Signing back into the Community for the first time? You'll need to reset your password to access your account. Find out more.
Successful authentication locally, 403 when executed on server.
When using the one password python library, I get the error "authentication error: http error: unexpected http status: 403 Forbidden" when running my code on a server or google colab, but it works fine when I run it on my laptop, even though the same credentials are used. Any idea about what might be going wrong? Here is the (slightly modified) code snippet: from onepassword.client import Client import asyncio import os async def get_mfa_code(): ONEPASSWORD_TOKEN = os.environ['ONEPASSWORD_TOKEN'] vault_cred = os.environ['vault_cred'] client = await Client.authenticate(auth=ONEPASSWORD_TOKEN, integration_name="My Integration Name", integration_version="v1.0.0") # Retrieve credentials from 1Password username = await client.secrets.resolve(f"{vault_cred}/username") password = await client.secrets.resolve(f"{vault_cred}/password") mfa_code = await client.secrets.resolve(f"{vault_cred}/mfa_code?attribute=otp") return username, password, mfa_code asyncio.run(get_mfa_code()) import nest_asyncio nest_asyncio.apply() asyncio.run(get_mfa_code())Cannot connect connect-server to 1password from k8s
Hello. I have a problem with running 1Password operator in k8s cluster. Onepassword-connector does not connect to the server at all. First I had problems with onepassword-credentials.json being fetched by the connector-api and connector-sync containers if they were declared as: env: - name: OP_SESSION valueFrom: secretKeyRef: name: op-credentials key: 1password-credentials.json So I passed them via volumes / volumeMounts and defined the variable like this: volumes: - name: credentials secret: secretName: op-credentials (...) env: - name: OP_SESSION value: /home/opuser/.config/1password-credentials.json volumeMounts: - mountPath: /home/opuser/.config name: credentials readOnly: true Here I put my code to make it clear how I create the deployment: Gitlab Unfortunately I still can't connect to the server, and on the page: https://my.1password.com/developer-tools/infrastructure-secrets/connect/{connect_id} There is no information about the connection of my connect server, it only says "Not yet deployed" Neither the connect-api container nor the connect-sync inside the onepassword-connect pod log any errors. Only errors I have are for operator and OnePasswordItem, which is: 2025-02-17T20:31:08Z ERROR Reconciler error {"controller": "onepassworditem", "controllerGroup": "onepassword.com", "controllerKind": "OnePasswordItem", "OnePasswordItem": {"name":"example","namespace":"onepassword"}, "namespace": "onepassword", "name": "example", "reconcileID": "a1ba0a9c-7388-454e-9ce6-074cb6621e5c", "error": "Failed to retrieve item: Get \"http://onepassword-connect:8080/v1/vaults?filter=title+eq+%22Development%22\": net/http: invalid header field value for \"Authorization\""} sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler /workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:329 sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem /workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:266 sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2 /workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:227 Could I ask for help in finding the problem? MarPi82
Trouble getting document items in Kubernetes with 1P Connect Operator
Hey everyone, I'm trying to get a document out of 1P and into a k8s secret with the Connect Operator, version 1.8.1. I can get Login items but not Document items, even though there seems to be a discussion about this exact topic stating that Documents are supported as of version 1.3.0. Does anyone else have experience with this? --- apiVersion: onepassword.com/v1 kind: OnePasswordItem metadata: name: config-file-dot-yaml namespace: default spec: itemPath: "vaults/dev/items/config-file.yaml" This is the OnePasswordItem I have. The Document config-file.yaml is in the vault dev, and kubectl describe secret config-file-dot-yaml returns an event of "No items found with identifier 'config-file.yaml' " Is there any examples out there of getting the document? Thanks!What 1Password field type to store a json formatted secret?
I have a lengthy json formatted secret I want to store in 1Password and access for use in terraform (using the provider or otherwise), but I can't figure out how to store a json file in 1Password without it stripping the whitespace/formatting. I tried adding it to a Password and that doesn't allow multi-line. It looks like Text would do it, but I'd prefer it not be immediately visible in the 1Password client. I tried a txt file attachment to a record, but there is not "copy secret reference" for that field type (though maybe it is still accessible in that way?). Thanks, Mike 1Password Version: Not Provided Extension Version: Not Provided OS Version: Not Provided Browser: Not Provided
How to get the private ssh key in OpenSSH format via Api
Hi, we want to access private ssh keys (vault items) via the API to get them in the OpenSSH format. We used ssh-format=openssh as parameter (which was suggested for the 1password CLI tool) and in some cases it works, but in some not. What is the correct way to get the private ssh keys always in the OpenSSH format via the API? 1Password Version: 1.7.0 Extension Version: Not Provided OS Version: Not Provided Browser: 1Password Connect APIonepassword.connect with self-signed certificate
Hi, I'm trying to use 1password ansible collection to create a secret in my vault from an ansible playbook. I use the example from the official documentation : https://developer.1password.com/docs/connect/ansible-collection/ Unfortunately, my connect-server-api is protected with a self-signed certificate and the playbook return the following error : msg: 'Request failed: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:1006)>' Is there a way to configure the module to accept self-signed certificate while accessing the connect-server-api ? Thank you for your help The playbook: name: Update a 1Password Secret hosts: localhost vars: connect_token: " " # Set the Connect server token environment: OP_CONNECT_HOST: # Set the Connect server hostname OP_VAULT_ID: " " # Set the 1Password vault ID collections: onepassword.connect # Specify the 1Password collection tasks: onepassword.connect.generic_item: token: "{{ connect_token }}" # Pass the Connect server token variable title: Club Membership # uuid: 1ff75fa9fexample -- or use an Item ID to locate an item instead state: present fields: label: Codeword field_type: concealed label: Dashboard Password generate_value: always # Generate a new value every time the playbook runs generator_recipe: # Provide a custom password recipe length: 16 include_symbols: no no_log: true # Turn off logs to avoid logging sensitive data" 1Password Version: Not Provided Extension Version: Not Provided OS Version: Not Provided Browser: Not ProvidedSecrets as environment variables in docker-compose files
I always want to make everything easier, and since I did see 1password supported secrets, I was wondering if its possible to use this with docker-compose (not hosting it, but using it as environment variables in composer files?). It seems like its only Kubernites / K8 integration, but maybe someone have come up with a different way to do it?
