-
Notifications
You must be signed in to change notification settings - Fork 60
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow referencing individual fields of a 1password item #69
Comments
Thanks for your suggestion. We're actually working on a way now that lets you map 1Password item fields to environment variables, so stay tuned! |
Any ETA on this? |
+1 |
@florisvdg Do you know if this is still in the roadmap? It seems to be almost a conflict between the 1password client's always showing of the My use case is that i have a username and password for ceph and the ceph helm chart expects the secret to be as |
+1 |
I just want to highlight that if you want this to be viable against other products this is a nessecary feature. Currently it puts you behind provides such as csi-secrets-store-provider-aws, External Secrets and even Hasicorp vault. They all have this in some way or another. |
+1 |
I've been trying to avoid writing a filtering secret sync operator for weeks hoping I'd stumble across a solution for this problem, but still nothing. The injector allows me to pick out arbitrary items, but requires full-access 1password credentials for each consuming pod. The operator fixes the credential issue, but replaces that problem with making me awkwardly structure 1password entries with duplicated data. 😅 How can I help with a hybrid solution? ;) |
Not being able to control the key of the secret is a showstopper here as well. |
I have integrated ExampleapiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: minio
spec:
secretStoreRef:
kind: ClusterSecretStore
name: onepassword
refreshInterval: 500h
target:
deletionPolicy: Delete
data:
- secretKey: MINIO_ROOT_USER
remoteRef:
key: aws:minio
property: access key
- secretKey: MINIO_ROOT_PASSWORD
remoteRef:
key: aws:minio
property: secret key |
Tnx, got a working solution, Adding a label to the onepassword item solved it for me. That way i can control the key of the secret |
@stayanti Have you got an example of how you fixed it? |
Summary
When writing a
OnePasswordItem
definition, it would be helpful to reference individual fields of a 1password item rather than the entire item as a whole.Use cases
For example, consider the setting of certain environment variables across several applications where may have different names, but require the same value.
App 1:
App 2:
Proposed solution
Create a new OnePassword
kind
(or modify the existingkind: OnePasswordItem
) to allow referencing individual fields:For example:
would produce the following secrets:
Is there a workaround to accomplish this today?
Not using the
onepassword-operator
that I'm aware of. You could create multiple secrets from multiple vault items, and then individually reference the secrets created by the operator in each deployment, etc. This would create significant extra code, and be difficult to maintain.References & Prior Work
None that I'm specifically aware of. This issue is similar, but appears to target mounting multiple items within a single k8s secret: #59
The text was updated successfully, but these errors were encountered: