You must observe the following requirements when you create your script:
- The variable declaration must be on a separate line, but this can be anywhere in your script.
- The entire variable declaration, including the secret or value, must be a single-line string. If the secret or value is currently a multi-lined string, you must resolve it to a single line before including it in your script.
- Inline comments must not be included in the variable declaration. Add any comments on the line above or below the variable declaration.
- The variable name must be unique and cannot be reused elsewhere in the script. The same variable name can be used in other scripts, but you will need to tell us about each script it is used in.
You can reference an environment-specific secret or value in your scripts as follows:
- Update your script in the Development environment to declare the variable and required value. For example, include a declaration as follows:var mySecret = "abcd1234";
Raise a Configuration Promotion ticket with the following details:
- The name of the variable.
- The name of the script the variable is being used in.
- The name of the realm where the script is located.
- The value for this variable in each environment. You can provide encrypted values if required; the ForgeRock support engineer can provide instructions for doing this in the ticket if requested.
var name: mySecret Script name: myScript Realm: alpha Value in Development: abcd1234 Value in Staging: 4321dcba Value in Production: efghij567890!
ForgeRock will then securely register these secrets or values in each environment, and the script will be auto-updated with the environment-specific values when we promote your configuration changes.
Please note the following:
You will still see the actual secret or decrypted value in the script if you look in the Admin UI, but this will not be exposed within the node. Operationally, this is replaced with a pointer to the secret value that is parsed when the script needs to be run or edited in the UI, etc.
You must tell us if the value changes in any of your environments, so we can update the stored values accordingly.