how can I create multiple secrets from the same vault using deployment annotations

Options
smutoni
smutoni
Community Member
in Secrets Automation

I am trying to create two different secrets located in the same vault. The deployment is only creating one secret instead of both. how can I create more than one secret using 1password annotations: please see the deployment annotations am using below:

apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
operator.1password.io/item-path: "vaults/test-k8s-cluster/items/nine-nine-test-secret"
operator.1password.io/item-name: "nine-nine-test-secret"
operator.1password.io/item-path: "vaults/test-k8s-cluster/items/demo-micro-configuration"
operator.1password.io/item-name: "demo-micro-configuration"

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided
Referrer: forum-search:how can I create multiple secrets from the same vault using deployment annotations

Comments

  • eddy_1P
    eddy_1P
    Options

    Hey @smutoni,

    At this moment I'm afraid it's not possible to create more than one secret using the operator's annotations.
    We appreciate the feedback and we've filed this issue on GitHub future monitoring.
    What is your use case that requires to provide more that one secret from 1Password as annotations to your deployment?

    In the meantime, as a workaround, you can create OnePasswordItem CRDs for the items that you want to use in your infrastructure. This can be beneficial since you'd no longer need to look for the deployment that creates the secrets if multiple ones use the same secret. Check this documentation to see how such resource can be created.

    For your two items, they'd look like this:

    apiVersion: onepassword.com/v1
kind: OnePasswordItem
metadata:
  name: "nine-nine-test-secret" #this name will also be used for naming the generated kubernetes secret
spec:
  itemPath: "vaults/test-k8s-cluster/items/nine-nine-test-secret"

    apiVersion: onepassword.com/v1
kind: OnePasswordItem
metadata:
  name: "demo-micro-configuration" #this name will also be used for naming the generated kubernetes secret
spec:
  itemPath: "vaults/test-k8s-cluster/items/demo-micro-configuration"

    Does this help you in enabling you to have a deployment use secrets from multiple items from 1Password?

This discussion has been closed.