-
Notifications
You must be signed in to change notification settings - Fork 486
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: 1Password Secrets Automation Support
Added a new configuration option, `onepassword.mode`, that can be set to `account` (the default value), `connect` (for 1Password Connect), or `service` (for 1Password Service Accounts). When in `onepassword.mode` is: - `account`: the presence of `OP_SERVICE_ACCOUNT_TOKEN`, `OP_CONNECT_HOST`, and/or `OP_CONNECT_TOKEN` will cause chezmoi to immediately exit; their presence changes the behaviour of the 1Password CLI. - `connect`: the presence of `OP_SERVICE_ACCOUNT_TOKEN` or absences of `OP_CONNECT_HOST` and/or `OP_CONNECT_TOKEN` will cause chezmoi to immediately exit. Additionally, the use of `onepasswordDocument` or passing an `account` parameter will cause immediate exits. - `service`: the absence of `OP_SERVICE_ACCOUNT_TOKEN` or presence of `OP_CONNECT_HOST` and/or `OP_CONNECT_TOKEN` will cause chezmoi to immediately exit. Additionally, passing an `account` parameter will cause immediate exits. In all other ways, the 1Password template functions have not changed. I changed the format of the scripts in the `onepassword*.txtar` files so that there is better parity between the three sets of tests *and* so that there is better / easier to read parity between the Unix and Windows test scripts. Closes: #3498
- Loading branch information
1 parent
a3ec854
commit 6a948ff
Showing
14 changed files
with
705 additions
and
129 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,4 @@ | ||
/.pdm-python | ||
/.vagrant | ||
/COMMIT | ||
/bin/actionlint | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -4,16 +4,14 @@ The `onepassword*` template functions return structured data from | |
[1Password](https://1password.com/) using the [1Password | ||
CLI](https://developer.1password.com/docs/cli) (`op`). | ||
|
||
!!! warning | ||
|
||
When using the 1Password CLI with biometric authentication, account | ||
shorthand names are not available. In order to assist with this, chezmoi | ||
supports multiple derived values from `op account list` that can be changed | ||
into the appropriate 1Password *account-uuid*. | ||
!!! info | ||
|
||
### Example | ||
When using the 1Password CLI with biometric authentication, chezmoi derives | ||
values from `op account list` that can resolves into the appropriate | ||
1Password *account-uuid*. | ||
|
||
If `op account list --format=json` returns the following structure: | ||
As an example, if `op account list --format=json` returns the following | ||
structure: | ||
|
||
```json | ||
[ | ||
|
@@ -44,3 +42,11 @@ CLI](https://developer.1password.com/docs/cli) (`op`). | |
`account1.1password.ca` will not be a valid lookup value, but `my@account1`, | ||
`[email protected]`, `your@account1`, and | ||
`[email protected]` would all be valid lookups. | ||
|
||
!!! warning | ||
|
||
Chezmoi has experimental support for [1Password secrets | ||
automation](../../user-guide/password-managers/1password.md#secrets-automation) | ||
modes. These modes change how the 1Password CLI works and affect all | ||
functions. Most notably, `account` parameters are not allowed on all | ||
1Password template functions. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.