-
-
Notifications
You must be signed in to change notification settings - Fork 728
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
onepassword PushSecret functionality #2565
Comments
Hey @snarlysodboxer shows you as the maintainer for onepassword plugin. Do you see any issues with 1password or 1passwordconnect adding PushSecret functionality? This appears to require both PushSecret and DeleteSecret functions work. |
I think this should be doable. However unfortunately the go client library for the 1Password Connect Server doesn't currently support uploading files. But we should be able to do it by implementing the HTTP request to the Connect Server ourselves. We'll have to try it. I talk about uploading files because unless PushSecret (new to me) supports custom attributes that could choose the type of 1Password Item to create for a particular PushSecret, then we will probably need to choose the Document type for all PushSecrets, even if they're not multi-line secret values. In other words, while the 1Password provider supports reading from Password type or Document type items, I think it could only support pushing Document type items (but I don't see any problems with that.) |
I don't think it is worth the effort to specify different field types. I could see a case if you wanted to have a single 1password secret with lots of documents inside, but do not think most backends support that approach. AWS and Kubernetes definitely do not. Kubernetes Secrets/ConfigMaps can only hold up to ~1mb. AWS Secrets Manager only supports up to 10kb of contents for an individual secret. Lets aim external-secrets PushSecret to create 1password secret and only use References:
|
@acelinkio Thanks for the helpful research. There is actually a different reason I suggested using the Document type for all pushed values, and that is that multi-line values, such as TLS certificates, don't work well in Password type Items, particularly in the APP/GUI. You would at least be unable to use the APP to edit a multi-line value that was created as a Password type. I believe I tried a while back to use the API to create a multi-line Password type, and I don't remember the specifics other than the lack of support for it in the 1Password GUI was enough for me not to continue to pursue that approach. The good thing about Document type items is that they can also contain single-line values, whereas Password type items cannot contain multi-line values, or at least not in officially supported way. And you can have many "files" or "entries" if you will in a Document type item. |
@acelinkio i would be happy to take this up if you wanted to assign this issue to me |
Hey @bthuilot , Snarly/I are not members of the project and unable to assign issues. Please do not let that stop you from getting started. Start a pull request and reference this ticket! |
Just opened #2646 to address this, |
Added in v0.9.12 |
Describe the bug
onepassword provider does not provide PushSecret functionality
To Reproduce
Expected behavior
Push a secret to 1password.
Screenshots
Additional context
Error message confused me at first until searching through this project.
https://github.com/external-secrets/external-secrets/blob/v0.9.1/pkg/provider/onepassword/onepassword.go#L161
Looks like the PushSecrets feature, #1315, was introduced after onepassword original integration was added, #36.
The text was updated successfully, but these errors were encountered: