1Password + Steampipe
1Password is a password manager, digital vault, form filler and secure digital wallet.
Steampipe is an open source CLI to instantly query cloud APIs using SQL.
List your 1Password items:
select id, title, vault_id, favorite, category, created_atfrom onepassword_item;
+----------------------------+---------------------------------------------+----------------------------+----------+------------------+---------------------------+| id | title | vault_id | favorite | category | created_at |+----------------------------+---------------------------------------------+----------------------------+----------+------------------+---------------------------+| kvmaoszyhzbvze6g5tvr6qg2a | steampipe-test Access Token: steampipe-test | wygy6zfmgzdlzckgruraltkma | false | API_CREDENTIAL | 2022-10-11T20:36:34+05:30 || ys6wwudn2jchffycnvaruun7y | Secure Note | wygy6zfmgzdlzckgturaltkma | false | SECURE_NOTE | 2023-04-24T15:15:56+05:30 || jskefwj3k5nefswdwfopxv4ca | API Credential | wygy6zfmgzdlzckgturaltkma | false | API_CREDENTIAL | 2023-04-24T14:51:08+05:30 |+----------------------------+---------------------------------------------+----------------------------+----------+------------------+---------------------------+
Documentation
Quick start
Install
Download and install the latest 1Password plugin:
steampipe plugin install onepassword
Credentials
Item | Description |
---|---|
Credentials | 1Password requires an Access Token or Access Token and a URL for all requests. |
Permissions | The permission scope of access tokens is limited to the vaults that the admin provides access to. |
Radius | Each connection represents a single 1Password Installation. |
Resolution | 1. Credentials explicitly set in a steampipe config file (~/.steampipe/config/onepassword.spc )2. Credentials specified in environment variables, e.g., OP_CONNECT_TOKEN , OP_CONNECT_HOST . |
Configuration
Installing the latest 1Password plugin will create a config file (~/.steampipe/config/onepassword.spc
) with a single connection named onepassword
:
Configure your account details in ~/.steampipe/config/onepassword.spc
:
connection "onepassword" { plugin = "onepassword"
# Token is required for requests. Required. # See instructions at https://developer.1password.com/docs/connect/manage-secrets-automation#issue-revoke-or-rename-an-access-token # This can also be set via the `OP_CONNECT_TOKEN` environment variable. # token = "eyJhbGciOiJFUzI1NiIsImtpZCI6InFuN3JwcmZhbnJqZ2V1bWU2eTNidGpjdHN5IiwidHlwIjoiSldUIn0.eyIxcGFzc3dvcmQuY29tL2F1dWlkIjoiVEpGVzVZTlRJSkMzSkNXRFgzQ0dWTUpCSDQiLCIxcGFzc3dvcmQuY29tL3Rva2VuIjoib2tnZGZJWHpEaDhWWkNkRHVNRjZNSUplRUlwN3ZrYUQiLCIxcGFzc3dvcmQuY29tL2Z0cyI6WyJ2YXVsdGFjY2VzcyJdLCIxcGFzc3dvcmQuY29tL3Z0cyI6W3sidSI6ImZwZDR1dW00bHJicTMycG8ybXR2ZGo0c3hpI"
# The host URL set to default http://localhost:8080. Optional. # This can also be set via the `OP_CONNECT_HOST` environment variable. # url = "http://localhost:8080"}
Alternatively, you can also use the standard 1Password environment variables to obtain credentials only if token
and url
are not specified in the connection:
export OP_CONNECT_TOKEN=eyJhbGciOiJFUzI1NiIsImtpZCI6InFuN3JwcmZhbnJqZ2V1bWU2eTNidGpjdHN5IiwidHlwIjoiSldUIn0.eyIxcGFzc3dvcmQuY29tL2F1dWlkIjoiVEpGVzVZTlRJSkMzSkNXRFgzQ0dWTUpCSDQiLCIxcGFzc3dvcmQuY29tL3Rva2VuIjoib2tnZGZJWHpEaDhWWkNkRHVNRjZNSUplRUlwN3ZrYUQiLCIxcGFzc3dvcmQuY29tL2Z0cyI6WyJ2YXVsdGFjY2VzcyJdLCIxcGFzc3dvcmQuY29tL3Z0cyI6W3sidSI6ImZwZDR1dW00bHJicTMycG8ybXR2ZGo0c3hpIexport OP_CONNECT_HOST=http://localhost:8080
Get involved
- Open source: https://github.com/turbot/steampipe-plugin-onepassword
- Community: Slack Channel