Signing back into the Community for the first time? You'll need to reset your password to access your account. Find out more.
Docker (compose) Permission denied
I'm having trouble getting Connect up and running with Docker Compose. I believe my problems is somewhere related to a user and/or its rights. I am running Docker on my Synology NAS where I created a specific 'Shared Folder' named 1password. I also created an user (with has UID 1042) for further trial/error testing. I currently have the following compose file: ``` version: "3.4" services: 1password-connect-api: image: 1password/connect-api:latest #user: "1042" ports: - "8888:8080" volumes: - /volume1/1password/1password-credentials.json:/home/opuser/.op/1password-credentials.json:ro - /volume1/1password/data:/home/opuser/.op/data restart: unless-stopped 1password-connect-sync: image: 1password/connect-sync:latest #user: "1042" ports: - "8881:8080" volumes: - /volume1/1password/1password-credentials.json:/home/opuser/.op/1password-credentials.json:ro - /volume1/1password/data:/home/opuser/.op/data restart: unless-stopped ``` This gives me the following error from both containers: unspecified err: stat /home/opuser/.op/data/1password.sqlite: permission denied This led me to configure a '1password' user (UID 1042) and tell the containers to run as that user using: user: 1042 This does get me through the permission denied problems (which makes me assume the 'user' does indeed work and 'do something'). But now it doesn't seem to be able and/or create the database: 1password-connect-api_1 | {"log_message":"(I) no database found, will retry in 1s","timestamp":"2022-01-14T13:13:28.600675519Z","level":3} 1password-connect-sync_1 | {"log_message":"(I) no existing database found, will initialize at /.op/data/1password.sqlite","timestamp":"2022-01-14T13:13:27.719489908Z","level":3} 1password-connect-sync_1 | Error: Server: (failed to OpenDefault), Wrapped: (failed to open db), unable to open database file: no such file or directory I also tried to change the permissions of the Shared Folder and it's subfolder in order for 'Everyone' to have read/write, but then I get an error like 'Permissions too broad' (which seems quite fair and indeed very unwanted) I am currently out of ideas on how to get this running. Anyone who can point me in the right direction? 1Password Version: 7.9.2 Extension Version: Not Provided OS Version: macOS 12.1Secrets as environment variables in docker-compose files
I always want to make everything easier, and since I did see 1password supported secrets, I was wondering if its possible to use this with docker-compose (not hosting it, but using it as environment variables in composer files?). It seems like its only Kubernites / K8 integration, but maybe someone have come up with a different way to do it? 1Password Version: Not Provided Extension Version: Not Provided OS Version: Not Provided Browser:_ Not Providedsecrets in a devcontainer setup
I would like to use 1password in a devcontainer setup (remote machine; connected via ssh) to initialize some secrets for my developer environment. I currently have: curl -sS https://downloads.1password.com/linux/keys/1password.asc | \ sudo gpg --dearmor --output /usr/share/keyrings/1password-archive-keyring.gpg echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/1password-archive-keyring.gpg] https://downloads.1password.com/linux/debian/$(dpkg --print-architecture) stable main" | sudo tee /etc/apt/sources.list.d/1password.list sudo mkdir -p /etc/debsig/policies/AC2D62742012EA22/ curl -sS https://downloads.1password.com/linux/debian/debsig/1password.pol | \ sudo tee /etc/debsig/policies/AC2D62742012EA22/1password.pol sudo mkdir -p /usr/share/debsig/keyrings/AC2D62742012EA22 curl -sS https://downloads.1password.com/linux/keys/1password.asc | \ sudo gpg --dearmor --output /usr/share/debsig/keyrings/AC2D62742012EA22/debsig.gpg sudo apt update && sudo apt install 1password-cli eval $(op signin) ...in my setup.sh that is run as part of my devcontainer setup. However, I then have to manually sign in during the setup, which requires 4 items of information to type in, including a long secret key. After the setup is complete, I then have to sign in again via eval $(op signin) if I want to use op within my devcontainer. Is there a better way? If yes, it would be great to have specific documentation on best-practices for using 1password with devcontainers (and remote ssh). 1Password Version: 2.13.1 Extension Version: Not Provided OS Version: Not Provided Browser:_ Not Provided Referrer: forum-search:vs codeRecommended way to use credentials in the code - NodeJS
Hi! I have a NodeJS application and I'm trying to figure out the best way to use 1Password Secret Automation. I already have a Connect server in place and also already did some tests successfully. I understand we can have secret references in a .env file and then start the node process using op run --env-file .my_env_file -- node index.js , for example. This is working just fine for me. But I have some secrets that cannot be stored in environment variables because they're defined for each user in our platform, and we need to read an item's value at runtime. I was considering the nodejs lib, but it looks like it is not possible to read secret value using this lib. I was able to list and get items from vaults, but I was unable to read an item's value. What is the recommended way to read item values at runtime? Thanks in advance. 1Password Version: Not Provided Extension Version: Not Provided OS Version: Not Provided Browser:_ Not Provided
Connect API connection error: Name or service not known
Hello, I am trying to use the OnePassword SDK for Python, however when trying to get an item a connection error is occurring. The client creation is as follows: self.api_client: Client = new_client(self.api_host, self.token) where the values for api_host and token is matching the ENV VAR values OP_CONNECT_HOST and OP_CONNECT_TOKEN from the connect server deployment. Please note that the Connect Server and Operator deployment work as expected. There is no error when creating the client itself, but when trying to use it the first time: self.api_client.get_item(item_id, vault_id) requests.exceptions.ConnectionError: HTTPConnectionPool(host='onepassword-connect', port=8080): Max retries exceeded with url: /v1/vaults/kzkqpu44pencnzsrkjx6rgaz5m/items/zsap3pmz7agzo7gsx5rhac2tqy (Caused by NewConnectionError(' : Failed to establish a new connection: [Errno -2] Name or service not known')) An additional information is that the service from which I am trying to use the python api client is in a separate namespace then the connect server namespace is deployed to, but both namespaces are in the same Kubernetes cluster. No TLS has been used when deploying the Connect server an operator. Apart from using host value of http://onepassword-connect:8080, I also tried using http://connect-api:8080 as per your documentation on https://github.com/1Password/connect-sdk-python, however same error happens... I don't see what could be wrong with the client usage. Any advice what else to to try? Thanks in advance Irena 1Password Version: Not Provided Extension Version: Not Provided OS Version: Not Provided Browser:_ Not ProvidedWhy need Connect Server, Why not directly to 1Password Server
Recently I used 1password secret automation service, and use docker to build "Connect Server" in my server my question is: I can't understand why 1password secret automation need "Connect Server", It looks unnecessary because 1password-cli is directly connect to 1Password server, Is anyone know why or can give some idea for discuss? thanks! 1Password Version: Not Provided Extension Version: Not Provided OS Version: Not ProvidedType of Kubernetes secret created by using OnePasswordItem
I am trying to define a OnePasswordItem to be used as part of our 1Password Secret Automation Workflow. I noticed that the secret created is a Kubernetes Opaque secret. However, I want to create a kubernetes.io/dockerconfigjson (docker-registry) type of secret. I found some articles from a year ago where you stated that only opaque secrets are supported. Has there been some changes is regard to that? Please note, IMO having support for docker-registry type of secrets is a must if I am to actually use 1Password Secret Automation Workflow for cluster deployments. Thanks in advance 1Password Version: Not Provided Extension Version: Not Provided OS Version: Not Providedinvalid token for credentials file 500: Internal Server Error
Hi I configured my secret with base64 file as mentioned in the article here: https://github.com/1password/onepassword-operator The connect-sync is working well as in the log below: {"log_message":"(I) local attr version for vault v75lhm4jjpihdk6jqk5ciefmsu matches remote, nothing to do","timestamp":"2021-08-13T17:07:16.726031589Z","level":3} {"log_message":"(I) local access version for vault v75lhm4jjpihdk6jqk5ciefmsu matches remote, nothing to do","timestamp":"2021-08-13T17:07:16.726039299Z","level":3} {"log_message":"(I) local content version mismatch for vault v75lhm4jjpihdk6jqk5ciefmsu, remote: 7, local: 0, starting content sync...","timestamp":"2021-08-13T17:07:16.726134229Z","level":3} {"log_message":"(I) fetching batch for v75lhm4jjpihdk6jqk5ciefmsu with version 0","timestamp":"2021-08-13T17:07:16.726190179Z","level":3} {"log_message":"(I) writing 4 items for vault v75lhm4jjpihdk6jqk5ciefmsu","timestamp":"2021-08-13T17:07:16.824288819Z","level":3} {"log_message":"(I) writing vault content version 7 for v75lhm4jjpihdk6jqk5ciefmsu","timestamp":"2021-08-13T17:07:16.826629207Z","level":3} {"log_message":"(I) ### sync complete ###","timestamp":"2021-08-13T17:07:16.826959769Z","level":3} {"log_message":"(I) syncing files","timestamp":"2021-08-13T17:07:16.826986839Z","level":3} {"log_message":"(I) Re-authenticated successfully","timestamp":"2021-08-13T17:07:17.578443015Z","level":3} But when I try to request the APIs I got the error below: {"log_message":"(I) GET /v1/vaults/v75lhm4jjpihdk6jqk5ciefmsu","timestamp":"2021-08-13T18:13:38.404274548Z","level":3,"scope":{"request_id":"bbd05abb-f67d-4f47-ad67-cc15037f0ce0"}} {"log_message":"(I) finding and decrypting credentials","timestamp":"2021-08-13T18:13:38.404693619Z","level":3,"scope":{"request_id":"db46f17b-7d52-4b68-83f6-d4393523479d","jti":"33qcqmw3sxyg5zv6tvgq4mejn4"}} {"log_message":"(E) Server: (invalid token for credentials file), Wrapped: (failed to detect localAuth version), Wrapped: (failed to Unmarshal credentials file data into map), json: cannot unmarshal string into Go value of type map[string]interface {}","timestamp":"2021-08-13T18:13:38.40481103Z","level":1,"scope":{"request_id":"db46f17b-7d52-4b68-83f6-d4393523479d","jti":"33qcqmw3sxyg5zv6tvgq4mejn4"}} {"log_message":"(I) GET /v1/vaults/v75lhm4jjpihdk6jqk5ciefmsu completed (500: Internal Server Error)","timestamp":"2021-08-13T18:13:38.40491411Z","level":3,"scope":{"request_id":"db46f17b-7d52-4b68-83f6-d4393523479d","jti":"33qcqmw3sxyg5zv6tvgq4mejn4"}} This is the return of the "/health" is OK too: { "name": "1Password Connect API", "version": "1.3.1", "dependencies": [ { "service": "sqlite", "status": "ACTIVE", "message": "Connected to /home/opuser/.op/data/1password.sqlite" }, { "service": "account_data", "status": "AVAILABLE", "message": "Account data is available" }, { "service": "sync", "status": "ACTIVE" }, { "service": "1Password", "status": "UNINITIALIZED", "message": "Make a request with a valid bearer token to initialize" } ]} What´s wrog with this configuration? I made in my local computer with https://localhost:8080 and works well, but in my Kubernetes cluster maybe there´s something missing.... 1Password Version: Not Provided Extension Version: Not Provided OS Version: Not Provided Referrer: forum-search:invalid token for credentials fileSecret with empty value field
Hi there, I want to create secret for gitlab registration token, It should has 2 filed mandatory: 1 field with token, another one is empty: apiVersion: v1 data: runner-registration-token: LkjdfsdlfHGDFKhskdfLkjsdflkj= runner-token: "" kind: Secret When I decode secret it looks like this one: runner-registration-token: wnR1348lkdj98-JdfgdfghdaMx3tgSdn4c runner-token: runner-token value doesn't have even space . I didn't find a way how to add an empty secret to onepassword and reflect it in k8s secret as it should be. When I add 1pass secret with space, it encode space to base64. I've tried to add "" and '', but it also encoded in secret. If I don't provide informaion to value in 1pass secret, it doesn't sync to k8s secret. 1Password Version: Not Provided Extension Version: Not Provided OS Version: Not ProvidedGenerate limited time share link through API
Sorry ahead of time if this was asked or shown somewhere. I have searched the site and the internet for a way to create a temporary link that shares a password to guests (non 1password users) but I could not find anything on the site. Is there a way to do that? 1Password Version: Not Provided Extension Version: Not Provided OS Version: Not Provided Referrer: forum-search:Generate limited time share link through API