Sync secrets from a 1Password vault into Kubernetes secrets.
Go to file
Marcus Noble bb4f2232db
Updated to op v2
Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>
2024-09-28 09:40:41 +01:00
internal/onepassword Updated to op v2 2024-09-28 09:40:41 +01:00
manifests Updated to op v2 2024-09-28 09:40:41 +01:00
.dockerignore Updated readme 2020-04-25 19:03:59 +01:00
.gitignore Initial commit 2020-04-24 19:20:59 +00:00
Dockerfile Updated to op v2 2024-09-28 09:40:41 +01:00
go.mod Fix secret updating 2020-04-25 18:42:49 +01:00
go.sum Updated to use informers 2022-06-01 06:48:42 +01:00
LICENSE Initial commit 2020-04-24 19:20:59 +00:00
main.go Updated to op v2 2024-09-28 09:40:41 +01:00
Makefile Updated to use informers 2022-06-01 06:48:42 +01:00
README.md feat: parse secret text as multiple secrets 2021-05-12 12:46:08 +01:00

kube-1password-secrets

Sync secrets from a 1Password vault into Kubernetes secrets.

Note: This should not be considered production grade. It is built on top of the 1Password CLI client which could stop working without warning due to changes made by 1Password.

Features

  • Sync data from items stored in 1Password to Secret resources within Kubernetes
  • Rename fields when storing the data in the Kubernetes secret

Install

  1. Create an environment variable with your 1Password credentials:

    cp ./manifests/example.env ./manifests/.env
    
  2. Deploy to Kubernetes

    make release
    

Usage

1Password secrets are configured using annotation on Secret resources in Kubernetes.

The only required value is the ID of the secret in 1Password. You can get this by looking at the URL when viewing the secret in 1Password, e.g.

my.1password.com/vaults/123456789qwertyuiop/allitems/123456example7890

Example:

apiVersion: v1
kind: Secret
metadata:
  name: example-secret
  annotations:
    kube-1password: 123456example7890           # [Required] This is the ID of the item within 1Password
    kube-1password/vault: Kubernetes            # The name of the Vault
    kube-1password/username-key: "user"         # The key the username should be saved as in the Secret resource (default: `username`)
    kube-1password/password-key: "pass"         # The key the password should be saved as in the Secret resource (default: `password`)
    kube-1password/secret-text-key: "note"      # The key the secret text should be saved as in the Secret resource (default: `secretText`)
    kube-1password/secret-text-parse: "true"    # Parse the secret texts as individual secret values in format `key=value` (default: ``)
type: Opaque

kube-1password-secrets currently supports Login, Secure Note and Password item types in 1Password. Only the username, password and notes fields are retrieved.

Building from source

With Docker:

make docker-build

Standalone:

make build

Resources

Contributing

If you find a bug or have an idea for a new feature please raise an issue to discuss it.

Pull requests are welcomed but please try and follow similar code style as the rest of the project and ensure all tests and code checkers are passing.

Thank you 💛

License

See LICENSE