@kustodian/plugin-1password 1.0.0 → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +77 -0
- package/package.json +1 -1
package/README.md
ADDED
|
@@ -0,0 +1,77 @@
|
|
|
1
|
+
# @kustodian/plugin-1password
|
|
2
|
+
|
|
3
|
+
1Password secret provider plugin for [Kustodian](https://github.com/lucasilverentand/kustodian). Securely inject secrets from 1Password into your Kubernetes manifests using the 1Password CLI.
|
|
4
|
+
|
|
5
|
+
## Installation
|
|
6
|
+
|
|
7
|
+
```bash
|
|
8
|
+
bun add @kustodian/plugin-1password
|
|
9
|
+
```
|
|
10
|
+
|
|
11
|
+
## Prerequisites
|
|
12
|
+
|
|
13
|
+
- [1Password CLI](https://developer.1password.com/docs/cli/) (`op`) installed and available in your PATH
|
|
14
|
+
- Authentication configured via service account token or interactive sign-in
|
|
15
|
+
|
|
16
|
+
## Usage
|
|
17
|
+
|
|
18
|
+
### As a Kustodian Plugin
|
|
19
|
+
|
|
20
|
+
```typescript
|
|
21
|
+
import { create_onepassword_plugin } from '@kustodian/plugin-1password';
|
|
22
|
+
|
|
23
|
+
const plugin = create_onepassword_plugin({
|
|
24
|
+
service_account_token: process.env.OP_SERVICE_ACCOUNT_TOKEN,
|
|
25
|
+
timeout: 30000,
|
|
26
|
+
fail_on_missing: true,
|
|
27
|
+
});
|
|
28
|
+
```
|
|
29
|
+
|
|
30
|
+
### Direct Secret Access
|
|
31
|
+
|
|
32
|
+
```typescript
|
|
33
|
+
import { op_read, op_read_batch, check_op_available } from '@kustodian/plugin-1password';
|
|
34
|
+
|
|
35
|
+
// Check CLI availability
|
|
36
|
+
const check = await check_op_available();
|
|
37
|
+
if (check.success) {
|
|
38
|
+
console.log(`1Password CLI version: ${check.value}`);
|
|
39
|
+
}
|
|
40
|
+
|
|
41
|
+
// Read a single secret
|
|
42
|
+
const secret = await op_read('op://vault/item/field');
|
|
43
|
+
|
|
44
|
+
// Read multiple secrets
|
|
45
|
+
const secrets = await op_read_batch([
|
|
46
|
+
'op://vault/item/username',
|
|
47
|
+
'op://vault/item/password',
|
|
48
|
+
]);
|
|
49
|
+
```
|
|
50
|
+
|
|
51
|
+
### Secret Reference Format
|
|
52
|
+
|
|
53
|
+
Secrets are referenced using the standard 1Password URI format:
|
|
54
|
+
|
|
55
|
+
```
|
|
56
|
+
op://vault/item/field
|
|
57
|
+
op://vault/item/section/field
|
|
58
|
+
```
|
|
59
|
+
|
|
60
|
+
## Configuration Options
|
|
61
|
+
|
|
62
|
+
| Option | Type | Default | Description |
|
|
63
|
+
|--------|------|---------|-------------|
|
|
64
|
+
| `service_account_token` | `string` | `undefined` | Service account token (can also use `OP_SERVICE_ACCOUNT_TOKEN` env var) |
|
|
65
|
+
| `timeout` | `number` | `30000` | CLI operation timeout in milliseconds |
|
|
66
|
+
| `fail_on_missing` | `boolean` | `true` | Whether to fail when a secret is not found |
|
|
67
|
+
|
|
68
|
+
## CLI Commands
|
|
69
|
+
|
|
70
|
+
The plugin provides CLI commands when registered with Kustodian:
|
|
71
|
+
|
|
72
|
+
- `1password check` - Verify CLI availability and authentication
|
|
73
|
+
- `1password test <ref>` - Test reading a secret reference
|
|
74
|
+
|
|
75
|
+
## License
|
|
76
|
+
|
|
77
|
+
MIT
|