Newbie: wanting to store items in a vault that my headless server (Azure Runbooks) creates.

ezjurgen
ezjurgen
Community Member

Hi!

I am creating a runbook that will create some test accounts of a spin up test system and instead of storing them as credentials in Azure I want them to be saved in a 1P vault so the support techs can use them for troubleshooting customers problems.

I am new to this CLI and is see a lot of complex setups as 1P needs to protect stored passwords of course. But my requirements are a bit more modest. I would like to create a new account that only has rights to save a new item (usr/pwd/name) to a vault, it does not need rights to read an item.

So i guess security can be a bit lower and a biometric or userinteraction is not needed.

Would this be possible using powershell to save items headless without user interaction?


1Password Version: 2.1
Extension Version: Not Provided
OS Version: azure runbooks/devops pipeline
Browser:_ Not Provided

Comments

  • Hi @ezjurgen:

    It isn't possible to use 1Password CLI to create write-only access, but it is possible to use 1Password Connect Server to do something like this. Let me know if this would work for you and I can explore further with you!

    Jack

  • ezjurgen
    ezjurgen
    Community Member

    Hi Jack,

    I am not really sure if the connect server is what I need. As we are using teamviewer/splashtop/vmware web console to login on customers servers we will not be able to connect to these systems with an API or whatever Connect Server might do to pass on these credentials. we just need to copy them from 1password and paste them in the login window. In vmware we do not even have the copy and paste options so thats a 'reveal and type over' kind a thing.

    What I am looking for is when our automation scripts run at the customers making let's say virtual machines it creates a few support users. I need to share these with the customer later in a secure way. So I am looking to store these creds in 1password in an automated way. After delivery of the project I will go in one 1P and share these with a onetime link

    I was looking on youtube for a more tech video on how Connect server works but I i only found this https://www.youtube.com/watch?v=ICMFanRt20A

  • ezjurgen
    ezjurgen
    Community Member

    Would there be a way that I could create these credentials as encrypted files on the isolated machines. transfer them to my machine in a way the customer allows me to, and authenticate in my local 1P or 1P website?

    just brainstorming....

  • Hi @ezjurgen:

    To clarify, the automation running on your client's machines would have the ability to connect to a Connect server available on the public internet to make the item using an access token, but wouldn't be able to read any items.

    In other words, during the execution of the runbook on the client's machine, at some point your runbook would make a request that looks something like curl https://connect.example.com POST .... This would create a new item, saving it to the vault, without the ability to read.

    Let me know if that makes more sense. If you'd like, discussing this over email may be easier, as we can share more specifics via email rather than here on the 1Password Community. You can email us at support+forum@1password.com. Include a link to your thread, and we'll take a closer look. 🙂

    Jack

  • ezjurgen
    ezjurgen
    Community Member

    Thanks Jack;

    I sent the message

This discussion has been closed.