine authentication. This execution context can be used to set up and manage authentication IDs that will be used in a CI/CD environment. Uses the `credentials_ci.p12` credentials file. Uses the passkey defined in the `SUITECLOUD_CI_PASSKEY` environment variable to unlock the credentials file. This passkey is not automatically refreshed and must be manually updated. Only allows operations for management of authentication IDs.
Machine-to-machine context	Only `SUITECLOUD_CI` and `SUITECLOUD_CI_PASSKEY` are set.	Allows machine-to-machine authentication. This execution context is meant to be used in a CI/CD environment. Uses the `credentials_ci.p12` credentials file. Uses the passkey defined in the `SUITECLOUD_CI_PASSKEY` environment variable to unlock the credentials file. This passkey is not automatically refreshed and must be manually updated. Allows all other operations, except for browser-based authentication.

Execution Context

Conditions

Description

Browser-based context (default)

Secure storage is available.

None of these three environment variables is set: SUITECLOUD_FALLBACK_PASSKEY, SUITECLOUD_CI_PASSKEY, SUITECLOUD_CI.

Allows browser-based authentication.
This is the default execution context. It is meant to be used on a user machine.
Uses the credentials_browser_based.p12 credentials file.
Uses the auto-generated passkey stored in the machine's secure storage to unlock the credentials file. This passkey is automatically refreshed when the token changes.
Allows all other operations, except for machine-to-machine authentication.

Browser-based fallback context

Secure storage is unavailable.

Only SUITECLOUD_FALLBACK_PASSKEY is set.

Allows browser-based authentication.
This execution context is meant to be used when secure storage is unavailable on a user machine.
Uses the credentials_browser_based.p12 credentials file.
Uses the passkey defined in the SUITECLOUD_FALLBACK_PASSKEY environment variable to unlock the credentials file. This passkey is not automatically refreshed and must be manually updated.
Allows all other operations, except for machine-to-machine authentication.

Machine-to-machine authentication setup context

Only SUITECLOUD_CI_PASSKEY is set.

Allows machine-to-machine authentication.
This execution context can be used to set up and manage authentication IDs that will be used in a CI/CD environment.
Uses the credentials_ci.p12 credentials file.
Uses the passkey defined in the SUITECLOUD_CI_PASSKEY environment variable to unlock the credentials file. This passkey is not automatically refreshed and must be manually updated.
Only allows operations for management of authentication IDs.

Machine-to-machine context

Only SUITECLOUD_CI and SUITECLOUD_CI_PASSKEY are set.

Allows machine-to-machine authentication.
This execution context is meant to be used in a CI/CD environment.
Uses the credentials_ci.p12 credentials file.
Uses the passkey defined in the SUITECLOUD_CI_PASSKEY environment variable to unlock the credentials file. This passkey is not automatically refreshed and must be manually updated.
Allows all other operations, except for browser-based authentication.

If your setup does not match any of the conditions listed in the preceding table, it is considered to be in an invalid execution context.

Related Topics