search

1Password / onepassword-operator

The 1Password Connect Kubernetes Operator provides the ability to integrate Kubernetes Secrets with 1Password. The operator also handles autorestarting deployments when 1Password items are updated.
https://developer.1password.com/docs/connect/
MIT License
522 stars 60 forks source link

Secrets sync only syncing items from "fields" #187

Open Hobbit44 opened 3 months ago

Hobbit44 commented 3 months ago

Your environment

Operator Version: 1.8.1

Connect Server Version: 1.7.2

Kubernetes Version: 1.29.3

What happened?

Im setting up external DNS in my cluster with the pi-hole provider. I want to sync my pi-hole password from my vault so i added the following annotations to the helm chart:

      "operator.1password.io/item-path" = "vaults/Servers/items/Pi-hole"
      "operator.1password.io/item-name" = "pi-hole-secret"

That item in my vault has 3 keys. password, old passwod, and website. When i looked at the secret i only got pw, and old-password as keys in the secret. When i got the item through the cli i noticed the website get was seperated off into a URLs section. I'm assuming thats why the whole item wasnt synced.

What did you expect to happen?

I'm expecting to have all the keys from the UI available to me in the UI in the secret.

Steps to reproduce

  1. Create a password item in 1password in standard login format with username, password and a website URL.
  2. Deploy a secret using either the annotations or a OnePasswordItem manifest (I tested both)

Notes & Logs

ollie-nye commented 1 month ago

Just ran into something similar, seems the type of the item in 1password matters. If you use API credential type it passes things through as-is, at least for the fields I've been playing with!