Hello everyone! I am so excited to be managing our new multi-org setup! We have finally moved to a clean Dev, Staging, and Production environment structure and it is making our deployment pipeline so much safer!
However, I am running into a bit of a challenge with managing our OAuth Client Credentials. Right now, I am manually creating the clients in each org and then updating our middleware environment variables. Is there a way to automate this? I want to make sure our CI/CD pipeline can dynamically fetch or create these secrets as we promote code. Any advice from other multi-org enthusiasts out there would be amazing!
I am also a huge fan of the multi-org approach! It makes publishing our weekly schedules so much easier when we can test the WFM API integrations in staging first. We use the Genesys Cloud CLI for this. You can script the creation of OAuth clients and even assign the roles in one go.
It is a game changer for keeping the orgs in sync!
That is a great question and I would love to share our experience managing 15 different BYOC trunks across our global orgs! We actually use Terraform with the Genesys Cloud Provider for this exact reason. By defining your OAuth clients as code, you can ensure that the Client ID and Secret are handled securely using a backend vault like AWS Secrets Manager. You simply define the resource once and then use different variable files for your Dev, Staging, and Production environments.
This way, you do not have to worry about manual entry errors which can be very dangerous when dealing with security credentials. If you need some sample HCL code for the provider configuration, let me know and I can write up a detailed breakdown for you!
Use Terraform. It is the only way to avoid configuration drift across orgs. Manual creation will fail during your first major audit. Check the official provider documentation for the ‘genesyscloud_oauth_client’ resource.