API Endpoint - Encryption
Hi,
By default the the API endpoint is not encrypting traffic and thus anyone that follows the guides and examples you publish, will have their passwords send over plain text when accessing the API. Suggestion: document that fact. Like, in bold.
Secondly: I assume all API clients provided by 1Password (Kube, Golang, Python, Terraform, ...) support accessing the API over https?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Hi,
Thanks for highlighting that we weren't calling out that customers should be using a TLS gateway in front of the API if making it public. In addition the
1.2.0release includes support for enabling TLS at the container level and we will be publishing documentation on that soon.Secondly: I assume all API clients provided by 1Password (Kube, Golang, Python, Terraform, ...) support accessing the API over https?
Yes! All of our clients will interact properly over an https connection (Assuming that the client environment as the proper CA configuration to trust the API cert.)
0 -
Hi James,
Thanks, I tested it with a straightforward Ingress + LE cert and it worked all as expected.
0 -
Thanks for the update!
0 -
Hi,
Is there an update to when you will be publishing documentation for enabling TLS at the container level? Would this be instead of a TLS-secured API gateway?
Thanks,
0 -
HI 1PBusinessUser,
The documentation is being worked on presently, but the feature technically went live with the 1.2.0 release. Depending on your infrastructure and deployment preferences this can be an alternative to a TLS terminating Gateway.
I gave a preview tl;dr of using TLS at the container level in this thread
0
