1. SuiteCloud Platform
  2. SuiteCloud SDK
  3. SuiteCloud SDK Overview
  4. SuiteCloud SDK Overview
  5. Secure Credentials Storage for SuiteCloud SDK
  6. Using Machine-to-Machine Authentication for CI/CD Environments

Using Machine-to-Machine Authentication for CI/CD Environments

Machine-to-machine authentication is a robust and efficient way to automate CI/CD processes securely. To set it up, you need to configure environment variables and credentials. The SuiteCloud SDK tools then handle secure authentication within the CI/CD pipeline, ensuring automated and protected processes.

Note:

Two environment variables are required for the machine-to-machine authentication process:

SUITECLOUD_CI: This variable enables the machine-to-machine authentication mechanism. Set it to 1 or any non-zero value to activate this feature.

SUITECLOUD_CI_PASSKEY: This variable stores the passkey used to secure authentication credentials. It is essential to use a strong, alphanumeric string with 32-100 characters. To enhance security, update this passkey regularly.

For more information, see Setting Up Environment Variables for SuiteCloud SDK Tools.

To be authenticated using machine-to-machine authentication:

To deploy or validate your project, ensure the auth ID used for these actions matches the one in your credentials file, which was set in Step 3.

When using SuiteCloud CLI for Node.js, ensure the project in your CI/CD pipeline uses the auth ID created during the authentication setup (Step 3). Note that the default auth ID for deployment or validation cannot be changed through SuiteCloud CLI for Node.js in a pipeline. You may need to manually update the DefaultAuthID parameter in your project.json file. For example:

  1. Generate a secure passkey that meets the required character specifications.

  2. Set the SUITECLOUD_CI_PASSKEY environment variable to the passkey you generated.

  3. Run account:setup:ci locally to authenticate the necessary accounts for deployment and validation in the CI/CD environment.

    Note:

    Take note of the auth ID as it will be used later.

    SuiteCloud SDK creates the credentials_ci.p12 credentials file in the user's local home directory under the path: ~/.suitecloud-sdk/credentials_ci.p12. This file stores the auth ID (that is, the credentials) and is encrypted with the passkey generated in Step 1.

    Note:

    The next steps are to be done in the pipeline.

  4. Transfer the credentials securely. Upload the credentials_ci.p12 file to your CI/CD environment, placing it in the CI/CD user's home directory: ~/.suitecoud-sdk/credentials_ci.p12. You may need to create the .suitecoud-sdk folder if it doesn't exist.

  5. Set the SUITECLOUD_CI environment variable to 1 in the CI/CD environment to enable the machine-to-machine authentication.

  6. Ensure the SUITECLOUD_CI_PASSKEY environment variable in the CI/CD environment matches the passkey used for credentials encryption.

          project.json
{
  "defaultAuthId": "locallyCreatedAuthID"
}
Note:

Update the passkey regularly. Changing the passkey will invalidate the current credentials file. You'll need to regenerate the credentials with the new passkey.

General Notices