Strapi cli exports api tokens and admin users

setcooki · June 14, 2023, 11:56am

It does say in the docs:

Caution:

Admin users and API tokens are not exported.

Its not true. It does export all of that. How can i prevent it being exported?

setcooki · June 14, 2023, 12:12pm

I can actually see in the code base export command these lines:

      entities: [
        {
          filter(entity) {
            return !DEFAULT_IGNORED_CONTENT_TYPES.includes(entity.type);
          },
        },
      ],

And the ignored types are:

const DEFAULT_IGNORED_CONTENT_TYPES = [
  'admin::permission',
  'admin::user',
  'admin::role',
  'admin::api-token',
  'admin::api-token-permission',
  'admin::transfer-token',
  'admin::transfer-token-permission',
  'admin::audit-log',
];

my export command is:

strapi export --no-encrypt --only content

All the supposed entities in the ignore array are still exported!

setcooki · June 14, 2023, 12:28pm

turns out that strapi version 4.10.6 did export admin entities and 4.11 does not - if anybody cares

LuisAlaguna · June 20, 2023, 10:46am

It is better for security reasons. Nice to know they fixed it.