Secrets management (Cloud, K8s, etc)
We have used the 1password operator in k8s... It is cumbersome as far as resources. It is also limited to a single vault. This means that common secrets need to be replicated across the Secrets Automation vaults.
OP injection seems to be the answer... Protect a token and whatever vault the service account has rights to is ripe for using. BUT... the rate limiting is a HUGE factor. A single vault might be 1 call, but using multiple vaults counts as a call for each access to the vault. If you scale that over every running POD that uses injection... the 50,000 daily calls is easily exceeded. Then everything STOPS working until the 24 hours expires, only to repeat. Not to mention, when the daily limit is reached, it is EVERY service account blocked AND the error no longer has information such as how many seconds to restore service.
Is there a billing option to bypass this restriction? Is there a plan to trim the operator CPU and memory usage and to allow it to access more than 1 vault?
We will use this (or planned to) in production if we can overcome this... Preferred injection at the moment.
op CLI - 2.28.0
1Password Version: 8.10.32
Extension Version: 2.23.3
OS Version: Sonoma 14.5
Browser: Brave