Can't load secrets, error message not helpful

[lokeshbhattarai]

With the set up as below I am getting error while loading secret. The error message I get says the token is invalid. However, I'm using a token that has access to the vault I'm using. Is there a way to add/check for debug logs to find out more details?

jobs:
  build-app:
    runs-on: macos-13
    steps:
      - name: Load 1Password secret
        id: onePassword
        uses: 1password/load-secrets-action@v2
        with:
          export-env: true
        env:
          OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_MOBILE_SERVICE_ACCOUNT }}
          TEST_USER: "op://Test-SDK/TestLogin/username" 

This is the error I get

Error: could not read secret 'op://Test-SDK/TestLogin/username': error initializing client: Validation: (failed to session.DecodeSACredentials), Server: (failed to DecodeSACredentials), failed to parseToken, format is invalid

[edif2008]

Hey @lokeshbhattarai! 👋🏻

The error suggests that the token you provided is not in the appropriate format. You can check the token you use in the following way:

• Does it have the ops_ prefix? Then it's a service account token (which should be set with OP_SERVICE_ACCOUNT_TOKEN)
• Does it not have it? Then it's most probably a Connect token. To set up the action to use Connect, you need to provide the Connect host (with OP_CONNECT_HOST) and the Connect token (with OP_CONNECT_TOKEN).

Let me know if this helps in enabling you to load your secret. 😄

[lokeshbhattarai]

Thank you. That was helpful. Since I didn't have access to the service account token I couldn't verify it's format. However, I was able to load the secret when I asked to create a new service account token. My guess is I was probably using connect token earlier. It would be helpful if such information is relayed in the error log. It's hard to track them down in documentation.