From e1b37a5b1e835dddb2d2cbe5120d8ae0be0f6d28 Mon Sep 17 00:00:00 2001 From: volodymyrZotov Date: Thu, 11 Aug 2022 18:58:35 +0300 Subject: [PATCH] updated README and configuration.yml --- README.md | 18 ++++++++++++++---- configure/action.yml | 4 ++-- 2 files changed, 16 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 5351238..f28ec62 100644 --- a/README.md +++ b/README.md @@ -10,6 +10,14 @@ Specify right from your workflow YAML which secrets from 1Password should be loa ## Usage +You can configure the action to use either 1Password connect instance or service account. + +If provide `OP_CONNECT_HOST` and `OP_CONNECT_TOKEN` variables - connect instance will be used to load secrets. + +If provide `OP_SERVICE_ACCOUNT_TOKEN` variable - service account will be used to load secrets. + +***Note***: if all variables are provided the `OP_CONNECT_HOST` and `OP_CONNECT_TOKEN` environment variables will take precedence over `OP_SERVICE_ACCOUNT_TOKEN`. Clear the Connect environment variables to configure a service account instead. + There are two ways that secrets can be loaded: - [use the secrets from the action's ouput](#use-secrets-from-the-actions-output) - [export secrets as environment variables](#export-secrets-as-environment-variables) @@ -199,10 +207,11 @@ So for example, the reference URI `op://app-cicd/aws/secret-access-key` would be Similar to regular GitHub repository secrets, fields from 1Password will automatically be masked from the GitHub Actions logs too. So if one of these values accidentally gets printed, it'll get replaced with `***`. -## 1Password Connect Configuration +## 1Password Configuration -To use the action, you need to have a [1Password Connect](https://support.1password.com/secrets-automation/#step-1-set-up-a-secrets-automation-workflow) instance deployed somewhere. -To configure the action with your Connect URL and a Connect token, you can set the `OP_CONNECT_HOST` and `OP_CONNECT_TOKEN` variables. +To use the action, you may need to have a [1Password Connect](https://support.1password.com/secrets-automation/#step-1-set-up-a-secrets-automation-workflow) instance deployed somewhere. +To configure the action with your Connect URL and a Connect token, you can set the `OP_CONNECT_HOST` and `OP_CONNECT_TOKEN` variables. +If you provide `OP_SERVICE_ACCOUNT_TOKEN` you can skip connect setup as action will use your service account instead. If you're using the `load-secrets` action more than once in a single job, you can use the `configure` action to avoid duplicate configuration: @@ -219,7 +228,7 @@ jobs: with: connect-host: connect-token: ${{ secrets.OP_CONNECT_TOKEN }} - + service-account-token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} - name: Load secret uses: 1password/load-secrets-action@v1 env: @@ -232,6 +241,7 @@ jobs: |---|---|---|---| | `connect-host` | | `OP_CONNECT_HOST` | Your 1Password Connect instance URL | | `connect-token` | | `OP_CONNECT_TOKEN` | Token to authenticate to your 1Password Connect instance | +| `service-account-token` | | `OP_SERVICE_ACCOUNT_TOKEN` | Your 1Password service account token | ## Supported Runners diff --git a/configure/action.yml b/configure/action.yml index 9b6bf96..40ab9eb 100644 --- a/configure/action.yml +++ b/configure/action.yml @@ -1,5 +1,5 @@ -name: Configure 1Password Connect -description: Persist 1Password Connect host and token for use in next steps. +name: Configure 1Password Connect and service account +description: Persist 1Password Connect host, token and service account for use in next steps. author: 1Password inputs: connect-host: