CI CD Setup for Salesforce with JWT Authorisation Flow - EKWIS

Description

How to authenticate Salesforce with JWT and OpenSSL. Useful for setting up CI/CD Pipelines for automating repetitive tasks.

Salesforce docs: Salesforce Developers

Create certificates and keys locally using OpenSSL

The first step is to create a self-signed certificate and private key the certificate will be used when we create a Connected App in Salesforce later in the process.

If your operating system is Windows, you have to install OpenSSL before you attempt these commands. In Linux, you don’t have to install anything. Just execute the commands.

The Process

In your terminal/command prompt, type the following commands. This creates the private key named ‘server.key’ and a file named ‘server.pass.key’ which can be deleted once the formed is generated.

openssl genpkey -des3 -algorithm RSA -pass pass:SomePassword -out server.pass.key -pkeyopt rsa_keygen_bits:2048

openssl rsa -passin pass:SomePassword -in server.pass.key -out server.key

Next, type the following command in the terminal/command prompt to generate the ‘server.csr’

Youll be asked to input some basic details about your organisation, when it prompts you for a password just press Enter.

openssl req -new -key server.key -out server.csr

Now, type the following command in the terminal/command prompt to generate the ‘server.crt

openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt

Create a Connected App to Authenticate Against

In this step, we will create a new Connected App for the CI/CD process to authorize using the certificate that we created earlier in the process.

  1. Log in to your Salesforce Org
  2. Navigate to Setup -> Apps -> App Manager
  3. Click New Connected App
    • Connected App Name = My New App Name
    • Contact Email = any@emailaddress.com
    • Enable OAuth Settings = true
    • Callback URL = http://localhost:1717/OauthRedirect
    • Use digital signatures = true
    • Upload the server.crt file from your local machine
    • Selected OAuth scopes:
      • Access and manage your data (api)
      • Perform requests on your behalf at any time (refresh_token, offline_access)
      • Provide access to your data via the Web (web)
  • Require Secret for Web Server Flow = true
  1. Click the Manage button on the connected app, set the following and save.
    • Permitted Users: Admin-approved users are pre-authorized
  2. After saving the permitted users, scroll down to the Profiles related list and click the Manage Profiles button.
  3. Add the System Administrator profile or equivalent profile that your user is setup with.

Test the setup has worked on your local machine

Run the below command with the variables replaced on your local machine to test if the setup has worked or not. Once successfully we are ready to use this in a CI/CD pipeline.

sfdx force:auth:jwt:grant --clientid <Consumer Key from connected app> --jwtkeyfile <path to server.key> --username <UserName in profile authenticated above> --instanceurl <Salesforce login URL>

Leave Your Reply

Your email address will not be published. Required fields are marked *