|Marcus Noble 9a02a817b9||1 month ago|
|internal/onepassword||8 months ago|
|manifests||7 months ago|
|.dockerignore||9 months ago|
|.gitignore||9 months ago|
|Dockerfile||9 months ago|
|LICENSE||9 months ago|
|Makefile||7 months ago|
|README.md||1 month ago|
|go.mod||9 months ago|
|go.sum||9 months ago|
|main.go||8 months ago|
Sync secrets from a 1Password vault into Kubernetes secrets.
Note: This should not be considered production grade. It is built on top of the 1Password CLI client which could stop working without warning due to changes made by 1Password.
Create an environment variable with your 1Password credentials:
cp ./manifests/example.env ./manifests/.env
Deploy to Kubernetes
1Password secrets are configured using annotation on Secret resources in Kubernetes.
The only required value is the ID of the secret in 1Password. You can get this by looking at the URL when viewing the secret in 1Password, e.g.
apiVersion: v1 kind: Secret metadata: name: example-secret annotations: kube-1password: 123456example7890 # [Required] This is the ID of the item within 1Password kube-1password/vault: Kubernetes # The name of the Vault kube-1password/username-key: "user" # The key the username should be saved as in the Secret resource (default: `username`) kube-1password/password-key: "pass" # The key the password should be saved as in the Secret resource (default: `password`) kube-1password/secret-text-key: "note" # The key the secret text should be saved as in the Secret resource (default: `secretText`) type: Opaque
kube-1password-secrets currently supports Login, Secure Note and Password item types in 1Password. Only the username, password and notes fields are retrieved.
If you find a bug or have an idea for a new feature please raise an issue to discuss it.
Pull requests are welcomed but please try and follow similar code style as the rest of the project and ensure all tests and code checkers are passing.
Thank you 💛