This repository contains the code of the terraform provider, allowing to resolve 1Password secret references into their respective secret values, which then can be used in other terraform resources.
This approach both leverages efficiency, as it allows secrets to be managed in one single place and reduces risk of error-prone copy pasting of secret values back and forth.
- Clone the repository
- Enter the repository directory
- Build the provider using the Go
installcommand:
go installThis provider uses Go modules. Please see the Go documentation for the most up-to-date information about using Go modules.
To add a new dependency github.com/author/dependency to your Terraform provider:
go get github.com/author/dependency
go mod tidyThen commit the changes to go.mod and go.sum.
To use this provider add the following snippets to your provider.tf file:
terraform {
required_providers {
opsecret = {
source = "registry.terraform.io/qaware-internal/onepassword-secret"
}
...
}
}
provider "opsecret" {
# provide a service account token directly
# if omitted, the OP_SERVICE_ACCOUNT_TOKEN environment variable will be used instead.
service_account_token = "op_s3cr3t"
}
To resolve and use a secret value stored in 1Password use the following snippet:
data "opsecret_secret_reference" "secret_reference" {
id = "op://vault-name/item-name/section-name/field-name"
}
resource "whatever" "some_resource" {
attribute = data.opsecret_secret_reference.secret_reference.value
}Note, that references pointing to binary file attachments will be resolved to base64 encoded string contents.
If you wish to work on the provider, you'll first need Go installed on your machine (see Requirements above).
To compile the provider, run go install. This will build the provider and put the provider binary in the $GOPATH/bin directory.
To use the compiled provider in a local repository, add a dev_overrides directive in your terraform / opentofu configuration file (see official Documentation for details).
To generate or update documentation, run make generate.