1Password on Mastodon

How to get TOTP token from API connect server using Terraform?

darkvexdarkvex
Community Member
in Secrets Automation

Hi,

I've set up the API connect server and I'm trying to get a TOTP token from an item.
I can successfully retrieve it while using the API with curl but not via Terraform provider.

It's supported the retrieval of TOTP token via Terraform?

Below a sample TF manifest:

terraform {

  required_version = ">= 1.3.7"

  required_providers {

    onepassword = {
      source  = "1Password/onepassword"
      version = "1.1.4"
    }

  }
}

provider "onepassword" {
  url   = var.onepassword_endpoint
  token = var.onepassword_token

}

variable "onepassword_token" {
  sensitive = true
}

variable "onepassword_endpoint" {
  sensitive = true
}

data "onepassword_item" "test_token" {
  vault = "66qfxcm...."
  uuid  = "h7fhsftv...."
}

output "token_value_hostname" {
  value     = data.onepassword_item.test_token.hostname
  sensitive = true
}

output "token_value_username" {
  value     = data.onepassword_item.test_token.username
  sensitive = true
}

output "token_value_password" {
  value     = data.onepassword_item.test_token.password
  sensitive = true
}

output "token_value_otp" {
  value     = data.onepassword_item.test_token.otp
  sensitive = true
}

output "token_value_all" {
  value     = data.onepassword_item.test_token
  sensitive = true
}

but for otp output I receive the following error:

╷
│ Error: Unsupported attribute
│
│   on test.tf line 121, in output "token_value_otp":
│  121:   value = data.onepassword_item.test_token.otp
│
│ This object has no argument, nested block, or exported attribute named "otp".

and looking at terraform output of token_value_all the field is not present

 ➜ terraform output token_value_all
{
  "category" = "api_credential"
  "database" = tostring(null)
  "hostname" = "https://hostname.domain.tld:8006"
  "id" = "vaults/66qfxcm..../items/h7fhsftv...."
  "password" = "xxxxxxxxxx"
  "port" = tostring(null)
  "section" = tolist([])
  "tags" = tolist([
    "cloud-infra",
    "terraform",
  ])
  "title" = "test_token"
  "type" = tostring(null)
  "url" = tostring(null)
  "username" = "justarandomuser"
  "uuid" = "h7fhsftv...."
  "vault" = "66qfxcm...."
}

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided

Comments

  • darkvexdarkvex
    Community Member

    I have found a workaround for achieve this, on Terraform manifest I have added:

    data "external" "test_token_otp" {
  program = [ "${path.module}/setup.sh" ]
}

    and this what setup.sh script does:

    #!/usr/bin/env bash

set -e

echo '{"otp": "'$(curl -s $OP_ENDPOINT/v1/vaults/66qfxcm..../items/h7fhsftv.... -H "Authorization: Bearer $OP_TOKEN" | jq '.fields[]| select(.label=="token") | .totp' | tr -d '"')'"}'

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Format
SpoilerCodeQuote
Heading 2Heading 1
Url
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file
Home Secrets AutomationComment As ...