op signin timeout

sandinak
sandinak
Community Member
in CLI

We're exploring using op as part of a lookup in ansible to store credentials. However one major hangup we're having is the 30 minute timeout. Some of our playbooks take well over 30 minutes .. and so the shell where the operator runs op singin .. has a more than even chance of timing out before ansible actually gets to the inventory/task/playbook. We'd like to set a longer default timeout for this .. or .. tie the signin to the mini-helper app which is "Refreshed" far more frequently.

1Password Version: 7.3
Extension Version: Not Provided
OS Version: 10.15.5
Sync Type: 1pw_cloud/icloud
Referrer: forum-search:op signin timeout

Comments

  • mickael
    mickael
    Community Member

    @sandinak see https://discussions.agilebits.com/discussion/103514/session-duration-management for how to refresh the timeout.

    and https://discussions.agilebits.com/discussion/82972/ansible-lookup-plugin may have useful infos also for you use case.

  • cohix
    cohix
    1Password Alumni

    Thanks for jumping in @mickael !

  • sandinak
    sandinak
    Community Member

    This is good stuff.
    We'll checkout the plugins which looks nice .. but implies we'd have to put our local master password into ansible inventory or redesign to expand facts into all playbooks that are "imported" .. and even with ansible_vaulting that doth maketh my hair (singular..) stand straight up given it's a single password for a vault. I'll play with this to see if we can design a way to pull a full vault of information at startup and extend ( I have also played with ANSIBLE_VAULT_PASSWORD_FILE as an exe that calls pass to pull locally gpg'd information .. but my $DIETY thats' going around my feet to get to my elbow. )

    I'd be really nice to be able to manage the timeout directly so we dont' have to deal with calling the refresh w/in 30 min. ( I've got a few playbook sets that run for hours )

    Even better would be an API that hits the mini-tool and extend onepassword_facts to use that vs the CLI .. so that the accessibility is tied to the already builtin locking management. Eg .. if locked: run ansible .. onepassword_facts ... ansible pauses for auth.. window-pop noting who's requesting .. fingerprint .. onepassword_facts dumps vault into namespace .. etc. If not locked .. run ansible .. facts pulled .. happy happy joy joy.

  • cohix
    cohix
    1Password Alumni

    @sandinak thanks for our thoughts, and I know this is a long walk for a short drink of water, and we are working on some plans to make these use-cases better.

This discussion has been closed.