Notification for changes to vault contents with secrets automation?
Is there a mechanism to be notified when a new item is added, or when an existing item is updated or deleted in a vault. Such as an email or webhook?
I am not expecting any details per say as to what was added/changed but just something to tell me there was a change. So that my server could use that notification to trigger a fresh of its secrets from that vault when using secrets automation. Because to avoid delays when lookup up the value of secrets all current secrets and their values are cached in memory. So I need a way to trigger my server to refresh that cache and sync secrets.
A webhook that just sends an empty request to a specified URL (customizable per vault) would be ideal, but even just a simple email notification can be turned into a webhook with the use of an external service.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided
Comments
-
Hi there!
If you are using Kubernetes, our kubernetes operator ( https://github.com/1Password/onepassword-operator) may be able to help you as it can automate rolling restarts of services so that the newer credentials are used.
Unfortunately, this is the only integration we have that solves this use case at this time, but I do love the idea of a webhook that can provide this information.
0 -
Kubernetes is way too overkill for my needs (and too confusing to setup). I got a simple DigitalOcean droplet (VM) that runs my site.
My app pulls the secrets and caches them into memory. I can repull the secrets and update them in memory at anytime with a simple shell command and right now I am running that via cron every 15min and with every new deployment. If there is an urgent need to update something right away I have to ssh in to run that command manually.
A web hook could simplify this as I could use that to trigger the app to repull the secrets instead of the cron approach which is wasteful as 99% of the time the secrets are the same and it lags behind when there actually is an update.
Please keep me up to date though if this gets added.
0