Closed demon closed 4 months ago
⚠️ This PR contains unsigned commits. To get your PR merged, please sign those commits (git rebase --exec 'git commit -S --amend --no-edit -n' @{upstream}
) and force push them to this branch (git push --force-with-lease
).
If you're new to commit signing, there are different ways to set it up:
gpg
ssh-agent
Using the credentials as
OP_SESSION
is confusing, as it requires you to base64 encode the 1password-credentials.json file first. That's on top of having to base64 encode the secret in k8s. This twice base64- encoding is undocumented and unintuitve.Since connect supports reading the credentials from disk, and we already create the volume from the secret anyway, just follow thru and mount the credentials at the expected location. I imagine this was the intent at some point.
As a sidebar: it was extra weird to find that
OP_SESSION
has a second use: it can also be used to override the location of1password-credentials.json
. I would advise separating these into two separate environment variables but that's out of scope for this change.Finally, since we're mounting the file and not trying to double-base64 the data, swap
stringData
fordata
in the secret.Obsoletes pull request #113, fixes issue #163 and issue #94, makes some progress on issue #167.