Signing back into the Community for the first time? You'll need to reset your password to access your account. Find out more.
Masked Email API - integrate my own masked email generation service
I love the idea of masked emails and I briefly trialled FastMail in order to get that behaviour built-in to 1Password, but I ended up choosing not to continue with FM (for reasons). So, because I own a throwaway domain (let's call it flubber.fish), instead I hacked together a quick web page that I can hit which will generate a gibberish email (i.e. d09uiy2@flubber.fish) which I can copy and paste into 1Password and any account I have and I get the same effect (with some aliasing/mail rules in the background to redirect it to me, obviously). However, this feels a bit frustrating - getting out of the 1Password flow in order to get this new address each time - and I wish there was a better way. So I'm wondering if you could somehow provide an API spec and hooks which power-users like me could use to integrate our own services into. It might also make it possible for third-parties to offer integrations with Google etc. utilising their . and + aliasing techniques (although arguably less "masked" than random words/characters as it still contains your root address but I digress...). Obviously you'd need to solve some security concerns around that and integration authors might need to jump through some hoops. But if the hoops aren't too big and too many then I'd love to have 1Password using my code to auto-generate masked emails on my own domain for me. 1Password Version: Not Provided Extension Version: Not Provided OS Version: Not Provided Browser: Not Provided
Generate limited time share link through API
Sorry ahead of time if this was asked or shown somewhere. I have searched the site and the internet for a way to create a temporary link that shares a password to guests (non 1password users) but I could not find anything on the site. Is there a way to do that? 1Password Version: Not Provided Extension Version: Not Provided OS Version: Not Provided Referrer: forum-search:Generate limited time share link through API
Retrieve SSH private key with Terraform Provider
Hi! I am currently trying to use an "onepassword_item" to retrieve a SSH private key in a terraform script. I am using the CLI in the provider config. Getting the complete item with the cli works and I can see the private key. However it does not seem to be contained in the data item. Provider config: provider "onepassword" { account = var.op_account_id } Getting the data with data "onepassword_item" "ssh_key" { vault = "<value_id>" uuid = "<item_id>" } and then using it in a resource with ... "sshPrivateKey" = "${data.onepassword_item.repository_deploy_key.private_key}" ... I also checked the tf state and it also does not contain the private key: ``` tf state show module.test.data.onepassword_item.ssh_key data "onepassword_item" "ssh_key" { category = "ssh_key" id = " " note_value = (sensitive value) public_key = " " title = "My SSH Key" uuid = " " vault = " " } ``` Am I doing something wrong? 1Password Version: Not Provided Extension Version: Not Provided OS Version: Not Provided Browser: Not Provided
Secrets injector not working - variable value is the op path
Hi, I am currently testing secrets injector with connect server by following this documentation. Both have been deployed in the k8s. I tried deploying this demo app apiVersion: apps/v1 kind: Deployment metadata: name: demo-app spec: selector: matchLabels: app: demo-app template: metadata: annotations: operator.1password.io/inject: demo-app labels: app: demo-app spec: containers: - name: demo-app image: busybox ports: - containerPort: 5000 command: ["sleep"] args: ["3600"] env: - name: OP_CONNECT_HOST value: 'http://onepassword-connect.onepassword.svc.cluster.local:8080' - name: OP_CONNECT_TOKEN valueFrom: secretKeyRef: key: token name: connect-token - name: TEST_ONEPASSWORD value: op://my-vault/test_creds/password connect logs ``` {"log_message":"(I) GET /v1/vaults","timestamp":"2024-02-22T11:51:56.978455348Z","level":3,"scope":{"request_id":"039a4d07-90ea-4161-a4a8-c9b814588e3d"}} {"log_message":"(I) GET /v1/vaults completed (200: OK) in 12ms","timestamp":"2024-02-22T11:51:56.990803288Z","level":3,"scope":{"request_id":"039a4d07-90ea-4161-a4a8-c9b814588e3d"}} {"log_message":"(I) GET /v1/vaults/trkbdmaja5jf7gblvdmzhtfgsa/items?filter=title+eq+%22test_creds%22","timestamp":"2024-02-22T11:51:56.992460837Z","level":3,"scope":{"request_id":"154b9a54-351d-4839-a84e-3f406c73f505"}} {"log_message":"(I) GET /v1/vaults/trkbdmaja5jf7gblvdmzhtfgsa/items?filter=title+eq+%22test_creds%22 completed (200: OK) in 10ms","timestamp":"2024-02-22T11:51:57.00252325Z","level":3,"scope":{"request_id":"154b9a54-351d-4839-a84e-3f406c73f505"}} {"log_message":"(I) GET /v1/vaults/trkbdmaja5jf7gblvdmzhtfgsa/items/5dlsknuwntvpokkkevuu475cpi","timestamp":"2024-02-22T11:51:57.003679559Z","level":3,"scope":{"request_id":"c11d761f-0781-4a44-8a5f-f40261fd693f"}} {"log_message":"(I) GET /v1/vaults/trkbdmaja5jf7gblvdmzhtfgsa/items/5dlsknuwntvpokkkevuu475cpi completed (200: OK) in 8ms","timestamp":"2024-02-22T11:51:57.012355276Z","level":3,"scope":{"request_id":"c11d761f-0781-4a44-8a5f-f40261fd693f"}} ``` injector logs ``` I0222 11:51:55.401251 1 webhook.go:180] Checking if secret injection is needed for /v1, Kind=Pod at namespace default I0222 11:51:55.401426 1 webhook.go:98] Pod at namespace default. Secret injection status: Secret Injection Enabled:true I0222 11:51:55.401477 1 webhook.go:313] OP_SERVICE_ACCOUNT_TOKEN not provided I0222 11:51:55.401485 1 webhook.go:345] OP CLI will be used with Connect I0222 11:51:55.401545 1 webhook.go:287] AdmissionResponse: patch=[{"op":"add","path":"/spec/containers/0/volumeMounts","value":[{"name":"kube-api-access-tkfrs","readOnly":true,"mountPath":"/var/run/secrets/kubernetes.io/serviceaccount"},{"name":"op-bin","readOnly":true,"mountPath":"/op/bin/"}]},{"op":"replace","path":"/spec/containers/0/command","value":["/op/bin/op","run","--","sleep"]},{"op":"add","path":"/spec/containers/0/env/-","value":{"name":"OP_INTEGRATION_NAME","value":"1Password Kubernetes Webhook"}},{"op":"add","path":"/spec/containers/0/env/-","value":{"name":"OP_INTEGRATION_ID","value":"K8W"}},{"op":"add","path":"/spec/containers/0/env/-","value":{"name":"OP_INTEGRATION_BUILDNUMBER","value":"1000101"}},{"op":"add","path":"/spec/volumes/-","value":{"name":"op-bin","emptyDir":{"medium":"Memory"}}},{"op":"add","path":"/spec/initContainers","value":[{"name":"copy-op-bin","image":"1password/op:2","command":["sh","-c","cp /usr/local/bin/op /op/bin/"],"resources":{},"volumeMounts":[{"name":"op-bin","mountPath":"/op/bin/"}],"imagePullPolicy":"IfNotPresent"}]},{"op":"add","path":"/metadata/annotations","value":{"operator.1password.io/status":"injected"}}] I0222 11:51:55.401571 1 webhook.go:481] Ready to write response ... ``` when i check the pod env ``` $ kubectl exec -it demo-app-78d6b574d7-bxcd4 -- /bin/sh Defaulted container "demo-app" out of: demo-app, copy-op-bin (init) / # / # env | grep TEST TEST_ONEPASSWORD=op://my-vault/test_creds/password ``` What could be the issue here? 1Password Version: Not Provided Extension Version: Not Provided OS Version: Not Provided Browser: Not Provided
Connect Operator Reconciler error
Hello, We upgraded the helm chart for Connect server on our staging K8s cluster from version 1.7.1 to 1.14.0. Post upgrade, secrets are (as expected) still successfully created, however we see many pairs of info/error entries like below in the Connect Operator logs. 2024-02-06T21:02:35Z INFO Secret with name op-test and version 1 already exists 2024-02-06T21:02:35Z ERROR Reconciler error {"controller": "onepassworditem", "controllerGroup": "onepassword.com", "controllerKind": "OnePasswordItem", "OnePasswordItem": {"name":"op-test","namespace":"customer-ravenstaging1"}, "namespace": "customer-ravenstaging1", "name": "op-test", "reconcileID": "9221dafe-aed3-4374-98f3-676fa8ddbd7c", "error": "cannot update status: onepassworditems.onepassword.com \"op-test\" not found"} sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler /workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:329 sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem /workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:274 sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2 /workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:235 Some research showed that the error might stem from the onepassworditems.onepassword.com CRD definition update that happened somewhere around version 1.8. We did update the CRD definition to include version 2 as shown in the attached file, however the Reconcile error still occurs. Can you please help in resolving this? We cannot proceed to upgrading our production cluster until this issue is resolved... Thanks in advance I. 1Password Version: Not Provided Extension Version: Not Provided OS Version: Not Provided Browser: Not ProvidedCombine several secrets into another secret, or inherit secrets?
I currently use DOPPLER and the feature that I used constantantly is password inheritance I'll give you an example If, in production, I have the following secrets: MONGO_DATABASE = 'mongo' MONGO_USERNAME = 'user_one' MONGO_PASSWORD = 'production' MONGO_URI = mongodb://${MONGO_USERNAME}:${MONGO_PASSWORD}@prod_server.com:27017/?authMechanism=DEFAULT in the development environment I can do this: MONGO_DATABASE=${production.MONGO_DATABASE} etc... so, is there a way in 1Password to use variables in password fields to reference other password fields? Like DOPPLER ? 1Password Version: Not Provided Extension Version: Not Provided OS Version: Not Provided Browser: Not Provided
Retrieve shared item by CLI doesnt seem to work
The documentation here: https://developer.1password.com/docs/cli/reference/management-commands/item/#item-get suggest one possible way to get an item is by shareLink, which I imagine is the URL that is produced either when sharing an item using either the GUI or the https://developer.1password.com/docs/cli/reference/management-commands/item#item-share CLI command. However whenever I try this the CLI produces the error: ``` op item get " " [ERROR] 2023/08/02 19:26:54 " " isn't an item. Specify the item with its UUID, name, or domain. ``` It makes no difference whether I put the URL between doublequotes or not. I am investigating possible ways to do secret management in our infrastructure and considering 1password as an option. One thing we will need in our setup is the ability to pass secrets around using one-time-readable 'tokens'. 1password doesn't seem to have this functionality per se, but creating share links with the '--view-once' flag seems to be a feasible alternative - if they work. 1Password Version: CLI 2.19.0 Extension Version: Not Provided OS Version: Ubuntu 22.04 Browser: n/aAdd users/vault management to API?
Apologies if this isn't the right forum to ask this in. Are there any plans to document the API for user and vault management? We'd like to manage our 1Password users and their vault access with Terraform. This functionality is not currently exposed in the Connect API. Terraform providers are packaged as compiled Golang executables, and so it'd be good to be able to call the right API endpoints in native Golang code, because the alternative (recommended) approach of managing users and vaults with the 1Password CLI would involve embedding the CLI executable as a string in the Terraform provider, then writing it to disk and executing at runtime. That seems like a generally filthy idea! 1Password Version: Not Provided Extension Version: Not Provided OS Version: Not ProvidedSecrets as environment variables in docker-compose files
I always want to make everything easier, and since I did see 1password supported secrets, I was wondering if its possible to use this with docker-compose (not hosting it, but using it as environment variables in composer files?). It seems like its only Kubernites / K8 integration, but maybe someone have come up with a different way to do it?
