Signing back into the Community for the first time? You'll need to reset your password to access your account. Find out more.

troubleshooting

10 Topics

Azure container app provisioning not working
It used to work on 2.9.6 version. But it broke aswell after a couple of months. I read somewhere that the version needs to be up-to-date to have the provisioning work. Now after upgrading to 2.9.9 the SCIM bridge site is all green but no information is being brought in to 1password. I tried to search for a fix but I just cant figure out what the problem is.
marjinna
25 days ago Place Developers Discussion
97Views
0likes
3Comments
Trouble getting document items in Kubernetes with 1P Connect Operator
Hey everyone, I'm trying to get a document out of 1P and into a k8s secret with the Connect Operator, version 1.8.1. I can get Login items but not Document items, even though there seems to be a discussion about this exact topic stating that Documents are supported as of version 1.3.0. Does anyone else have experience with this? --- apiVersion: onepassword.com/v1 kind: OnePasswordItem metadata: name: config-file-dot-yaml namespace: default spec: itemPath: "vaults/dev/items/config-file.yaml" This is the OnePasswordItem I have. The Document config-file.yaml is in the vault dev, and kubectl describe secret config-file-dot-yaml returns an event of "No items found with identifier 'config-file.yaml' " Is there any examples out there of getting the document? Thanks!
txmoose
2 months ago Place Developers Discussion
62Views
0likes
4Comments
Cannot connect connect-server to 1password from k8s
Hello. I have a problem with running 1Password operator in k8s cluster. Onepassword-connector does not connect to the server at all. First I had problems with onepassword-credentials.json being fetched by the connector-api and connector-sync containers if they were declared as: env: - name: OP_SESSION valueFrom: secretKeyRef: name: op-credentials key: 1password-credentials.json So I passed them via volumes / volumeMounts and defined the variable like this: volumes: - name: credentials secret: secretName: op-credentials (...) env: - name: OP_SESSION value: /home/opuser/.config/1password-credentials.json volumeMounts: - mountPath: /home/opuser/.config name: credentials readOnly: true Here I put my code to make it clear how I create the deployment: Gitlab Unfortunately I still can't connect to the server, and on the page: https://my.1password.com/developer-tools/infrastructure-secrets/connect/{connect_id} There is no information about the connection of my connect server, it only says "Not yet deployed" Neither the connect-api container nor the connect-sync inside the onepassword-connect pod log any errors. Only errors I have are for operator and OnePasswordItem, which is: 2025-02-17T20:31:08Z ERROR Reconciler error {"controller": "onepassworditem", "controllerGroup": "onepassword.com", "controllerKind": "OnePasswordItem", "OnePasswordItem": {"name":"example","namespace":"onepassword"}, "namespace": "onepassword", "name": "example", "reconcileID": "a1ba0a9c-7388-454e-9ce6-074cb6621e5c", "error": "Failed to retrieve item: Get \"http://onepassword-connect:8080/v1/vaults?filter=title+eq+%22Development%22\": net/http: invalid header field value for \"Authorization\""} sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler /workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:329 sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem /workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:266 sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2 /workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:227 Could I ask for help in finding the problem? MarPi82
marpi82
26 days ago Place Developers Discussion
37Views
0likes
0Comments
Your Connect server hasn’t authenticated with 1Password yet
Hi team! I deployed a Connect server in my Raspberry Pi to test the Kubernentes Operator using Helm Chart following your steps in the Development guide. All pods are running healthy, and no errors have been found in the logs, but I still have the following message on the website "Your Connect server hasn’t authenticated with 1Password yet." Some details about the configuration: Account type: Family Organizer $ helm list NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION connect op-system 1 2023-03-16 22:09:51.205888 +0100 CET deployed connect-1.10.0 1.5.7 $ k get pods NAME READY STATUS RESTARTS AGE onepassword-connect-operator-576cf445c7-bl5tl 1/1 Running 0 29m onepassword-connect-6544fc5865-p7xb8 2/2 Running 0 29m Any suggestion to know where I have the error? or what I'm missing?
Solved
JohnMaplewood
5 months ago Place Developers Discussion
36Views
0likes
1Comment
IntelliJ IDEA Git plugin not authenticating
When I attempt to push from IntelliJ (via the Git plugin), the 1Password authentication prompt doesn't appear, and eventually the push fails with: sign_and_send_pubkey: signing failed for ED25519 "SSH Key" from agent: communication with agent failed git@github.com: Permission denied (publickey). fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists. When I open a terminal and authenticate IntelliJ manually, only then can I actually push anything. According to the 1Password ssh-agent docs, IntelliJ should work, but it's not. OS: NixOS 24.11 IntelliJ version: IntelliJ IDEA 2024.3.2.2 (Ultimate Edition) Build #IU-243.23654.189 1Password version: 8.10.48 op version: 2.30.2 Command IntelliJ git plugin runs for pushing (I figured it might be useful because IntelliJ adds some options to it): git -c credential.helper= -c core.quotepath=false -c log.showSignature=false push --progress --porcelain origin refs/heads/main:main
tom-ricci
19 days ago Place Developers Discussion
32Views
0likes
0Comments
Can't connect to 1password from Raycast
If I don't have the 1password app open at the same time, the Raycast extension doesn't want to connect an authenticate. It either keeps on trying to Authenticate forever, or it tells me to update the app (which I have), or it tell me something about context window exceded. The cli is also up to date.
Yeshco
2 months ago Place Developers Discussion
32Views
0likes
0Comments
Azure ID Provider management question
Hello, I have configured SSO with Azure Entra and want to send users of our domain invites to 1password. I'm a little unclear if I'm required to use the SCIM bridge to provision users or can I just send users email invites? If so, can they start using SSO immediately? Thanks in advance!
Solved
JohnMaplewood
5 months ago Place Developers Discussion
30Views
0likes
1Comment
Successful authentication locally, 403 when executed on server.
When using the one password python library, I get the error "authentication error: http error: unexpected http status: 403 Forbidden" when running my code on a server or google colab, but it works fine when I run it on my laptop, even though the same credentials are used. Any idea about what might be going wrong? Here is the (slightly modified) code snippet: from onepassword.client import Client import asyncio import os async def get_mfa_code(): ONEPASSWORD_TOKEN = os.environ['ONEPASSWORD_TOKEN'] vault_cred = os.environ['vault_cred'] client = await Client.authenticate(auth=ONEPASSWORD_TOKEN, integration_name="My Integration Name", integration_version="v1.0.0") # Retrieve credentials from 1Password username = await client.secrets.resolve(f"{vault_cred}/username") password = await client.secrets.resolve(f"{vault_cred}/password") mfa_code = await client.secrets.resolve(f"{vault_cred}/mfa_code?attribute=otp") return username, password, mfa_code asyncio.run(get_mfa_code()) import nest_asyncio nest_asyncio.apply() asyncio.run(get_mfa_code())
Solved
TJE
22 days ago Place Developers Discussion
28Views
0likes
1Comment
Connect Server PATCH /title is deleting fields from Item
Running into a weird one with a connect api / server spun up in AWS. When I attempt to update the title of a vault item, any "extra" fields, sections, or files are dropped. Here's a psuedocode example. Item { "category": "DOCUMENT", "fields": [{ "id": "notesPlain", ... }], "files": [{ "content_path": "/v1/vaults/111/items/222/files/333/content", "id": "333", "name": "filename.pdf", "size": 369343 }, { "content_path": "/v1/vaults/111/items/222/files/444/content", "id": "444", "name": "filename.jpeg", "section": { "id": "add more" } }], "id": "222", "sections": [{ "id": "add more" }], "title": "Test Item" "vault": { "id": "111", "name": "Test Vault" } } Request PATCH {domain}/v1/vaults/111/items/222 -d [{ "op": "replace", "path": "/title", "value": "Test Item v2" }] Resulting Item { "category": "DOCUMENT", "fields": [{ "id": "notesPlain", ... }], "files": [{ "content_path": "/v1/vaults/111/items/222/files/333/content", "id": "333", "name": "filename.pdf", "size": 369343 }], "id": "222", "title": "Test Item v2" "vault": { "id": "111", "name": "Test Vault" } } Both the second file and section are removed. From the /activity endpoint it appears that a single "UPDATE" was done on the item, so I don't think it's the connect server "duplicating" or sending secondary destructive requests or anything. I've also tried PUT and sent the entire original payload, only modifying the title, but this also removes the fields. Is there a way that we can programmatically update the title without dropping data out of the item?
jpemeric
17 days ago Place Developers Discussion
18Views
0likes
0Comments
connect server - connection refused
I attempted to deploy connect server but it didn't work below are the context input: op item get --format json --vault my_vault_name my_item_title response: [ERROR] 2025/03/14 05:03:37 could not retrieve item ‘my_vault_name/my_item_title: Get "http://localhost:8080/v1/vaults?filter=title+eq+%22my_vault_name%22": dial tcp [::1]:8080: connect: connection refused what have I done I installed locally follow instruction on getting start page I installed via helm chart I already got 1password-credentials.json file locally I already set environment variable OP_CONNECT_TOKEN, OP_CONNECT_HOST I also set environment variables OP_SESSION, OP_HTTP_PORT, OP_LOG_LEVEL I also tried with API heartbeat but also get connection refused info on environment MacOS: 15.3.2 chip M2 ARM64 1Password version: 1Password for Mac 8.10.64 1Password CLI version: 2.30.3 kubenetes: using colima, runtime containerd + k3s pods are up and running (both connect-api and connect-sync) In my profile on 1password.com, it said “Your Connect server hasn’t authenticated with 1Password yet.” helm status give this response NAME: connect LAST DEPLOYED: Fri Mar 14 01:13:28 2025 NAMESPACE: default STATUS: deployed REVISION: 1 NOTES: ** Please be patient while the chart is being deployed ** 1Password Connect is being deployed to Kubernetes. More information about 1Password Connect can be found at https://support.1password.com/secrets-automation/ it look like I missed last “authentication step” but I couldn’t figure out Thank you
kakushi
18 hours ago Place Developers Discussion
10Views
0likes
0Comments