Recommended/safest way to use connect server from github actions

Hey @sarahthekey,

Service accounts are now available to be used. Check out https://developer.1password.com/docs/service-accounts to get an overview of what they do and how you can use them. Note that you need to be an Admin / Owner of the 1Password account to be able to create service accounts.

In terms of integrations, we have the https://developer.1password.com/docs/connect/k8s-injector that injects the secrets that you want directly into your deployment. This one works with both service accounts and Connect. We're still working on adding service account support for the Terraform provider.

Coming back to your question about safely providing the Connect host to your terraform, you can achieve that by doing the following steps:
1. Define a terraform variable (usually in the variables.tf file) like this one:

variable "op_connect_host" {
type = string
sensitive = true
}

Marking it as sensitive will also mask the value of it in the logs e.g. when running terraform plan.
2. Use the Terraform variable in your terraform file like so:

provider "onepassword" {
url = var.op_connect_host
}

3. Define an environment variable secret for your repository like so: TF_VAR_op_connect_host=https://some-domain.com.
4. In the step in which you run your Terraform commands, provide the environment variable:

steps:
- name: Run Terraform commands
env:
TF_VAR_op_connect_host: ${{ secrets.TF_VAR_op_connect_host }}
run: |
terraform apply


Let me know if this helps in decreasing the risk of exposing your Connect host. 😊