I have a pipeline creating a few things. I'd like to add creation of a vault, too. The user I'm using for vault creation has been added to group with permission to create vaults ("Create Vaults") and nothing else.
vault_name="example-vault-name" session_token="obtained-earlier" op create vault "$vault_name" --allow-admins-to-manage true --account my-account --session $session_token
This works fine. However, the idea is that the user used in the pipeline should NOT have access to the vault contents. After a while the vault will be populated with sensitive data (access to individual users will be granted later manually) and I'd rather not have access to these.
Any suggestions? I do not want to elevate permissions of the user in the pipeline just to remove its own access to the newly created vault (I assume this would work).
I looked at secrets automation, too. Either I missed it or it's impossible to create vaults there.
1Password Version: 1.11.2
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided