This guide to deploying external files was contributed by the awesome Eric Kintzer, Salesforce Architect at Helix, and Gearset Community Advisor.

Salesforce allows you to associate external files with objects in your org, e.g. a Sales-related document with an Opportunity in Salesforce. In Salesforce Classic, you could do this easily using the Google Docs, Notes, & Attachments related list. In Lightning Experience, however, you need to use the Files Connect feature with external data sources. Salesforce offers support for several external data sources, including Box, Sharepoint, OneDrive, and Google Drive. So how do you use Gearset to deploy these associated external files?

For this article, we'll use Google Drive as the example for deploying external files from a source, such as your dev org, to target orgs.

Prerequisites

In your dev org, follow the instructions for setting up Files Connect as per the Salesforce Files Connect help documentation. And, of course, test that it all works.

Before running the Gearset deployment, you need to have the Files Connect Cloud permission for each target org. Here's how:

  • Create a permission set, e.g. called "Files Connect", which includes only this permission.

  • Deploy the permission set to each of your target environments.

  • Assign the "Files Connect" permission set to yourself as the user running the deployment.

Without these permissions in place, you're likely to hit a deployment error when you deploy the associated file. But once you deploy these permissions to your target environments, you're ready to proceed with the deployments.

Components of the deployment

Now that you're ready to deploy, the following are the metadata components you need to include in your deployment:

  • The AuthProvider (e.g. GoogleDrive)

  • The external data source (e.g. GoogleDrive)

  • The external object (e.g. items_GoogleDrive__x) corresponding to the external data source

  • A permission set (e.g. GoogleDrive) granting at a minimum these permissions:

    • The external data source

    • Custom object permission: Read access to the external object

    • Custom field permission: Read access for every field on the external object

  • Custom tab (optional) for the external object

  • Any layouts that don't already have the Files related list.

Before running the deployment, you may want to exclude your sensitive Google Drive AuthProvider details. The following section explains how to do this.

Keeping your Auth provider details secure

In XML form, your Auth provider for Google Drive will look something like the following. Note the sensitive consumerSecret element:

The Salesforce Metadata API extracts the consumerSecret and exposes it as plain text. This would be a problem if you were deploying it to version control instead of an org, as you would then expose this secret.

One way to avoid this security risk is to temporarily change the consumerSecret before you deploy, replacing the details inside the consumerSecret element with a placeholder. In the example below, the details have been replaced with "get-from-it":

After you've deployed, you can manually add the consumerSecret to the target org(s).

Alternatively, you can exclude AuthProvider altogether from the deployment. In that case, you'd then have to manually configure the AuthProvider object in each target org, making sure it has the same API version name everywhere, such as <AuthProvider xmlns="http://soap.sforce.com/2006/04/metadata> in the example shown above.

Post-deployment

After you've deployed the external files to your target orgs, remember to give all relevant users access to these files by assigning the GoogleDrive permission to them.

Did this answer your question?