Forge Home

onepassword_lookup

pdk
Hiera backend for onepassword

614 downloads

230 latest version

5.0 quality score

Version information

  • 0.1.3 (latest)
  • 0.1.2
  • 0.1.1
released Nov 24th 2021
This version is compatible with:
  • Puppet Enterprise 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x, 2017.2.x, 2016.4.x
  • Puppet >= 4.10.0 < 7.0.0
  • CentOS
    ,
    OracleLinux
    ,
    RedHat
    ,
    Scientific
    ,
    Debian
    ,
    Ubuntu
    ,
    windows

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'bryxxit-onepassword_lookup', '0.1.3'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add bryxxit-onepassword_lookup
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install bryxxit-onepassword_lookup --version 0.1.3

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

bryxxit/onepassword_lookup — version 0.1.3 Nov 24th 2021

setup

Setup 1password connect accoriding to the official docs https://support.1password.com/secrets-automation/

usage

Set your hiera.yml to lookup from the onepassword lookup.

---
version: 5

defaults:  # Used for any hierarchy level that omits these keys.
  datadir: data         # This path is relative to hiera.yaml's directory.
  data_hash: yaml_data  # Use the built-in YAML backend.

hierarchy:
  ....
  - name: "Secret data"
    lookup_key: onepassword_lookup 
    options:
      vaults: 
        - 'development'
        - 'puppet-common'
      url: 'http://localhost:8080' ## you can now also use https
      token: 'sometoken'

next try looking up a key. Note items can have the same title inside onepassword. These are now combined and returned as an array. Does not work yet when multiple vaults are defined.

root@puppet:/# puppet lookup mynote
  note content
root@puppet:/# puppet lookup dev-db-login
---
username: test
password: test
root@puppet:/# puppet lookup dev-db-pass
--- testpass
root@puppet:/# puppet lookup dev-db-login2
---
- username: test
  password: test
- username: web
  password: web