I can't get password by using 1password/load-secrets-action (github action)

hyeongkyu
hyeongkyu
Community Member
edited May 2023 in Secrets Automation

https://github.com/1Password/load-secrets-action

I made a workflow of github action as shown in the link above. I was expecting a masked secret with export-env as true, but only an empty value with secret. Is there a reason for this issue?

I put OP_CONNECT_HOST and OP_CONNECT_TOKEN correctly. In addition, this host and token are used elsewhere, and they work correctly there, so there is no particular problem with the server of the 1password connection.

I wonder why one password secret cannot be invoked only from this load-secret-action.

I attached by test code below.

jobs:
test_job:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Configure 1Password Connect
uses: 1password/load-secrets-action/configure@v1
with:
connect-host: ${{ secrets.CONNECT_HOST }}
- name: Load secrets
uses: 1password/load-secrets-action@v1
id: onepassword
with:
export-env: true
env:
OP_CONNECT_TOKEN: ${{ secrets.CONNECT_TOKEN }}
DATADOG_API_KEY: op://Vault-Data-Infra-Deploy/[Datadog] API Key/password
- name: Print masked secret
run : |
echo "Secret: $DATADOG_API_KEY"

thanks,
hyeongkyu

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided

Comments

  • Jillian_1P
    Jillian_1P
    edited May 2023

    Hi there! The secret reference you are using for DATADOG_API_KEY contains characters that are invalid for use with secret references. The characters are [ and ]. There are two potential workarounds here:

    • remove the offending characters
    • use the item id in the reference rather than the item name

    For more information on what syntax is acceptable see the documentation

This discussion has been closed.