> adobe-multi-env-setup
Configure Adobe OAuth credentials and API access across development, staging, and production environments with separate Developer Console projects, secret managers, and environment-specific scoping. Trigger with phrases like "adobe environments", "adobe staging", "adobe dev prod", "adobe environment setup", "adobe config by env".
curl "https://skillshub.wtf/jeremylongshore/claude-code-plugins-plus-skills/adobe-multi-env-setup?format=md"Adobe Multi-Environment Setup
Overview
Configure Adobe APIs across development, staging, and production environments using separate Developer Console projects, environment-specific OAuth credentials, and cloud-native secret management.
Prerequisites
- Adobe Developer Console access (admin or developer role)
- Secret management solution (GCP Secret Manager, AWS Secrets Manager, or Vault)
- CI/CD pipeline with environment variable injection
Instructions
Step 1: Create Separate Developer Console Projects
Adobe best practice: one Developer Console project per environment with separate OAuth credentials.
| Environment | Console Project | Scopes | Product Profile |
|---|---|---|---|
| Development | my-app-dev | openid,AdobeID | Dev sandbox |
| Staging | my-app-staging | openid,AdobeID,firefly_api | Staging profile |
| Production | my-app-prod | openid,AdobeID,firefly_api,ff_apis | Production profile |
Step 2: Environment Configuration Files
// src/config/adobe.ts
interface AdobeEnvConfig {
imsEndpoint: string; // Same across all envs
fireflyEndpoint: string; // Same across all envs
photoshopEndpoint: string; // Same across all envs
scopes: string; // Different per env (least privilege)
retries: number;
timeoutMs: number;
cache: { enabled: boolean; ttlMs: number };
}
const configs: Record<string, AdobeEnvConfig> = {
development: {
imsEndpoint: 'https://ims-na1.adobelogin.com',
fireflyEndpoint: 'https://firefly-api.adobe.io',
photoshopEndpoint: 'https://image.adobe.io',
scopes: 'openid,AdobeID', // Minimal scopes for dev
retries: 1, // Fast failure in dev
timeoutMs: 15_000,
cache: { enabled: false, ttlMs: 0 }, // No cache in dev
},
staging: {
imsEndpoint: 'https://ims-na1.adobelogin.com',
fireflyEndpoint: 'https://firefly-api.adobe.io',
photoshopEndpoint: 'https://image.adobe.io',
scopes: 'openid,AdobeID,firefly_api',
retries: 3,
timeoutMs: 30_000,
cache: { enabled: true, ttlMs: 60_000 },
},
production: {
imsEndpoint: 'https://ims-na1.adobelogin.com',
fireflyEndpoint: 'https://firefly-api.adobe.io',
photoshopEndpoint: 'https://image.adobe.io',
scopes: 'openid,AdobeID,firefly_api,ff_apis',
retries: 5,
timeoutMs: 60_000,
cache: { enabled: true, ttlMs: 300_000 },
},
};
export function getAdobeConfig(): AdobeEnvConfig & { clientId: string; clientSecret: string } {
const env = process.env.NODE_ENV || 'development';
const config = configs[env] || configs.development;
return {
...config,
clientId: process.env.ADOBE_CLIENT_ID!,
clientSecret: process.env.ADOBE_CLIENT_SECRET!,
};
}
Step 3: Secret Management per Environment
# --- Local Development ---
# .env.local (git-ignored)
ADOBE_CLIENT_ID=dev-client-id-from-console
ADOBE_CLIENT_SECRET=p8_dev_secret
ADOBE_SCOPES=openid,AdobeID
# --- GCP Secret Manager ---
# Create secrets for staging and production
gcloud secrets create adobe-client-id-staging --data-file=- <<< "staging-client-id"
gcloud secrets create adobe-client-secret-staging --data-file=- <<< "p8_staging_secret"
gcloud secrets create adobe-client-id-prod --data-file=- <<< "prod-client-id"
gcloud secrets create adobe-client-secret-prod --data-file=- <<< "p8_prod_secret"
# Grant service account access
gcloud secrets add-iam-policy-binding adobe-client-secret-prod \
--member="serviceAccount:my-app@project.iam.gserviceaccount.com" \
--role="roles/secretmanager.secretAccessor"
# --- AWS Secrets Manager ---
aws secretsmanager create-secret \
--name adobe/staging/credentials \
--secret-string '{"client_id":"...","client_secret":"p8_staging_..."}'
aws secretsmanager create-secret \
--name adobe/production/credentials \
--secret-string '{"client_id":"...","client_secret":"p8_prod_..."}'
# --- HashiCorp Vault ---
vault kv put secret/adobe/staging client_id="..." client_secret="p8_staging_..."
vault kv put secret/adobe/production client_id="..." client_secret="p8_prod_..."
Step 4: CI/CD Environment Matrix
# .github/workflows/deploy.yml
jobs:
deploy:
strategy:
matrix:
environment: [staging, production]
environment: ${{ matrix.environment }}
runs-on: ubuntu-latest
env:
NODE_ENV: ${{ matrix.environment }}
ADOBE_CLIENT_ID: ${{ secrets[format('ADOBE_CLIENT_ID_{0}', matrix.environment)] }}
ADOBE_CLIENT_SECRET: ${{ secrets[format('ADOBE_CLIENT_SECRET_{0}', matrix.environment)] }}
steps:
- uses: actions/checkout@v4
- run: npm ci && npm test
- name: Verify Adobe credentials for ${{ matrix.environment }}
run: |
HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" -X POST \
'https://ims-na1.adobelogin.com/ims/token/v3' \
-d "client_id=${ADOBE_CLIENT_ID}&client_secret=${ADOBE_CLIENT_SECRET}&grant_type=client_credentials&scope=openid,AdobeID")
if [ "$HTTP_CODE" != "200" ]; then
echo "::error::Adobe credential validation failed for ${{ matrix.environment }}"
exit 1
fi
- run: npm run deploy:${{ matrix.environment }}
Step 5: Environment Safety Guard
// Prevent accidental production operations in non-prod
function requireEnvironment(required: string): void {
const current = process.env.NODE_ENV || 'development';
if (current !== required) {
throw new Error(
`Operation requires ${required} environment, currently running in ${current}`
);
}
}
// Usage: guard dangerous operations
async function deleteAllCachedAssets() {
requireEnvironment('production');
// ... actual deletion logic
}
Output
- Separate Developer Console projects per environment
- Environment-aware configuration with least-privilege scoping
- Cloud-native secret management for credentials
- CI/CD pipeline with per-environment credential injection
- Safety guards preventing cross-environment operations
Error Handling
| Issue | Cause | Solution |
|---|---|---|
invalid_scope in staging | Scope not in staging project | Add API to staging Console project |
| Wrong credentials deployed | Environment mismatch | Verify NODE_ENV matches secret path |
| Secret access denied | Missing IAM binding | Grant secretAccessor role |
| Config merge fails | Missing env config file | Ensure all environments defined |
Resources
Next Steps
For observability setup, see adobe-observability.
> related_skills --same-repo
> fathom-cost-tuning
Optimize Fathom API usage and plan selection. Trigger with phrases like "fathom cost", "fathom pricing", "fathom plan".
> fathom-core-workflow-b
Sync Fathom meeting data to CRM and build automated follow-up workflows. Use when integrating Fathom with Salesforce, HubSpot, or custom CRMs, or creating automated post-meeting email summaries. Trigger with phrases like "fathom crm sync", "fathom salesforce", "fathom follow-up", "fathom post-meeting workflow".
> fathom-core-workflow-a
Build a meeting analytics pipeline with Fathom transcripts and summaries. Use when extracting insights from meetings, building CRM sync, or creating automated meeting follow-up workflows. Trigger with phrases like "fathom analytics", "fathom meeting pipeline", "fathom transcript analysis", "fathom action items sync".
> fathom-common-errors
Diagnose and fix Fathom API errors including auth failures and missing data. Use when API calls fail, transcripts are empty, or webhooks are not firing. Trigger with phrases like "fathom error", "fathom not working", "fathom api failure", "fix fathom".