turbot/onepassword

GitHub
steampipe plugin install onepasswordsteampipe plugin install onepassword

1Password + Steampipe

1Password is a password manager, digital vault, form filler and secure digital wallet.

Steampipe is an open source CLI to instantly query cloud APIs using SQL.

List your 1Password items:

select
id,
title,
vault_id,
favorite,
category,
created_at
from
onepassword_item;
+----------------------------+---------------------------------------------+----------------------------+----------+------------------+---------------------------+
| id | title | vault_id | favorite | category | created_at |
+----------------------------+---------------------------------------------+----------------------------+----------+------------------+---------------------------+
| kvmaoszyhzbvze6g5tvr6qg2a | steampipe-test Access Token: steampipe-test | wygy6zfmgzdlzckgruraltkma | false | API_CREDENTIAL | 2022-10-11T20:36:34+05:30 |
| ys6wwudn2jchffycnvaruun7y | Secure Note | wygy6zfmgzdlzckgturaltkma | false | SECURE_NOTE | 2023-04-24T15:15:56+05:30 |
| jskefwj3k5nefswdwfopxv4ca | API Credential | wygy6zfmgzdlzckgturaltkma | false | API_CREDENTIAL | 2023-04-24T14:51:08+05:30 |
+----------------------------+---------------------------------------------+----------------------------+----------+------------------+---------------------------+

Documentation

Quick start

Install

Download and install the latest 1Password plugin:

steampipe plugin install onepassword

Credentials

ItemDescription
Credentials1Password requires an Access Token or Access Token and a URL for all requests.
PermissionsThe permission scope of access tokens is limited to the vaults that the admin provides access to.
RadiusEach connection represents a single 1Password Installation.
Resolution1. Credentials explicitly set in a steampipe config file (~/.steampipe/config/onepassword.spc)
2. Credentials specified in environment variables, e.g., OP_CONNECT_TOKEN, OP_CONNECT_HOST.

Configuration

Installing the latest 1Password plugin will create a config file (~/.steampipe/config/onepassword.spc) with a single connection named onepassword:

Configure your account details in ~/.steampipe/config/onepassword.spc:

connection "onepassword" {
plugin = "onepassword"
# Token is required for requests. Required.
# See instructions at https://developer.1password.com/docs/connect/manage-secrets-automation#issue-revoke-or-rename-an-access-token
# This can also be set via the `OP_CONNECT_TOKEN` environment variable.
# token = "eyJhbGciOiJFUzI1NiIsImtpZCI6InFuN3JwcmZhbnJqZ2V1bWU2eTNidGpjdHN5IiwidHlwIjoiSldUIn0.eyIxcGFzc3dvcmQuY29tL2F1dWlkIjoiVEpGVzVZTlRJSkMzSkNXRFgzQ0dWTUpCSDQiLCIxcGFzc3dvcmQuY29tL3Rva2VuIjoib2tnZGZJWHpEaDhWWkNkRHVNRjZNSUplRUlwN3ZrYUQiLCIxcGFzc3dvcmQuY29tL2Z0cyI6WyJ2YXVsdGFjY2VzcyJdLCIxcGFzc3dvcmQuY29tL3Z0cyI6W3sidSI6ImZwZDR1dW00bHJicTMycG8ybXR2ZGo0c3hpI"
# The host URL set to default http://localhost:8080. Optional.
# This can also be set via the `OP_CONNECT_HOST` environment variable.
# url = "http://localhost:8080"
}

Alternatively, you can also use the standard 1Password environment variables to obtain credentials only if token and url are not specified in the connection:

export OP_CONNECT_TOKEN=eyJhbGciOiJFUzI1NiIsImtpZCI6InFuN3JwcmZhbnJqZ2V1bWU2eTNidGpjdHN5IiwidHlwIjoiSldUIn0.eyIxcGFzc3dvcmQuY29tL2F1dWlkIjoiVEpGVzVZTlRJSkMzSkNXRFgzQ0dWTUpCSDQiLCIxcGFzc3dvcmQuY29tL3Rva2VuIjoib2tnZGZJWHpEaDhWWkNkRHVNRjZNSUplRUlwN3ZrYUQiLCIxcGFzc3dvcmQuY29tL2Z0cyI6WyJ2YXVsdGFjY2VzcyJdLCIxcGFzc3dvcmQuY29tL3Z0cyI6W3sidSI6ImZwZDR1dW00bHJicTMycG8ybXR2ZGo0c3hpI
export OP_CONNECT_HOST=http://localhost:8080

Get involved