You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
With Service Account functionality now released, will this be supported in the 1Password Operator? This would allow the operator to be used without the Connect server.
Use cases
Running an Operator to automatically generate and update Kubernetes secrets from 1Password items. Basically, same use case as always, just doing so without having to provision a Connect server in the same cluster.
Proposed solution
Support the OP_SERVICE_ACCOUNT_TOKEN environment variable used to authenticate against a service account. Resolution of 1Password items would then use the service account token to communicate directly with 1Password rather than using the Connect server.
Is there a workaround to accomplish this today?
The only option I'm currently aware of is to run a private Connect server which consumes cluster resources.
References & Prior Work
I'm pretty sure the Kubernetes Secret Injector for 1Password supports this as does the op CLI tool. It would be useful if the various SDKs and this Operator would also support service accounts.
The text was updated successfully, but these errors were encountered:
Hey there.
Thank you for expressing your interest in supporting service accounts with the operator.
I can't provide any timelines of when we will look further into this, but we will keep you updated when there's progress on it. 😄
Summary
With Service Account functionality now released, will this be supported in the 1Password Operator? This would allow the operator to be used without the Connect server.
Use cases
Running an Operator to automatically generate and update Kubernetes secrets from 1Password items. Basically, same use case as always, just doing so without having to provision a Connect server in the same cluster.
Proposed solution
Support the
OP_SERVICE_ACCOUNT_TOKEN
environment variable used to authenticate against a service account. Resolution of 1Password items would then use the service account token to communicate directly with 1Password rather than using the Connect server.Is there a workaround to accomplish this today?
The only option I'm currently aware of is to run a private Connect server which consumes cluster resources.
References & Prior Work
I'm pretty sure the Kubernetes Secret Injector for 1Password supports this as does the
op
CLI tool. It would be useful if the various SDKs and this Operator would also support service accounts.The text was updated successfully, but these errors were encountered: