How to access credential field via terraform?

SlurpsMadRips
SlurpsMadRips
Community Member
in Secrets Automation

I've finally gotten terraform provider working with 1Password's op-connect-api and op-connect-sync images, however when using a data source of onepassword_item, none of the fields returned by /v1/vaults/{vault-uuid}/items/{item-uuid} are actually available on the resulting item.

In my case I've got an API token of type: credential and when I successfully refresh the state, the following JSON output is given

{
  "category" = "custom"
  "database" = tostring(null)
  "hostname" = ""
  "id" = "vaults/(private)/items/(private)"
  "password" = tostring(null)
  "port" = tostring(null)
  "section" = tolist([])
  "tags" = tolist([])
  "title" = "Cloudflare Token"
  "type" = "bearer"
  "url" = tostring(null)
  "username" = ""
  "uuid" = "(private)"
  "vault" = "(private)"
}

You'll notice that the section key is just an empty list, there is no password, and I can't get to any of the actual credentials. However if I query /v1/vaults/{vault-uuid}/items/{item-uuid} I get the following output

{
  "id": "(private)",
  "title": "Cloudflare Token",
  "version": 2,
  "vault": {
    "id": "(private)"
  },
  "category": "API_CREDENTIAL",
  "fields": [
    {
      "id": "notesPlain",
      "type": "STRING",
      "purpose": "NOTES",
      "label": "notesPlain"
    },
    {
      "id": "username",
      "type": "STRING",
      "label": "username"
    },
    {
      "id": "credential",
      "type": "CONCEALED",
      "label": "credential",
      "value": "(private)"
    },
    {
      "id": "type",
      "type": "MENU",
      "label": "type",
      "value": "bearer"
    },
    {
      "id": "filename",
      "type": "STRING",
      "label": "filename"
    },
    {
      "id": "validFrom",
      "type": "DATE",
      "label": "valid from"
    },
    {
      "id": "expires",
      "type": "DATE",
      "label": "expires"
    },
    {
      "id": "hostname",
      "type": "STRING",
      "label": "hostname"
    }
  ],
  ...
}

My question is: is the terraform-provider-onepassword not able to be used for reading credentials at this time, or is there something wrong with how the object was created/sections generated? I'd have assumed that credential would be mapped to password, or at the very least the section key under onepassword_item would be filled out with the fields above.

Any help in this area would be greatly appreciated :sweat:

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • James_1P
    James_1P

    Hi,

    Currently the Terraform Provider only has support for login, password, and database item categories. API Credentials and other Item category support is something our team is working on.

This discussion has been closed.