connect server - connection refused
I attempted to deploy connect server but it didn't work below are the context input: op item get --format json --vault my_vault_name my_item_title response: [ERROR] 2025/03/14 05:03:37 could not retrieve item ‘my_vault_name/my_item_title: Get "http://localhost:8080/v1/vaults?filter=title+eq+%22my_vault_name%22": dial tcp [::1]:8080: connect: connection refused what have I done I installed locally follow instruction on getting start page I installed via helm chart I already got 1password-credentials.json file locally I already set environment variable OP_CONNECT_TOKEN, OP_CONNECT_HOST I also set environment variables OP_SESSION, OP_HTTP_PORT, OP_LOG_LEVEL I also tried with API heartbeat but also get connection refused info on environment MacOS: 15.3.2 chip M2 ARM64 1Password version: 1Password for Mac 8.10.64 1Password CLI version: 2.30.3 kubenetes: using colima, runtime containerd + k3s pods are up and running (both connect-api and connect-sync) In my profile on 1password.com, it said “Your Connect server hasn’t authenticated with 1Password yet.” helm status give this response NAME: connect LAST DEPLOYED: Fri Mar 14 01:13:28 2025 NAMESPACE: default STATUS: deployed REVISION: 1 NOTES: ** Please be patient while the chart is being deployed ** 1Password Connect is being deployed to Kubernetes. More information about 1Password Connect can be found at https://support.1password.com/secrets-automation/ it look like I missed last “authentication step” but I couldn’t figure out Thank you
How does the k8s operator restart deployments?
I don't see in the documentation anywhere but I'd like to know how the operator restarts deployments. My main concern is that if a secret is updated, a deployment will hard-restart and possibly interrupt an operation mid-request. Is there a way to configure how it restarts deployments, with a custom shutdown command that can be handled by the service properly, finish it's current request and then restart nicley?
Clarification about private keys for passkeys
Hey there, I was doing some reading about passkeys and 1Password and started wondering: does 1Password ever actually store passkey private keys on the device's TPM or Secure Enclave? Or does it only use the cloud-based vault and sync the private keys to the current device as needed, using some local storage as a cache such as Indexed DB (encrypted)? This is within the example context of using the 1Password Chrome extension on a MacBook without the desktop app installed. Reason I'm confused is that some cloud-sync passkey providers such as Apple seem to do both the 1) device-bound Secure Enclave storage AND 2) 'cloud vault' equivalent to sync across devices. I'm only confused because in some 1Password docs/threads I've seen people say that the private key is stored on device while in others I've seen the opposite said. Also, is there a difference in the way the private key is handled if you are just using the extension vs extension + desktop app? Thanks so much for your time
Cannot connect connect-server to 1password from k8s
Hello. I have a problem with running 1Password operator in k8s cluster. Onepassword-connector does not connect to the server at all. First I had problems with onepassword-credentials.json being fetched by the connector-api and connector-sync containers if they were declared as: env: - name: OP_SESSION valueFrom: secretKeyRef: name: op-credentials key: 1password-credentials.json So I passed them via volumes / volumeMounts and defined the variable like this: volumes: - name: credentials secret: secretName: op-credentials (...) env: - name: OP_SESSION value: /home/opuser/.config/1password-credentials.json volumeMounts: - mountPath: /home/opuser/.config name: credentials readOnly: true Here I put my code to make it clear how I create the deployment: Gitlab Unfortunately I still can't connect to the server, and on the page: https://my.1password.com/developer-tools/infrastructure-secrets/connect/{connect_id} There is no information about the connection of my connect server, it only says "Not yet deployed" Neither the connect-api container nor the connect-sync inside the onepassword-connect pod log any errors. Only errors I have are for operator and OnePasswordItem, which is: 2025-02-17T20:31:08Z ERROR Reconciler error {"controller": "onepassworditem", "controllerGroup": "onepassword.com", "controllerKind": "OnePasswordItem", "OnePasswordItem": {"name":"example","namespace":"onepassword"}, "namespace": "onepassword", "name": "example", "reconcileID": "a1ba0a9c-7388-454e-9ce6-074cb6621e5c", "error": "Failed to retrieve item: Get \"http://onepassword-connect:8080/v1/vaults?filter=title+eq+%22Development%22\": net/http: invalid header field value for \"Authorization\""} sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler /workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:329 sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem /workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:266 sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2 /workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:227 Could I ask for help in finding the problem? MarPi82
Trouble getting document items in Kubernetes with 1P Connect Operator
Hey everyone, I'm trying to get a document out of 1P and into a k8s secret with the Connect Operator, version 1.8.1. I can get Login items but not Document items, even though there seems to be a discussion about this exact topic stating that Documents are supported as of version 1.3.0. Does anyone else have experience with this? --- apiVersion: onepassword.com/v1 kind: OnePasswordItem metadata: name: config-file-dot-yaml namespace: default spec: itemPath: "vaults/dev/items/config-file.yaml" This is the OnePasswordItem I have. The Document config-file.yaml is in the vault dev, and kubectl describe secret config-file-dot-yaml returns an event of "No items found with identifier 'config-file.yaml' " Is there any examples out there of getting the document? Thanks!What 1Password field type to store a json formatted secret?
I have a lengthy json formatted secret I want to store in 1Password and access for use in terraform (using the provider or otherwise), but I can't figure out how to store a json file in 1Password without it stripping the whitespace/formatting. I tried adding it to a Password and that doesn't allow multi-line. It looks like Text would do it, but I'd prefer it not be immediately visible in the 1Password client. I tried a txt file attachment to a record, but there is not "copy secret reference" for that field type (though maybe it is still accessible in that way?). Thanks, Mike 1Password Version: Not Provided Extension Version: Not Provided OS Version: Not Provided Browser: Not Provided
How to get the private ssh key in OpenSSH format via Api
Hi, we want to access private ssh keys (vault items) via the API to get them in the OpenSSH format. We used ssh-format=openssh as parameter (which was suggested for the 1password CLI tool) and in some cases it works, but in some not. What is the correct way to get the private ssh keys always in the OpenSSH format via the API? 1Password Version: 1.7.0 Extension Version: Not Provided OS Version: Not Provided Browser: 1Password Connect API
