How to get TOTP token from API connect server using Terraform?

darkvex
darkvex
Community Member
in Secrets Automation

Hi,

I've set up the API connect server and I'm trying to get a TOTP token from an item.
I can successfully retrieve it while using the API with curl but not via Terraform provider.

It's supported the retrieval of TOTP token via Terraform?

Below a sample TF manifest:

terraform {

  required_version = ">= 1.3.7"

  required_providers {

    onepassword = {
      source  = "1Password/onepassword"
      version = "1.1.4"
    }

  }
}

provider "onepassword" {
  url   = var.onepassword_endpoint
  token = var.onepassword_token

}

variable "onepassword_token" {
  sensitive = true
}

variable "onepassword_endpoint" {
  sensitive = true
}

data "onepassword_item" "test_token" {
  vault = "66qfxcm...."
  uuid  = "h7fhsftv...."
}

output "token_value_hostname" {
  value     = data.onepassword_item.test_token.hostname
  sensitive = true
}

output "token_value_username" {
  value     = data.onepassword_item.test_token.username
  sensitive = true
}

output "token_value_password" {
  value     = data.onepassword_item.test_token.password
  sensitive = true
}

output "token_value_otp" {
  value     = data.onepassword_item.test_token.otp
  sensitive = true
}

output "token_value_all" {
  value     = data.onepassword_item.test_token
  sensitive = true
}

but for otp output I receive the following error:

╷
│ Error: Unsupported attribute
│
│   on test.tf line 121, in output "token_value_otp":
│  121:   value = data.onepassword_item.test_token.otp
│
│ This object has no argument, nested block, or exported attribute named "otp".

and looking at terraform output of token_value_all the field is not present

 ➜ terraform output token_value_all
{
  "category" = "api_credential"
  "database" = tostring(null)
  "hostname" = "https://hostname.domain.tld:8006"
  "id" = "vaults/66qfxcm..../items/h7fhsftv...."
  "password" = "xxxxxxxxxx"
  "port" = tostring(null)
  "section" = tolist([])
  "tags" = tolist([
    "cloud-infra",
    "terraform",
  ])
  "title" = "test_token"
  "type" = tostring(null)
  "url" = tostring(null)
  "username" = "justarandomuser"
  "uuid" = "h7fhsftv...."
  "vault" = "66qfxcm...."
}

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided

Comments

  • darkvex
    darkvex
    Community Member

    I have found a workaround for achieve this, on Terraform manifest I have added:

    data "external" "test_token_otp" {
  program = [ "${path.module}/setup.sh" ]
}

    and this what setup.sh script does:

    #!/usr/bin/env bash

set -e

echo '{"otp": "'$(curl -s $OP_ENDPOINT/v1/vaults/66qfxcm..../items/h7fhsftv.... -H "Authorization: Bearer $OP_TOKEN" | jq '.fields[]| select(.label=="token") | .totp' | tr -d '"')'"}'
  • Jillian_1P
    Jillian_1P

    Currently, retrieval of a totp token is not supported by our terraform provider, however we appreciate the feedback and hope to add this functionality in the future. Also, appreciate you sharing your workaround, I'm sure this will help other folks running into the same issue :)

This discussion has been closed.