1Password + Steampipe
1Password is a password manager, digital vault, form filler and secure digital wallet.
Steampipe is an open-source zero-ETL engine to instantly query cloud APIs using SQL.
List your 1Password items:
select id, title, vault_id, favorite, category, created_atfrom onepassword_item;+----------------------------+---------------------------------------------+----------------------------+----------+------------------+---------------------------+| id | title | vault_id | favorite | category | created_at |+----------------------------+---------------------------------------------+----------------------------+----------+------------------+---------------------------+| kvmaoszyhzbvze6g5tvr6qg2a | steampipe-test Access Token: steampipe-test | wygy6zfmgzdlzckgruraltkma | false | API_CREDENTIAL | 2022-10-11T20:36:34+05:30 || ys6wwudn2jchffycnvaruun7y | Secure Note | wygy6zfmgzdlzckgturaltkma | false | SECURE_NOTE | 2023-04-24T15:15:56+05:30 || jskefwj3k5nefswdwfopxv4ca | API Credential | wygy6zfmgzdlzckgturaltkma | false | API_CREDENTIAL | 2023-04-24T14:51:08+05:30 |+----------------------------+---------------------------------------------+----------------------------+----------+------------------+---------------------------+Documentation
Quick start
Install
Download and install the latest 1Password plugin:
steampipe plugin install onepasswordCredentials
| Item | Description |
|---|---|
| Credentials | 1Password requires an Access Token or Access Token and a URL for all requests. |
| Permissions | The permission scope of access tokens is limited to the vaults that the admin provides access to. |
| Radius | Each connection represents a single 1Password Installation. |
| Resolution | 1. Credentials explicitly set in a steampipe config file (~/.steampipe/config/onepassword.spc)2. Credentials specified in environment variables, e.g., OP_CONNECT_TOKEN, OP_CONNECT_HOST. |
Configuration
Installing the latest 1Password plugin will create a config file (~/.steampipe/config/onepassword.spc) with a single connection named onepassword:
Configure your account details in ~/.steampipe/config/onepassword.spc:
connection "onepassword" { plugin = "onepassword"
# Token is required for requests. Required. # See instructions at https://developer.1password.com/docs/connect/manage-secrets-automation#issue-revoke-or-rename-an-access-token # This can also be set via the `OP_CONNECT_TOKEN` environment variable. # token = "eyJhbGciOiJFUzI1NiIsImtpZCI6InFuN3JwcmZhbnJqZ2V1bWU2eTNidGpjdHN5IiwidHlwIjoiSldUIn0.eyIxcGFzc3dvcmQuY29tL2F1dWlkIjoiVEpGVzVZTlRJSkMzSkNXRFgzQ0dWTUpCSDQiLCIxcGFzc3dvcmQuY29tL3Rva2VuIjoib2tnZGZJWHpEaDhWWkNkRHVNRjZNSUplRUlwN3ZrYUQiLCIxcGFzc3dvcmQuY29tL2Z0cyI6WyJ2YXVsdGFjY2VzcyJdLCIxcGFzc3dvcmQuY29tL3Z0cyI6W3sidSI6ImZwZDR1dW00bHJicTMycG8ybXR2ZGo0c3hpI"
# The host URL set to default http://localhost:8080. Optional. # This can also be set via the `OP_CONNECT_HOST` environment variable. # url = "http://localhost:8080"}Alternatively, you can also use the standard 1Password environment variables to obtain credentials only if token and url are not specified in the connection:
export OP_CONNECT_TOKEN=eyJhbGciOiJFUzI1NiIsImtpZCI6InFuN3JwcmZhbnJqZ2V1bWU2eTNidGpjdHN5IiwidHlwIjoiSldUIn0.eyIxcGFzc3dvcmQuY29tL2F1dWlkIjoiVEpGVzVZTlRJSkMzSkNXRFgzQ0dWTUpCSDQiLCIxcGFzc3dvcmQuY29tL3Rva2VuIjoib2tnZGZJWHpEaDhWWkNkRHVNRjZNSUplRUlwN3ZrYUQiLCIxcGFzc3dvcmQuY29tL2Z0cyI6WyJ2YXVsdGFjY2VzcyJdLCIxcGFzc3dvcmQuY29tL3Z0cyI6W3sidSI6ImZwZDR1dW00bHJicTMycG8ybXR2ZGo0c3hpIexport OP_CONNECT_HOST=http://localhost:8080Postgres FDW
This plugin is available as a native Postgres FDW. Unlike Steampipe CLI, which ships with an embedded Postgres server instance, the Postgres FDW can be installed in any supported Postgres database version.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_postgres_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/postgres.sh)" -- onepasswordThe installer will prompt you for the plugin name and version, download and install the appropriate files for your OS, system architecture, and Postgres version.
To configure the Postgres FDW, you will create an extension, foreign server, and schema and import the foreign schema.
CREATE EXTENSION IF NOT EXISTS steampipe_postgres_onepassword;CREATE SERVER steampipe_onepassword FOREIGN DATA WRAPPER steampipe_postgres_onepassword OPTIONS (config '<your_config>');CREATE SCHEMA onepassword;IMPORT FOREIGN SCHEMA onepassword FROM SERVER steampipe_onepassword INTO onepassword;SQLite Extension
This plugin is available as a SQLite Extension, making the tables available as SQLite virtual tables.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_sqlite_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/sqlite.sh)" -- onepasswordThe installer will prompt you for the plugin name, version, and destination directory. It will then determine the OS and system architecture, and it will download and install the appropriate package.
To configure the SQLite extension, load the extension module and then run the steampipe_configure_onepassword function to configure it with plugin-specific options.
$ sqlite3sqlite> .load ./steampipe_sqlite_extension_onepassword.sosqlite> select steampipe_configure_onepassword('<your_config>');Export
This plugin is available as a standalone Export CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- onepasswordYou can pass the configuration to the command with the --config argument:
steampipe_export_onepassword --config '<your_config>' <table_name>