Unable to fetch secrets

[rockey5520]

Since this morning all my workflow has been failing with the following error, Any support would be super helpful. They were working fine till last week and on a side note, I was able to access secrets via curl to the OP_CONNECT_HOST endpoint

Run 1password/load-secrets-action@v1 /usr/bin/sh -c /home/runner/work/_actions/1password/load-secrets-action/v1/entrypoint.sh Authenticated with CONNECT Archive: op.zip extracting: /usr/local/bin/op.sig
inflating: /usr/local/bin/op
Populating variable: XXX Error: 2022/12/19 14:11:34 could not read secret op://XXX/XXX/password: could not retrieve vaults: Get "XXX/v1/vaults": unsupported protocol scheme "" Error: The process '/usr/bin/sh' failed with exit code 1

[rockey5520]

I was wondering if anyone could help :) Here below is the snippet of the action workflow file

all our pipelines stopped working and it would be great to get some hints to solve this issue. Apologies in advance for the rush

      - name: Set environment variables
        run: |
          echo "ONE_PASSWORD_GITHUB_ACCESS_TOKEN=${{ env.ENVIRONMENT }}_ONE_PASSWORD_GITHUB_ACCESS_TOKEN" >> $GITHUB_ENV
          echo "OP_CONNECT_HOST=${{ env.ENVIRONMENT }}_OP_CONNECT_HOST" >> $GITHUB_ENV

      - name: Load secret
        id: load_secrets
        uses: 1password/load-secrets-action@v1
        env:
          OP_CONNECT_HOST: 'one-p-LoadB-x-x.x.com'
          OP_CONNECT_TOKEN: ${{ secrets[env.ONE_PASSWORD_GITHUB_ACCESS_TOKEN] }}
          GITHUB_ACTION_USER_ACCESS_KEY: op://Engineering_Staging/GITHUB_ACTION_USER_ACCESS_KEY/password
          GITHUB_ACTION_USER_KEY_ID: op://Engineering_Staging/GITHUB_ACTION_USER_KEY_ID/password
          GITHUB_ACTION_USER_ARN: op://Engineering_Staging/GITHUB_ACTION_USER_ARN/password
          POSTGRES_HOST: op://Engineering_Staging/POSTGRES_HOST/password
          POSTGRES_PORT: op://Engineering_Staging/POSTGRES_PORT/password
          POSTGRES_USER: op://Engineering_Staging/POSTGRES_USER/password
          POSTGRES_DB: op://Engineering_Staging/POSTGRES_DB/password
          POSTGRES_PASSWORD: op://Engineering_Staging/POSTGRES_PASSWORD/password
          S3_BUCKET_STACKS: op://Engineering_Staging/S3_BUCKET_STACKS/password

[gihan9a]

We are facing the similar issue. But don't see any error except a warning

Warning: The `set-output` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/

So we are missing variables in the deployed app

[rockey5520]

In my case, it fails when attempting to fetch the secrets. I tried to replicate the same on OP CLI and was also seeing the same behavior ( https://developer.1password.com/docs/ci-cd/github-actions)

output from OP CLI

op read op://X/x/password
[ERROR] 2022/12/20 10:19:39 could not read secret op://x/x/password: could not retrieve vaults: Get "one-p-x.com/v1/vaults": unsupported protocol scheme ""

[mathis-lab]

We managed to solve this issue by adding the following code:

with:
  # Export loaded secrets as environment variables
  export-env: true

No idea why it stopped working this week.

[rockey5520]

Hey @mathis-lab

I tried your suggestion but still, it's the same error for us, unfortunately :( could you see if I have export-env set rightly?

side note: its the same problem using OP CLI as well when using OP_CONNECT_HOST and OP_CONNECT_TOKEN

[mathis-lab]

It seem that it is 2 differeents issues. Our issue was the same than @gihan9a.

[rockey5520]

Got it, I'll wait for someone to help me then :)

https://giphy.com/gifs/hulu-hulu-original-moone-boy-l0HlBO7eyXzSZkJri

[rockey5520]

@florisvdg

I was wondering if you could have a look at this problem and suggest a solution for this problem am facing. That would help us resume our CICD pipelines

I posted on the 1password community forum and the support channel hasn't got any solution yet.

Regards Rakesh

[edif2008]

Hey all!

I'm really sorry to hear that the latest version of the GitHub action doesn't work as expected! I've updated the v1 tag to point to the latest version of the action (currently v1.1.2), which it looks like it brought up bugs that we were not aware of.

Let me try to reply to the concerns raised here so far.

Error: 2022/12/19 14:11:34 could not read secret op://XXX/XXX/password: could not retrieve vaults: Get "XXX/v1/vaults": unsupported protocol scheme ""

This is caused by the fact that the host provided doesn't have the protocol prefix (i.e. HTTP:// or HTTPS://). Looking back at the changes done at the action, it may have slipped that curl command works without the prefix as well (today I learned about that). Therefore, adding the suitable prefix for your use case should do the trick for now. In the meantime, I'll investigate and see if we can adjust the action so that your previous use case works again, as well as highlight in our documentation the format that OP_CONNECT_HOST expects.

We managed to solve this issue by adding the following code:

  # Export loaded secrets as environment variables
  export-env: true

No idea why it stopped working this week.

It looks like the latest changes seem breaking since the default of that value is false. I will come back with a quick fix for that and change the default to true so that the current workflows don't fail.

Again, apologies for the sudden unfortunate events with your pipelines and thank you for raising them with us. 😃

[edif2008]

I've just opened a PR that brings the suggested changes to the action: #25

[edif2008]

Hey all,

We've just released version v1.2.0 that contains the changes to ensure that v1.x.x releases stay backwards compatible with earlier v1 versions.

Also, the v1 tag now points to that version, so now the broken pipelines should be fixed. I will close this issue for now, but feel free to reopen if other unexpected behavior rises.

Again, thank you so much for helping us making this GitHub Action a good integration for you.

[rockey5520]

Hello @edif2008

Thank you so much for the resolution. Yesterday I added "HTTP" as a prefix to the OP_CONNECT_HOST and it solved this problem. :)