Protect what matters – even after you're gone. Make a plan for your digital legacy today.
Forum Discussion
Vault creation in a pipeline
Hello,
I have a pipeline creating a few things. I'd like to add creation of a vault, too. The user I'm using for vault creation has been added to group with permission to create vaults ("Create Vaults") and nothing else.
vault_name="example-vault-name"
session_token="obtained-earlier"
op create vault "$vault_name" --allow-admins-to-manage true --account my-account --session $session_token
This works fine. However, the idea is that the user used in the pipeline should NOT have access to the vault contents. After a while the vault will be populated with sensitive data (access to individual users will be granted later manually) and I'd rather not have access to these.
Any suggestions? I do not want to elevate permissions of the user in the pipeline just to remove its own access to the newly created vault (I assume this would work).
I looked at secrets automation, too. Either I missed it or it's impossible to create vaults there.
1Password Version: 1.11.2
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
3 Replies
Hey @keram ,
If you use the CLI to remove the user that created the vault, I think that should accomplish what you're trying to do.
It would look similar to this:```
vault_name="example-vault-name"
session_token="obtained-earlier"
current_user="user ID or username of user used in pipeline"vault_id=$(op create vault "$vault_name" --allow-admins-to-manage true --session $session_token | jq -r '.uuid')
op remove user "$current_user" $vault_id --account my-account --session $session_token
```Once the user that created the vault is removed, only the admin and the owner groups would remain with sufficient permissions to view and edit the vault.
Does that help?
