search

1Password / terraform-provider-onepassword

Use the 1Password Terraform Provider to reference, create, or update items in your 1Password Vaults.
https://developer.1password.com/docs/terraform/
MIT License
322 stars 45 forks source link

Improve support for item categories #52

Open AlexHoffmann opened 2 years ago

AlexHoffmann commented 2 years ago

We've received this bit of feedback from a customer:

1Password Terraform does not support any other item categories apart from Login, Password and Database.

At the moment we utilise AWS Secret Manager where you are able to store a flat JSON object without any compulsory fields. Utilising any of the supported item categories in 1password provider forces us to have compulsory fields such as "password" "url" "username" which are different with supported item categories.

We could definitely use, for instance Password item category with only one compulsory field "password", and just add custom fields as required. But in the future we would have to migrate to appropriate item categories once you add support to the provider causing additional overhead.

So the questions are: Is there a roadmap to add more categories to Terraform provider? If so when and which ones? Particularly categories without any compulsory field? Although I'm not sure if 1password has categories like that. And/or can you think of any workarounds with available categories without compulsory fields? Although kind of new, but there's already an issue reported on your Github https://github.com/1Password/terraform-provider-onepassword/issues/51 regarding missing document category

The team in Slack mentioned that this is a know issue and a workaround that was offered, e.g. using the API credentials category was shot down again because there seems to be an issue retrieving API credentials via the Terraform provider.

Someone from our team added in Slack:

I hit this personally recently. Unfortunately some weird things happen with the current terraform provider release and api credentials (I couldn’t access the credential) There was talking in April/May of improving and expanding the supported Item types but I don’t think anything materialized there

Twister42 commented 2 years ago

Yes this definitely need a fix, when using "API Credential" in 1Password the main keys are username and credential. The Terraform provider only give access to username and password. I had to copy credential in a password fiel in all my "API Credential" entries used by Terraform, it's (more than) a bit annoying.

devin-8flow commented 9 months ago

It's $current_year and we still can't fetch API credentials from terraform without first duplicating the field into password. :/