Using 1Password integration from Puppet automation
This is for the benefit of anyone who uses Puppet to automate systems configuration and deployments, and needs to integrate with 1Password.
I have created a Puppet module (Puppet 6.x) that will use the the 1Password Connect API to retrieve and update secrets from within a Puppet manifest. This can retrieve both secrets and file attachments, and can create/update secrets, using an API key stored on the puppetmaster. There is also a class to allow management of local passwords (e.g. the root password) and automatically rotate this on a set frequency, updating the 1Password secret appropriately. You need to have an up-to-date OP-Connect installed, and the Partydrone 1Password Ruby SDK on your Puppetmaster.
Eventually this will go into PuppetForge but currently it is not quite polished enough, and also requires a patch to the 1Password Ruby SDK for it to work correctly with updates.
If anyone is interested in having a copy (and maybe improving on it), then fork it from github and please let me know.
-Steve
Connect Version: 1.5.2 or later
Ruby SDK Version: Partydrone 0.1.3 with patch or later
OS Version: Linux
Comments
-
This is awesome, thank you for sharing this!
0
