I've just set up 1Password Connect in my company's network, but immediately ran into issues fetching fields from secret items that didn't have associated sections:
$ op read op://Systems-staging/.env.api/SOME_API_KEY
[ERROR] 2022/08/24 12:31:40 could not read secret op://Systems-staging/.env.api/SOME_API_KEY: could not find field or file SOME_API_KEY on item .env.api in vault Systems-staging
This is the syntax described for fields without sections in the documentation, and I'm able to fetch the field in question using the above syntax when not routing my request through our Connect API instance.
After confirming that items with sections were resolving properly, I tried a different syntax on a hunch:
$ op read op://Systems-staging/.env.api/undefined/SOME_API_KEY
abcdef123456
It appears specifying the section as undefined allows fetching fields with no section. This is concerning both in that it contradicts official documentation and that it implies ambiguous behavior when a section's name is set to the string "undefined".
We're running in ECS Fargate and using the latest versions of the Connect API/Sync containers (v1.5.6). I haven't exhaustively tested this issue on other secret types, but the item exhibiting this behavior is an API Credential secret.
I've just set up 1Password Connect in my company's network, but immediately ran into issues fetching fields from secret items that didn't have associated sections:
This is the syntax described for fields without sections in the documentation, and I'm able to fetch the field in question using the above syntax when not routing my request through our Connect API instance.
After confirming that items with sections were resolving properly, I tried a different syntax on a hunch:
It appears specifying the section as
undefined
allows fetching fields with no section. This is concerning both in that it contradicts official documentation and that it implies ambiguous behavior when a section's name is set to the string"undefined"
.We're running in ECS Fargate and using the latest versions of the Connect API/Sync containers (v1.5.6). I haven't exhaustively tested this issue on other secret types, but the item exhibiting this behavior is an API Credential secret.