Per-User Firewall Rules

Hi! My team is investigating using 1Password CLI to access secrets that are used in a CI/CD process across many projects. In order to do this we would have one or more 1Password users (for automation only, not necessarily representing humans) that would sign in to the CLI tool to access the secrets. I'd like to have some guarantees that these users' credentials are only used in the context of this CI/CD process, and that they haven't been appropriated for some other purpose, or worse, stolen. One way we could potentially do this is with an IP address firewall rule, as our CI/CD computers sit behind a static IP, but it appears that it's not possible to create firewall rules in 1Password that are only applied to a subset of users. If I'm understanding this limitation correctly could this be added as a feature request? I would imagine that this would be generally useful for teams with multiple offices or many remote users, and not just for automation purposes. Thanks!


1Password Version: 7.6
Extension Version: Not Provided
OS Version: macOS
Sync Type: 1Password Teams

Comments

  • Hey @interstateone

    Our integrations team would like to discuss this in more depth with you. To facilitate that could you please shoot us an email from the address associated with your business account to support+forum@1password.com, including a link to this thread (so you don't have to repeat yourself)? When you email in you'll get a support ID back from BitBot. Please post that ID here so we can 'connect the dots' and get you in touch with the appropriate resources.

    Thanks!

    Ben

  • interstateone
    interstateone
    Community Member

    Thanks Ben!

    [#FWM-75696-843]

  • Thank you. :)

    Ben

    ref: FWM-75696-843

  • 365nice
    365nice
    Community Member

    Hi - was there any outcomes from this discussion that can be shared? As an earlier proponent of a CLI for 1P (and having used other solutions in the meantime for such teams), I'd like to revisit this one to see how 1P CLI can be used for CI/CD operations - so that 1P is truly the source of critical access information.

    I am struggling to find examples that spell out how the usage can work, particularly for automated solutions like a build pipeline and this thread looked promising but doens't deliver any findings. If something can be shared, that would be helpful - or if there is something written up (like a tutorial) that would equally be useful.

  • @365nice

    Not much additional to say at this stage I'm afraid. We do recognize the potential for 1Password to assist with CI/CD but we do not have a solution to offer at this time. We will continue to evaluate what options we may be able to offer here.

    Ben

This discussion has been closed.