search

1Password / terraform-provider-onepassword

Use the 1Password Terraform Provider to reference, create, or update items in your 1Password Vaults.
https://1password.com/secrets
MIT License
323 stars 44 forks source link

Provide the suggested way how to securely setup provider in the documentation. #115

Closed volodymyrZotov closed 9 months ago

volodymyrZotov commented 10 months ago

Currently, in the documentation we provide either this example to set up provider

// README.md
provider "onepassword" {
  url = "http://localhost:8080"
}

or this

// README in Terraform Registry (`templates/index.md.tmpl` file)
provider "onepassword" {
  URL                                 = "http://localhost:8080"
  token                               = "CONNECT_TOKEN"
  service_account_token = "SERVICE_ACCOUNT_TOKEN"
  op_cli_path                     = "OP_CLI_PATH"
}

Setting the sensitive values (tokens) directly in the terraform script is not secure, as it can be accidentally pushed and potentially leak the secrets. Therefore, the suggested and more secure way to set up the provider will be to use env variables OP_SERVICE_ACCOUNT_TOKEN to use service accounts and OP_CONNECT_TOKEN to use Connect.

We need to update the documentation to reflect this.