Per-User Firewall Rules
Hi! My team is investigating using 1Password CLI to access secrets that are used in a CI/CD process across many projects. In order to do this we would have one or more 1Password users (for automation only, not necessarily representing humans) that would sign in to the CLI tool to access the secrets. I'd like to have some guarantees that these users' credentials are only used in the context of this CI/CD process, and that they haven't been appropriated for some other purpose, or worse, stolen. One way we could potentially do this is with an IP address firewall rule, as our CI/CD computers sit behind a static IP, but it appears that it's not possible to create firewall rules in 1Password that are only applied to a subset of users. If I'm understanding this limitation correctly could this be added as a feature request? I would imagine that this would be generally useful for teams with multiple offices or many remote users, and not just for automation purposes. Thanks!
1Password Version: 7.6
Extension Version: Not Provided
OS Version: macOS
Sync Type: 1Password Teams
Comments
-
Hey @interstateone
Our integrations team would like to discuss this in more depth with you. To facilitate that could you please shoot us an email from the address associated with your business account to
support+forum@1password.com
, including a link to this thread (so you don't have to repeat yourself)? When you email in you'll get a support ID back from BitBot. Please post that ID here so we can 'connect the dots' and get you in touch with the appropriate resources.Thanks!
Ben
0 -
Thanks Ben!
[#FWM-75696-843]
0 -
Thank you. :)
Ben
ref: FWM-75696-843
0 -
Hi - was there any outcomes from this discussion that can be shared? As an earlier proponent of a CLI for 1P (and having used other solutions in the meantime for such teams), I'd like to revisit this one to see how 1P CLI can be used for CI/CD operations - so that 1P is truly the source of critical access information.
I am struggling to find examples that spell out how the usage can work, particularly for automated solutions like a build pipeline and this thread looked promising but doens't deliver any findings. If something can be shared, that would be helpful - or if there is something written up (like a tutorial) that would equally be useful.
0