hardis:org:refresh:before-refresh
Description
Command Behavior
Backs up all Connected Apps and their secrets from a Salesforce org before a sandbox refresh, enabling full restoration after the refresh.
This command is essential for Salesforce sandbox refresh operations where Connected Apps (and their Consumer Secrets) would otherwise be lost. It automates the extraction, secure storage, and (optionally) deletion of Connected Apps, ensuring that all credentials and configuration can be restored post-refresh.
Key functionalities:
- Connected App Discovery: Lists all Connected Apps in the org, with options to filter by name or process all.
- User Selection: Allows interactive or flag-based selection of which Connected Apps to back up.
- Metadata Retrieval: Retrieves Connected App metadata and saves it in a dedicated project folder for the sandbox instance.
- Consumer Secret Extraction: Attempts to extract Consumer Secrets automatically using browser automation (Puppeteer), or prompts for manual entry if automation fails.
- Config Persistence: Stores the list of selected apps in the project config for use during restoration.
- Optional Deletion: Can delete the Connected Apps from the org after backup, as required for re-upload after refresh.
- Summary and Reporting: Provides a summary of actions, including which apps were saved and whether secrets were captured.
This command is part of sfdx-hardis Sandbox Refresh and is designed to be run before a sandbox refresh. It ensures that all Connected Apps and their secrets are safely stored for later restoration.
Technical explanations
- Salesforce CLI Integration: Uses
sf org list metadataand other CLI commands to discover and retrieve Connected Apps. - Metadata Handling: Saves Connected App XML files in a dedicated folder under
scripts / sandbox - refresh / <sandbox-folder >. - Consumer Secret Handling: Uses Puppeteer to automate browser login and extraction of Consumer Secrets, falling back to manual prompts if needed.
- Config Management: Updates
config /.sfdx - hardis.ymlwith the list of selected apps for later use. - Deletion Logic: Optionally deletes Connected Apps from the org (required for re-upload after refresh), with user confirmation unless running in CI or with
--deleteflag. - Error Handling: Provides detailed error messages and guidance if retrieval or extraction fails.
Parameters
| Name | Type | Description | Default | Required | Options |
|---|---|---|---|---|---|
| all -a |
boolean | If set, all Connected Apps from the org will be processed. Takes precedence over --name if both are specified. | |||
| delete -d |
boolean | By default, Connected Apps are not deleted from the org after saving. Set this flag to force their deletion so they will be able to be reuploaded again after refreshing the org. | |||
| flags-dir | option | undefined | |||
| json | boolean | Format output as json. | |||
| name -n |
option | Connected App name(s) to process. For multiple apps, separate with commas (e.g., "App1,App2") | |||
| skipauth | boolean | Skip authentication check when a default username is required | |||
| target-org -o |
option | undefined | |||
| websocket | option | Websocket host:port for VsCode SFDX Hardis UI integration |
Examples
$ sf hardis:org:refresh:before-refresh
$ sf hardis:org:refresh:before-refresh --name "MyConnectedApp"
$ sf hardis:org:refresh:before-refresh --name "App1,App2,App3"
$ sf hardis:org:refresh:before-refresh --all
$ sf hardis:org:refresh:before-refresh --delete