Skip to main content
December 18, 2021
Question

[24, 36] OpenID connect

  • December 18, 2021
  • 3 replies
  • 65 views

Any plans for supporting OIDC? Many CI/CD platforms like Github Actions and CircleCI are now supporting these so that they can generate temporary credentials by their cloud providers to create a temporary auth session. I personally would like the ability to have this kind of support through my CI/CD flows so that I am not storing my sign-in creds for 1password as yet another secret in those platforms to be able to signin using the cli for running my set tests.

https://github.blog/changelog/2021-10-27-github-actions-secure-cloud-deployments-with-openid-connect/

My use case for this would be to have those Ci/CD platforms get a session so that I can run op run -- ....


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

3 replies

1Password Employee
December 31, 2021

Hi @chrisgoffinet, I really appreciate you sharing this! This sounds awesome to have support for in the CLI.

We're looking into authentication options for automated use cases by introducing service accounts. I'll pass your message along to my teammates working on that. Thanks again for sharing! 💙

1Password Employee
January 19, 2022

One thing I completely forgot to mention there: op run, op inject and op read support using https://support.1password.com/secrets-automation/ as a back-end. When OP_CONNECT_HOST and OP_CONNECT_TOKEN environment variables are set, the configured Connect server is used to fetch secrets.

I see that's currently only documented in the help-text and https://developer.1password.com/docs/cli/reference/commands/run/. I'll see if we can add a guide on that as well.

Sadia_A1P
1Password Employee
June 16, 2022

Hi @chrisgoffinet ,

I'm Sadia, a Product Manager at 1Password, and have some news that may be interesting to you. I am looking for some developers and administrators that would be interested in chatting with me about a new feature our team has been working on: Service Accounts. Earlier this year, we introduced the CLI 2.0, where users can use “run” and “inject” commands to substitute secret references for secrets stored in 1Password vaults. With our new Service Account capabilities, organizations can use a separate non-user account to control and manage access to secrets without deploying additional services like Connect.

We are currently building out service accounts and want to understand your pain-points and experiences with secrets management, and gather some feedback, so we could deliver the best product for our customers.

If you are interested, please feel free to reach out to me at sadia.azmal@agilebits.com or sign-up for a 30 minute slot on Calendly. I look forward to hearing from you :)