Skip to content
/ 1password-actions Public

Github Action for fetching secrets from 1Password (Via Connect)

License

MIT license
14 stars 5 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mcmarkj/1password-actions

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace
BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

350 Commits

.github

.github

 
 

dist

dist

 
 

src

src

 
 

.eslintignore

.eslintignore

 
 

.eslintrc.json

.eslintrc.json

 
 

.gitattributes

.gitattributes

 
 

.gitignore

.gitignore

 
 

.prettierignore

.prettierignore

 
 

.prettierrc.json

.prettierrc.json

 
 

.tool-versions

.tool-versions

 
 

CODEOWNERS

CODEOWNERS

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

action.yml

action.yml

 
 

jest.config.js

jest.config.js

 
 

package-lock.json

package-lock.json

 
 

package.json

package.json

 
 

tsconfig.json

tsconfig.json

 
 

Repository files navigation

1Password Connect GitHub Action

Access your 1Password Connect Server to import logins and passwords from your 1Password vaults to use in your GitHub Action workflows.

How to use in your workflow:

- name: Import Creds
  uses: mcmarkj/1password-actions@v2
  id: creds
  with:
    connect-server-url: <Your 1password Connect Server URL>
    connect-server-token: ${{ secrets.CONNECT_SERVER_TOKEN }}
    export-env-vars: "true"
    fail-on-not-found: "true"
    secret-path: |
      vault-name > Vault Secret Name
      vault-name > vault.alt.secretname
      vault-name > vault.alt.secretname > username
      vault-name > vault.alt.secretname > username | MY_ENV_VAR_NAME

You can then utilise these credentials elsewhere in your pipelines

- name: Deploy
  env:
    SERVICE_ACCOUNT: ${{ steps.creds.outputs.vault_alt_secretname_password }}
  run: gcp cloud connect --key=$SERVICE_ACCOUNT

You can optionally set export-env-vars: "true" in your with block, this will set the variables as environmental vars globally throughout the following pipeline.

Outputs (When not overridden)

All password outputs are marked as secrets so that they're masked in your workflow's logs.

a Login item named My Secret Name, would be available as the my_secret_name_username and my_secret_name_password output variables. If the field exists and isn't empty it will be outputted. Check the action logs if you aren't totally sure what's been created by the action.

Any additional fields on the secret will also be available, so for example a field on My Secret Name of Region would be available as my_secret_name_region

The output variable's name will be the item's name with spaces and . replaced with _, non-alphanumeric characters removed, and lowercased. For example, a Password item named Google Firebase 2020 would be available as the google_firebase_2020_password output variable.

You can also override the name of the output by appending | secret_name at the end. If you've not specified the filed to export, then this will always be suffixed with _ for all the available fields. eg:

secret-path: |
      vault-name > Vault Secret Name | my_output_name

This could then be accessed by doing:

env:
    SERVICE_ACCOUNT: ${{ steps.creds.outputs.my_output_name_password }}

Whereas if you specify the field name:

secret-path: |
      vault-name > Vault Secret Name > username | my_output_name

This could then be accessed by doing:

env:
    SERVICE_ACCOUNT: ${{ steps.creds.outputs.my_output_name }}

About

Github Action for fetching secrets from 1Password (Via Connect)

Resources

Readme

License

MIT license
Activity

Stars

14 stars

Watchers

2 watching

Forks

5 forks
Report repository

Releases 10

v2.0.8 Latest
Mar 28, 2024
+ 9 releases

Packages

No packages published

Contributors 46

+ 32 contributors

Languages