"Correct" way to read custom fields in ```onepassword_item``` data source
Hi,
We're looking at migrating from HashiCorp Vault to 1Password as a secret provider for our terraform projects.
At present we have something like this:
```
provider "vault" {
address = "https://vault.mydomain.internal"
}
data "vault_generic_secret" "azure" {
path = "secret/path/to/my/secret"
}
provider "azurerm" {
client_id = data.vault_generic_secret.azure.data["clientid"]
tenant_id = data.vault_generic_secret.azure.data["tenant_id"]
client_secret = data.vault_generic_secret.azure.data["client_secret"]
subscription_id = data.vault_generic_secret.azure.data["subscription_id"]
features {}
}
```
The best I've ben able to put together with the onepassword provider is this:
```
provider "onepassword" {
# uses the OP_SERVICE_ACCOUNT_TOKEN environment variable for authentication.
# also looks in the system path for the 1password cli (op.exe / op)
}
data "onepassword_item" "my_spn" {
vault = "my-vault"
title = "my-spn"
}
provider "azurerm" {
tenant_id = [for field in data.onepassword_item.my_spn.section[0].field : field.value if field.label == "tenant_id"][0]
client_id = [for field in data.onepassword_item.my_spn.section[0].field : field.value if field.label == "client_id"][0]
client_secret = [for field in data.onepassword_item.my_spn.section[0].field : field.value if field.label == "client_secret"][0]
subscription_id = [for field in data.onepassword_item.my_spn.section[0].field : field.value if field.label == "subscription_id "][0]
features {}
}
```
Have I got completely the wrong end of the stick and there's an easier way to access custom fields?
I've used the 1Password Github actions and the 1Password CLI and they both support a much simpler syntax so I was hoping for something similar in the terraform provider - e.g. something like:
Here's the GitHub Actions and OP cli syntax for comparison...
provider "azurerm" {
client_id = data.onepassword_item.my_spn.field["client_id"]
tenant_id = data.onepassword_item.my_spn.field["tenant_id"]
client_secret = data.onepassword_item.my_spn.field["client_secret"]
subscription_id = data.onepassword_item.my_spn.field["subscription_id"]
features {}
}
github actions
- name: load secrets
id: onepassword
uses: 1password/load-secrets-action@v2
with:
export-env: true
env:
OP_SERVICE_ACCOUNT_TOKEN: "${{ secrets.ONEPASSWORD_SERVICE_ACCOUNT_TOKEN }}"
MY_SPN: "op://my-vault/my-spn/client_id"
op cli
C:\> op read "op://my-vault/my-spn/client_id"
Thanks,
Mike
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided
