[Feature Request] Enable creating multiple 1Password secrets using deployment annotations #159
Comments
|
I have come across the same issue and was contemplating whether it is correct to aggregate all deployment credentials into a single secret. A suggested solution would be to append a suffix the metadata:
annotations:
operator.1password.io/item-path/0: "vaults/test-k8s-cluster/items/nine-nine-test-secret"
operator.1password.io/item-name/0: "nine-nine-test-secret"
operator.1password.io/item-path/1: "vaults/test-k8s-cluster/items/demo-micro-configuration"
operator.1password.io/item-name/1: "demo-micro-configuration" |
|
An even less verbose option would be to include the item name in the key: apiVersion: apps/v1
kind: Deployment
metadata:
name: deployment-example
annotations:
operator.1password.io/item-path/SECRET_NAME1: "vaults/VAULT/items/ITEM1"
operator.1password.io/item-path/SECRET_NAME2: "vaults/VAULT/items/ITEM2"
operator.1password.io/item-path/SECRET_NAME3: "vaults/VAULT/items/ITEM3" |
|
Hey folks! 👋 I do see the value of enabling multiple secrets to be consumed by a single application through annotation, so it is something worth looking into. I don't have any timelines when the team will look into this, but in the meantime, you're more than welcome to contribute to this if you'd like and have the time. 😊 I will keep you posted when there's any progress on this from my team, though. |
Summary
It would be great to be able to create multiple secrets from 1Password using annotations.
This is based on this customer's feedback.
This attempt doesn't work since the map keys have to be unique.
Use cases
A deployment may need secrets that are stored in multiple 1Password items. To have the scope narrowed down, one would prefer to provide the secrets needed for a deployment as annotations.
Is there a workaround to accomplish this today?
Create the secrets using
OnePasswordItemresources instead.The text was updated successfully, but these errors were encountered: