• Stars
    star
    149
  • Rank 248,619 (Top 5 %)
  • Language
  • Created over 3 years ago
  • Updated 5 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Access your 1Password secrets using a 1Password Connect Server

1Password Connect

The 1Password Connect server provides a REST API that can be used to securely access data from your 1Password account. Learn more about setting up a Secrets Automation Workflow

Quick Start

Create Server and Access Token

You can use the 1Password CLI to set up a 1Password Connect server and issue tokens for it.

First, set up a 1Password Connect server:

op connect server create <name> --vaults <vault>[,<vault>]

You'll get a 1password-credentials.json file that you'll use to deploy the Connect server.

Issue a token:

op connect token create <token_name> --server <server_name> --vaults <vault_uuid>[,(r|w|rw)]

Deploy Connect Server

Deploying 1Password Connect requires 2 containers to be running in your infrastructure.

  • 1password/connect-sync: keeps information available on the server updated with 1Password.com
  • 1password/connect-api: serves the Connect REST API

Deployment Examples:

Server Configuration

The following environment variable configuration options are available for both containers:

  • OP_SESSION: path to the 1password-credentials.json file. Defaults to ~/.op/1password-credentials.json.
  • OP_HTTP_PORT: port used by the HTTP server. Defaults to 8080
  • OP_LOG_LEVEL: set the logging level of the container. Defaults to info.

All other configuration options are only relevant for the password/connect-api container:

  • OP_HTTPS_PORT: port used by the HTTP sever when TLS is configured (see below). Defaults to 8443.
  • OP_SYNC_TIMEOUT: define how long to wait for initial sync to complete. Defaults to 10s.

More information on configuration options

TLS

By default, 1Password Connect is configured for use within a trusted network. It is possible to enable TLS for the connection between your application and Connect. This can be done either by providing your own certificate or by letting Connect request a certificate using Let's Encrypt.

Connect will listen on the port defined by OP_HTTPS_PORT (default 8443) when TLS is enabled.

Provide own certificate
Connect can use a PEM-encoded private key and certificate by setting the following two environment variables for the connect-api container:

  • OP_TLS_KEY_FILE: path to the private key file.
  • OP_TLS_CERT_FILE: path to the certificate file. This should be the full certificate chain.

Use Let's Encrypt
Connect can also request a certificate from the Let's Encrypt CA. For this, two environment variables have to be set for the connect-api container:

  • OP_TLS_USE_LETSENCRYPT: should be set to any value.
  • OP_TLS_DOMAIN: the (sub-)domain for which to request a certificate. The DNS-records for this domain must point to the Connect server.

As long as Connect is running, its HTTPS listener must be reachable on a public IP at port 443 (either by setting OP_HTTPS_PORT=443 or by forwarding traffic at port 443 to Connect's OP_HTTPS_PORT) for the server to be able to refresh its Let's Encrypt certificate.

Related 1Password Support Links

More Repositories

1

typeshare

Typeshare is the ultimate tool for synchronizing your type definitions between Rust and other languages for seamless FFI.
Rust
2,393
star
2

1password-teams-open-source

Get a free 1Password Teams membership for your open source project
1,562
star
3

arboard

A clipboard for Rust
Rust
640
star
4

onepassword-operator

The 1Password Connect Kubernetes Operator provides the ability to integrate Kubernetes Secrets with 1Password. The operator also handles autorestarting deployments when 1Password items are updated.
Go
531
star
5

shell-plugins

Seamless authentication for every tool in your terminal.
Go
519
star
6

electron-hardener

A fast and small Rust library to make Electron apps more secure.
Rust
380
star
7

srp

A set of Go functions for Secure Remote Password protocol implementation in 1Password Teams
Go
348
star
8

terraform-provider-onepassword

Use the 1Password Terraform Provider to reference, create, or update items in your 1Password Vaults.
Go
323
star
9

op-vscode

1Password for VS Code
TypeScript
211
star
10

spg

1Password's Strong Password Generator - Go package
Go
202
star
11

connect-sdk-python

Python SDK for 1Password Connect
Python
200
star
12

vault-plugin-secrets-onepassword

Hashicorp Vault plugin integrates with 1Password Connect to allow for the retrieval, creation, and deletion of items stored in 1Password.
Go
193
star
13

load-secrets-action

Load secrets from 1Password into your GitHub Actions jobs
TypeScript
183
star
14

connect-sdk-go

Go SDK for 1Password Connect
Go
159
star
15

scim-examples

1Password SCIM Bridge deployment examples
HCL
147
star
16

connect-sdk-js

Node SDK for 1Password Connect
TypeScript
143
star
17

passkey-rs

A framework for defining Webauthn Authenticators that support passkeys
Rust
122
star
18

ansible-onepasswordconnect-collection

The 1Password Connect collection contains modules that interact with your 1Password Connect deployment. The modules communicate with the 1Password Connect API to support Vault Item create/read/update/delete operations.
Python
112
star
19

op-js

A JS library powered by the 1Password CLI
TypeScript
92
star
20

solutions

Examples and templates from the 1Password Solutions team
Python
78
star
21

connect-helm-charts

Official 1Password Helm Charts
Smarty
76
star
22

electron-secure-defaults

Starter kit and documentation for building security conscious Electron apps
TypeScript
74
star
23

typeshare-old

Generate code in different languages from Rust type definitions for FFI interop.
Rust
70
star
24

password-rules-parser

Rust parser for the passwordrules attribute
Rust
68
star
25

sys-locale

A small and lightweight Rust library to obtain the active locale on the system.
Rust
66
star
26

burp-1password-session-analyzer

Burp plugin for the 1Password session protocol for use by security researchers. https://bugcrowd.com/agilebits
Java
51
star
27

kubernetes-secrets-injector

Go
49
star
28

check-signed-commits-action

GitHub Action to check PRs for signed commits
41
star
29

homebrew-tap

Homebrew tap to install 1Password products.
Ruby
37
star
30

install-cli-action

Install 1Password CLI into your GitHub Actions jobs.
Shell
31
star
31

op-scim-helm

Helm charts for the op-scim applications
Smarty
22
star
32

pulumi-onepassword

Pulumi provider for 1Password.
Python
16
star
33

developer-community-projects

Go
15
star
34

op-scim-gcp-marketplace

Makefile
14
star
35

events-api-elastic

Go
12
star
36

events-api-generic

Go
12
star
37

markdown-benchmarks

Benchmarking markdown libraries
C
11
star
38

events-api-splunk

Go
7
star
39

dep-report

Go
7
star
40

postman-integration-secrets-edu-ut-edition

JavaScript
7
star
41

terraform-provider-onepassword-secrets-edu-ut-edition

Go
7
star
42

ring

Fork of https://github.com/briansmith/ring
Assembly
5
star
43

secrets-orb

Shell
5
star
44

blog-ci-docker

Dockerfile for 1password/blog-ci container. Based on https://github.com/felicianotech/docker-hugo
5
star
45

onepassword-sdk-go

Go
5
star
46

onepassword-sdk-js

The official JavaScript SDK for 1Password
JavaScript
5
star
47

publicsuffix-benchmarks

Testing performance of the public suffix list libraries (https://publicsuffix.org)
Rust
4
star
48

extension-messaging

TypeScript
4
star
49

onepassword-sdk-python

Python
3
star
50

go-directequality-checker

Go
2
star
51

docusaurus-extensions

TypeScript
2
star
52

ppa

TeX
1
star