gruntwork-io / terragrunt

Terragrunt is a flexible orchestration tool that allows Infrastructure as Code written in OpenTofu/Terraform to scale.
https://terragrunt.gruntwork.io/
MIT License
8.05k stars 979 forks source link

1Password CLI integration #3295

Open hrytskivr-ibm opened 3 months ago

hrytskivr-ibm commented 3 months ago

Summary

Hi, I'm using 1password and their shell plugins to authenticate to aws securely. I use aws (https://developer.1password.com/docs/cli/shell-plugins/aws/) and terraform plugins (https://developer.1password.com/docs/cli/shell-plugins/terraform/).

The issue here is that terragrunt doesn't abide aliases that 1password is setting up: export OP_PLUGIN_ALIASES_SOURCED=1 alias aws="op plugin run -- aws" alias terraform="op plugin run -- terraform"

Because of this aws creds are not being provided by 1password to the calling process.

I've tried to create a script wrapper and use terragrunt-tfpath feature, but that still doesn't work sadly.

!/bin/zsh

op plugin run -- terraform "$@"

Motivation

I'm trying to get terragrunt cli working fine with 1password shell intergration

Proposal

I'm not sure how to fix this atm

Technical Details

terragrunt cli

Press Release

Added support for 1password shell integration

Drawbacks

No response

Alternatives

No response

Migration Strategy

No response

Unresolved Questions

No response

References

No response

Proof of Concept Pull Request

No response

Support Level

Customer Name

No response

yhakbar commented 2 months ago

Hey @hrytskivr-ibm ,

I don't know that we can help with this problem given the amount of information here.

I'm not a 1Password expert, but if someone in the community is able to provide insight or offer a PR to address the issue, we would look into it.

It might help to provide more details in the RFC so that it's clear how this problem can be resolved.

hrytskivr-ibm commented 2 months ago

@yhakbar Hi, thanks for your reply. I'm unable to provide any more tech details as I'm not familiar with Terragrunt or 1Password CLI internals. I hope someone else can step in, I think I can also open a request at 1Password side of things...