Closed Domi-cc closed 1 year ago
Files identified in the description:
If these files are incorrect, please update the component name
section of the description or use the !component
bot command.
cc @azenk @samdoran @scottsb click here for bot help
I would also like this feature and can help with a contribution.
Support for service accounts should be added to the existing onepassword
and onepassword_raw
lookups. The OP_SERVICE_ACCOUNT_TOKEN
needs to be added to the environment running op
commands and should be a new parameter
Hey @samdoran added the service_account_token. Works everything fine. Please review and feel free to change or improve the PR. Thanks!
I was looking at using service accounts for my Ansible playbook since I need an initial sign in and don't want to use my master password with unrestricted read/write access to all vaults for security reasons, so I tried out @Domi-cc's fork directly instead of waiting for the 7.1.0 release by installing it via:
ansible-galaxy collection install git@github.com:Domi-cc/community.general.git,onepassword-lookup-add-service-accounts
And I can confirm that it works as expected. Had just to pass my generated token with the service_account_token
parameter and could retrieve secrets from the corresponding vault.
This is indeed a much better way to do things than passing around the master password. I'm glad service account tokens are a thing now.
Summary
1password has new service accounts. via lookup should be possible to get secrets.
we can offer to contribute, but want to know, do you want a new lookup file for that, or should we try to expand: plugins/lookup/onepassword.py ?
Issue Type
Feature Idea
Component Name
lookup onepassword
Additional Information
Code of Conduct