Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support Service Accounts #160

Open
mt35-rs opened this issue Jun 9, 2023 · 2 comments
Open

Support Service Accounts #160

mt35-rs opened this issue Jun 9, 2023 · 2 comments

Comments

@mt35-rs
Copy link

mt35-rs commented Jun 9, 2023

Summary

With Service Account functionality now released, will this be supported in the 1Password Operator? This would allow the operator to be used without the Connect server.

Use cases

Running an Operator to automatically generate and update Kubernetes secrets from 1Password items. Basically, same use case as always, just doing so without having to provision a Connect server in the same cluster.

Proposed solution

Support the OP_SERVICE_ACCOUNT_TOKEN environment variable used to authenticate against a service account. Resolution of 1Password items would then use the service account token to communicate directly with 1Password rather than using the Connect server.

Is there a workaround to accomplish this today?

The only option I'm currently aware of is to run a private Connect server which consumes cluster resources.

References & Prior Work

I'm pretty sure the Kubernetes Secret Injector for 1Password supports this as does the op CLI tool. It would be useful if the various SDKs and this Operator would also support service accounts.

@ThinkBriK
Copy link

Go SDK would be huge for integrations.

@edif2008
Copy link
Member

edif2008 commented Jul 4, 2023

Hey there.
Thank you for expressing your interest in supporting service accounts with the operator.
I can't provide any timelines of when we will look further into this, but we will keep you updated when there's progress on it. 😄

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants