feat: Add support for consuming secrets from 1Password reference links #333
Conversation
|
hi @d34dman thanks for the MR. Instead of passing the 1p reference I'd try to extract the vault id and item id from the url and use the already existing ways to get the secret. This will have the benefit that it will also work with 1p connect. So |
|
@stmh ,
I tried to re-use as much as possible. But I must confess I don't have a good understanding of the underlying foundation. The reasons I didn't use the existing method is because I ran into the same limitation as the existing method. The limitation being, references allows you to target a specific field inside an item. Example, Seems like the limitation is not coming from 1P cli, but from phabalicious. Which extracts a specific field from json and uses that as secret value. So this would either create a breaking change or force us to use references with all the limitation that current method brings and causes a lot of confusion for end users. Reference: https://github.com/factorial-io/phabalicious/blob/main/src/Utilities/PasswordManager.php#L393-L444 Should i still proceed to refactor to use |
|
@stmh maybe i can create another method to get item from vault using This make me think, we should actually be adding another key like "onePasswordSubKey" to get what we want. If the subKey is not present, then it would as it does now. |
|
I missed the fact that the link was targeting a different field. So what is missing is a way to target a specific field in an optional section. We can add them as properties to the secret data and if they are set change the current implementation that iterates over all sections and return items with purpose password or name password. then we might also introduce the url notation for getting vault, item, name and section. In the end, it needs to be compatible with 1password connect, as this is used in the ci. |
@stmh am toying around the idea of using 1Password reference for populating secrets when 1password cli is available in the environment.