Add missing config for tests

.github/workflows/test.yml

@@ -2,7 +2,7 @@ on: push
 name: Run acceptance tests
 
 jobs:
-  use-connect-without-export-env:
+  test:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2
@@ -15,148 +15,81 @@ jobs:
       - name: Configure 1Password Connect
         uses: ./configure # 1password/load-secrets-action/configure@<version>
         with:
+          use-connect: yes
           connect-host: http://localhost:8080
           connect-token: ${{ secrets.OP_CONNECT_TOKEN }}
       - name: Load secrets
-        id: load_secrets
         uses: ./ # 1password/load-secrets-action@<version>
         env:
-          SECRET: op://acceptance-tests/test-secret/password
-          SECRET_IN_SECTION: op://acceptance-tests/test-secret/test-section/password
-          MULTILINE_SECRET: op://acceptance-tests/multiline-secret/notesPlain
-      - name: Assert test secret values
-        env:
-          SECRET: ${{ steps.load_secrets.outputs.SECRET }}
-          SECRET_IN_SECTION: ${{ steps.load_secrets.outputs.SECRET_IN_SECTION }}
-          MULTILINE_SECRET: ${{ steps.load_secrets.outputs.MULTILINE_SECRET }}
-        run: ./tests/assert-env-set.sh
-  use-connect-with-export-env:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - name: Launch 1Password Connect instance
-        env:
-          OP_CONNECT_CREDENTIALS: ${{ secrets.OP_CONNECT_CREDENTIALS }}
-        run: |
-          echo "$OP_CONNECT_CREDENTIALS" > 1password-credentials.json
-          docker-compose -f tests/fixtures/docker-compose.yml up -d && sleep 10
-      - name: Configure 1Password Connect
-        uses: ./configure # 1password/load-secrets-action/configure@<version>
-        with:
-          connect-host: http://localhost:8080
-          connect-token: ${{ secrets.OP_CONNECT_TOKEN }}
-      - name: Load secrets
-        id: load_secrets
+          SECRET: op://v5pz6venw4roosmkzdq2nhpv6u/hrgkzhrlvscomepxlgafb2m3ca/password
+          SECRET_IN_SECTION: op://v5pz6venw4roosmkzdq2nhpv6u/hrgkzhrlvscomepxlgafb2m3ca/test-section/password
+          UNMASKED_VALUE: op://v5pz6venw4roosmkzdq2nhpv6u/hrgkzhrlvscomepxlgafb2m3ca/test-section/username
+      - name: Load multiline secret
         uses: ./ # 1password/load-secrets-action@<version>
-        with:
-          export-env: true
         env:
-          SECRET: op://acceptance-tests/test-secret/password
-          SECRET_IN_SECTION: op://acceptance-tests/test-secret/test-section/password
-          MULTILINE_SECRET: op://acceptance-tests/multiline-secret/notesPlain
+          MULTILINE_SECRET: op://v5pz6venw4roosmkzdq2nhpv6u/ghtz3jvcc6dqmzc53d3r3eskge/notesPlain
+      - name: Print environment variables with masked secrets
+        run: printenv
       - name: Assert test secret values
         run: ./tests/assert-env-set.sh
       - name: Remove secrets
         uses: ./ # 1password/load-secrets-action@<version>
         with:
           unset-previous: true
+      - name: Print environment variables with secrets removed
+        run: printenv
       - name: Assert removed secrets
         run: ./tests/assert-env-unset.sh
-  use-connect-with-references-with-id:
+      - name: Load secrets by vault and item titles
+        uses: ./ # 1password/load-secrets-action@<version>
+        env:
+          SECRET: op://acceptance-tests/test-secret/password
+          SECRET_IN_SECTION: op://acceptance-tests/test-secret/test-section/password
+          MULTILINE_SECRET: op://acceptance-tests/multiline-secret/notesPlain
+      - name: Print environment variables with masked secrets
+        run: printenv
+      - name: Assert test secret values again
+        run: ./tests/assert-env-set.sh
+  test-user:  
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2
-      - name: Launch 1Password Connect instance
-        env:
-          OP_CONNECT_CREDENTIALS: ${{ secrets.OP_CONNECT_CREDENTIALS }}
-        run: |
-          echo "$OP_CONNECT_CREDENTIALS" > 1password-credentials.json
-          docker-compose -f tests/fixtures/docker-compose.yml up -d && sleep 10
-      - name: Configure 1Password Connect
+      - name: Configure 1Password with a user
         uses: ./configure # 1password/load-secrets-action/configure@<version>
         with:
-          connect-host: http://localhost:8080
-          connect-token: ${{ secrets.OP_CONNECT_TOKEN }}
+          user-domain: ${{ secrets.USER_DOMAIN }}
+          user-email: ${{ secrets.USER_EMAIL }}
+          user-key: ${{ secrets.USER_KEY }}
+          user-pwd: ${{ secrets.USER_PWD }}
       - name: Load secrets
-        id: load_secrets
         uses: ./ # 1password/load-secrets-action@<version>
         env:
-          SECRET: op://v5pz6venw4roosmkzdq2nhpv6u/hrgkzhrlvscomepxlgafb2m3ca/password
-          SECRET_IN_SECTION: op://v5pz6venw4roosmkzdq2nhpv6u/hrgkzhrlvscomepxlgafb2m3ca/Section_tco6nsqycj6jcbyx63h5isxcny/doxu3mhkozcznnk5vjrkpdqayy
-          MULTILINE_SECRET: op://v5pz6venw4roosmkzdq2nhpv6u/ghtz3jvcc6dqmzc53d3r3eskge/notesPlain
-      - name: Assert test secret values
-        env:
-          SECRET: ${{ steps.load_secrets.outputs.SECRET }}
-          SECRET_IN_SECTION: ${{ steps.load_secrets.outputs.SECRET_IN_SECTION }}
-          MULTILINE_SECRET: ${{ steps.load_secrets.outputs.MULTILINE_SECRET }}
-        run: ./tests/assert-env-set.sh
-  use-service-account-without-export-env:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - name: Load secrets
-        id: load_secrets
+          SECRET: op://p4a7xwirm3lcwtu6okulbhym5i/mybhbbwhewncjb67cy4v7hjpgi/password
+          SECRET_IN_SECTION: op://p4a7xwirm3lcwtu6okulbhym5i/mybhbbwhewncjb67cy4v7hjpgi/test-section/password
+          UNMASKED_VALUE: op://p4a7xwirm3lcwtu6okulbhym5i/mybhbbwhewncjb67cy4v7hjpgi/test-section/username
+      - name: Load multiline secret
         uses: ./ # 1password/load-secrets-action@<version>
         env:
-          OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
-          SECRET: op://acceptance-tests/test-secret/password
-          SECRET_IN_SECTION: op://acceptance-tests/test-secret/test-section/password
-          MULTILINE_SECRET: op://acceptance-tests/multiline-secret/notesPlain
+          MULTILINE_SECRET: op://p4a7xwirm3lcwtu6okulbhym5i/bcshnrykfwf5i5zm7nkqy63dca/notesPlain
+      - name: Print environment variables with masked secrets
+        run: printenv
       - name: Assert test secret values
-        env:
-          SECRET: ${{ steps.load_secrets.outputs.SECRET }}
-          SECRET_IN_SECTION: ${{ steps.load_secrets.outputs.SECRET_IN_SECTION }}
-          MULTILINE_SECRET: ${{ steps.load_secrets.outputs.MULTILINE_SECRET }}
         run: ./tests/assert-env-set.sh
-  use-service-account-with-export-env:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - name: Load secrets
-        id: load_secrets
+      - name: Remove secrets
         uses: ./ # 1password/load-secrets-action@<version>
         with:
-          export-env: true
+          unset-previous: true
+      - name: Print environment variables with secrets removed
+        run: printenv
+      - name: Assert removed secrets
+        run: ./tests/assert-env-unset.sh
+      - name: Load secrets by vault and item titles
+        uses: ./ # 1password/load-secrets-action@<version>
         env:
-          OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
           SECRET: op://acceptance-tests/test-secret/password
           SECRET_IN_SECTION: op://acceptance-tests/test-secret/test-section/password
           MULTILINE_SECRET: op://acceptance-tests/multiline-secret/notesPlain
-      - name: Assert test secret values
-        run: ./tests/assert-env-set.sh
-  use-service-account-with-references-with-id:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - name: Load secrets
-        id: load_secrets
-        uses: ./ # 1password/load-secrets-action@<version>
-        env:
-          OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
-          SECRET: op://v5pz6venw4roosmkzdq2nhpv6u/hrgkzhrlvscomepxlgafb2m3ca/password
-          SECRET_IN_SECTION: op://v5pz6venw4roosmkzdq2nhpv6u/hrgkzhrlvscomepxlgafb2m3ca/Section_tco6nsqycj6jcbyx63h5isxcny/doxu3mhkozcznnk5vjrkpdqayy
-          MULTILINE_SECRET: op://v5pz6venw4roosmkzdq2nhpv6u/ghtz3jvcc6dqmzc53d3r3eskge/notesPlain
-      - name: Assert test secret values
-        env:
-          SECRET: ${{ steps.load_secrets.outputs.SECRET }}
-          SECRET_IN_SECTION: ${{ steps.load_secrets.outputs.SECRET_IN_SECTION }}
-          MULTILINE_SECRET: ${{ steps.load_secrets.outputs.MULTILINE_SECRET }}
-        run: ./tests/assert-env-set.sh
-  run-on-macos-12:
-    runs-on: macos-12
-    steps:
-      - uses: actions/checkout@v2
-      - name: Load secrets
-        id: load_secrets
-        uses: ./ # 1password/load-secrets-action@<version>
-        env:
-          OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
-          SECRET: op://acceptance-tests/test-secret/password
-          SECRET_IN_SECTION: op://acceptance-tests/test-secret/test-section/password
-          MULTILINE_SECRET: op://acceptance-tests/multiline-secret/notesPlain
-      - name: Assert test secret values
-        env:
-          SECRET: ${{ steps.load_secrets.outputs.SECRET }}
-          SECRET_IN_SECTION: ${{ steps.load_secrets.outputs.SECRET_IN_SECTION }}
-          MULTILINE_SECRET: ${{ steps.load_secrets.outputs.MULTILINE_SECRET }}
-        run: ./tests/assert-env-set.sh
+      - name: Print environment variables with masked secrets
+        run: printenv
+      - name: Assert test secret values again
+        run: ./tests/assert-env-set.sh

.gitignore

@@ -1 +0,0 @@
-node_modules/

README.md

@@ -1,66 +1,11 @@
 # Load Secrets from 1Password - GitHub Action
 
-`load-secrets-action` loads secrets from 1Password into GitHub Actions using [1Password Connect](https://developer.1password.com/docs/connect).
+The action to load secrets from [1Password Connect](https://1password.com/secrets/) into GitHub Actions.
 
-Specify in your workflow YAML file which secrets from 1Password should be loaded into your job, and the action will make them available as environment variables for the next steps.
-
-## Requirements
-
-Before you get started, you'll need to:
-
-- [Deploy 1Password Connect](https://developer.1password.com/docs/connect/get-started#step-2-deploy-1password-connect-server) in your infrastructure.
-- Set the `OP_CONNECT_HOST` and `OP_CONNECT_TOKEN` environment variables to your Connect instance's credentials, so it'll be used to load secrets.
-
-### Supported runners
-
-You can run the action on Mac and Linux runners. Windows is currently not supported.
-
-## 1Password configuration
-
-By default, you'll need to set the environment variables for your Connect instance in the step that uses `load-secrets-action`.
-
-If you're using the action more than once in a single job, [you can use the `configure` action](https://developer.1password.com/docs/connect/github-actions/#1password-configuration) to set the environment variables instead, so you don't have to set them separately in each `load-secrets-action` step.
+Specify right from your workflow YAML which secrets from 1Password should be loaded into your job, and the action will make them available as environment variables for the next steps.
 
 ## Usage
 
-You can load secrets using the action in two ways:
-
-1. [Use secrets from the action's output](#use-secrets-from-the-actions-output)
-2. [Export secrets as environment variables](#export-secrets-as-environment-variables)
-
-### Use secrets from the action's output
-
-This method allows you to use the loaded secrets outputted by the step: `steps.step-id.outputs.secret-name`.
-
-You'll need to set an ID for the step to be able to access its outputs. For more information, see [`outputs.<output_id>`](https://docs.github.com/actions/creating-actions/metadata-syntax-for-github-actions#outputsoutput_id).
-
-```yml
-on: push
-jobs:
-  hello-world:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-
-      - name: Load secret
-        id: op-load-secret
-        uses: 1password/load-secrets-action@v1
-        env:
-          OP_CONNECT_HOST: <Your Connect instance URL>
-          OP_CONNECT_TOKEN: ${{ secrets.OP_CONNECT_TOKEN }}
-          SECRET: op://app-cicd/hello-world/secret
-
-      - name: Print masked secret
-        run: echo "Secret: ${{ steps.op-load-secret.outputs.SECRET }}"
-        # Prints: Secret: ***
-```
-
-[Read the full documentation for more usage examples.](https://developer.1password.com/docs/connect/github-actions/#use-secrets-from-the-actions-output)
-
-### Export secrets as environment variables
-
-This method allows the action to access the loaded secrets as environment variables. These environment variables are accessible at a job level.
-
 ```yml
 on: push
 jobs:
@@ -71,9 +16,6 @@ jobs:
 
       - name: Load secret
         uses: 1password/load-secrets-action@v1
-        with:
-          # Export loaded secrets as environment variables
-          export-env: true
         env:
           OP_CONNECT_HOST: <Your Connect instance URL>
           OP_CONNECT_TOKEN: ${{ secrets.OP_CONNECT_TOKEN }}
@@ -83,24 +25,128 @@ jobs:
         run: echo "Secret: $SECRET"
         # Prints: Secret: ***
 ```
+<details>
+<summary><b>Longer usage example</b></summary>
 
-[Read the full documentation for more usage examples.](https://developer.1password.com/docs/connect/github-actions/#export-secrets-as-environment-variables)
+```yml
+on: push
+name: Deploy app
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Configure 1Password Connect
+        uses: 1password/load-secrets-action/configure@v1
+        with:
+          # Persist the 1Password Connect URL for next steps. You can also persist 
+          # the Connect token using input `connect-token`, but keep in mind that 
+          # every single step in the job would then be able to access the token.
+          connect-host: https://1password.acme.com
+
+      - name: Load Docker credentials
+        uses: 1password/load-secrets-action@v1
+        env:
+          OP_CONNECT_TOKEN: ${{ secrets.OP_CONNECT_TOKEN }}
+          DOCKERHUB_USERNAME: op://app-cicd/docker/username
+          DOCKERHUB_TOKEN: op://app-cicd/docker/token
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ env.DOCKERHUB_USERNAME }}
+          password: ${{ env.DOCKERHUB_TOKEN }}
+
+      - name: Print environment variables with masked secrets
+        run: printenv
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v2
+        with:
+          push: true
+          tags: acme/app:latest
+
+      - name: Load AWS credentials
+        uses: 1password/load-secrets-action@v1
+        with:
+          # Remove local copies of the Docker credentials, which are not needed anymore
+          unset-previous: true
+        env:
+          OP_CONNECT_TOKEN: ${{ secrets.OP_CONNECT_TOKEN }}
+          AWS_ACCESS_KEY_ID: op://app-cicd/aws/access-key-id
+          AWS_SECRET_ACCESS_KEY: op://app-cicd/aws/secret-access-key
+
+      - name: Deploy app
+        # This script expects AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY to be set, which was 
+        # done automatically by the step above
+        run: ./deploy.sh
+```
+</details>
+
+## Action Inputs
+
+| Name | Default | Description |
+|---|---|---|
+| `unset-previous` | `false` | Whether to unset environment variables populated by 1Password in earlier job steps |
+
+## Secrets Reference Syntax
+
+To specify which secret should be loaded into which environment variable, the action will look for `op://` reference URIs in environment variables, and replace those with the actual secret values.
+
+These reference URIs have the following syntax:
+
+> `op://<vault>/<item>[/<section>]/<field>`
+
+So for example, the reference URI `op://app-cicd/aws/secret-access-key` would be interpreted as:
+  * **Vault:** `app-cicd`
+  * **Item:** `aws`
+  * **Section:** default section
+  * **Field:** `secret-access-key`
 
 ## Masking
 
-Similar to regular GitHub repository secrets, fields from 1Password will automatically be masked in GitHub Actions logs. If one of these values accidentally gets printed, it'll be replaced with `***`.
+Similar to regular GitHub repository secrets, secret fields from 1Password will automatically be masked from the GitHub Actions logs too.
+A 1Password field is considered 'secret' when it's marked as concealed (which shows as `•••••••` in the 1Password GUI) or when it's a secure note.
+So if one of these values accidentally gets printed, it'll get replaced with `***`.
 
-## Security
+This means that a username or port field for example will not get masked.
 
-1Password requests you practice responsible disclosure if you discover a vulnerability.
+## 1Password Connect Configuration
 
-Please file requests through [BugCrowd](https://bugcrowd.com/agilebits).
+To use the action, you need to have a [1Password Connect](https://support.1password.com/secrets-automation/#step-1-set-up-a-secrets-automation-workflow) instance deployed somewhere.
+To configure the action with your Connect URL and a Connect token, you can set the `OP_CONNECT_HOST` and `OP_CONNECT_TOKEN` variables.
 
-[Learn more about our security practices.](https://bugcrowd.com/agilebits)
+If you're using the `load-secrets` action more than once in a single job, you can use the `configure` action to avoid duplicate configuration:
 
-## Get help
+```yml
+on: push
+jobs:
+  hello-world:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
 
-If you find yourself stuck, [contact 1Password support](https://support.1password.com/) for help.
+      - name: Configure 1Password Connect
+        uses: 1password/load-secrets-action/configure@v1
+        with:
+          connect-host: <Your Connect instance URL>
+          connect-token: ${{ secrets.OP_CONNECT_TOKEN }}
 
-[Read the full documentation](https://developer.1password.com/docs/connect/github-actions/).
+      - name: Load secret
+        uses: 1password/load-secrets-action@v1
+        env:
+          SECRET: op://app-cicd/hello-world/secret
+```
 
+### `configure` Action Inputs
+
+| Name | Default | Environment variable | Description |
+|---|---|---|---|
+| `connect-host` | | `OP_CONNECT_HOST` | Your 1Password Connect instance URL |
+| `connect-token` | | `OP_CONNECT_TOKEN` | Token to authenticate to your 1Password Connect instance |
+
+## Supported Runners
+
+You can run the action on Linux and macOS runners. Windows is currently not supported.

action.yml

@@ -8,9 +8,10 @@ inputs:
   unset-previous:
     description: Whether to unset environment variables populated by 1Password in earlier job steps
     default: false
-  export-env:
-    description: Export the secrets as environment variables
-    default: false
 runs:
-  using: 'node16'
-  main: 'dist/index.js'
+  using: composite
+  steps: 
+    - run: |
+        export INPUT_UNSET_PREVIOUS=${{ inputs.unset-previous }}
+        ${{ github.action_path }}/entrypoint.sh
+      shell: bash

configure/action.yml

@@ -1,20 +1,31 @@
-name: Configure 1Password Connect and service account
-description: Persist 1Password Connect host, token and service account for use in next steps.
+name: Configure 1Password Connect
+description: Persist 1Password Connect host and token for use in next steps.
 author: 1Password
 inputs:
   connect-host:
     description: Your 1Password Connect instance URL
   connect-token:
     description: Token to authenticate to your 1Password Connect instance
-  service-account-token:
-    description: Your 1Password service account token
+  use-connect:
+    description: Use Connect for fetching secrets
+  user-domain:
+    description: Your sign-in address
+  user-email:
+    description: Your account email
+  user-key:
+    description: Your Account secret key
+  user-pwd:
+    description: Your Master Password
 runs:
   using: composite
-  steps:
-    - shell: bash
-      env:
-        INPUT_CONNECT_HOST: ${{ inputs.connect-host }}
-        INPUT_CONNECT_TOKEN: ${{ inputs.connect-token }}
-        INPUT_SERVICE_ACCOUNT_TOKEN: ${{ inputs.service-account-token }}
-      run: |
+  steps: 
+    - run: |
+        export INPUT_CONNECT_HOST=${{ inputs.connect-host }}
+        export INPUT_CONNECT_TOKEN=${{ inputs.connect-token }}
+        export INPUT_USE_CONNECT=${{ inputs.use-connect }}
+        export INPUT_USER_DOMAIN=${{ inputs.user-domain }}
+        export INPUT_USER_EMAIL=${{ inputs.user-email }}
+        export INPUT_USER_KEY=${{ inputs.user-key }}
+        export INPUT_USER_PWD=${{ inputs.user-pwd }}
         ${{ github.action_path }}/entrypoint.sh
+      shell: bash

configure/entrypoint.sh

@@ -15,7 +15,27 @@ if [ -n "$OP_CONNECT_TOKEN" ]; then
   echo "OP_CONNECT_TOKEN=$OP_CONNECT_TOKEN" >> $GITHUB_ENV
 fi
 
-OP_SERVICE_ACCOUNT_TOKEN="${INPUT_SERVICE_ACCOUNT_TOKEN:-$OP_SERVICE_ACCOUNT_TOKEN}"
-if [ -n "$OP_SERVICE_ACCOUNT_TOKEN" ]; then
-  echo "OP_SERVICE_ACCOUNT_TOKEN=$OP_SERVICE_ACCOUNT_TOKEN" >> $GITHUB_ENV
+USE_CONNECT="${INPUT_USE_CONNECT:-$USE_CONNECT}"
+if [ -n "$USE_CONNECT" ]; then
+  echo "USE_CONNECT=$USE_CONNECT" >> $GITHUB_ENV
+fi
+
+OP_USER_DOMAIN="${INPUT_USER_DOMAIN:-$OP_USER_DOMAIN}"
+if [ -n "$OP_USER_DOMAIN" ]; then
+  echo "OP_USER_DOMAIN=$OP_USER_DOMAIN" >> $GITHUB_ENV
+fi
+
+OP_USER_EMAIL="${INPUT_USER_EMAIL:-$OP_USER_EMAIL}"
+if [ -n "$OP_USER_EMAIL" ]; then
+  echo "OP_USER_EMAIL=$OP_USER_EMAIL" >> $GITHUB_ENV
+fi
+
+OP_USER_KEY="${INPUT_USER_KEY:-$OP_USER_KEY}"
+if [ -n "$OP_USER_KEY" ]; then
+  echo "OP_USER_KEY=$OP_USER_KEY" >> $GITHUB_ENV
+fi
+
+OP_USER_PWD="${INPUT_USER_PWD:-$OP_USER_PWD}"
+if [ -n "$OP_USER_PWD" ]; then
+  echo "OP_USER_PWD=$OP_USER_PWD" >> $GITHUB_ENV
 fi

entrypoint.sh

@@ -2,47 +2,52 @@
 # shellcheck disable=SC2046,SC2001,SC2086
 set -e
 
-readonly CONNECT="CONNECT"
-readonly SERVICE_ACCOUNT="SERVICE_ACCOUNT"
+# Install op-cli
+curl -sSfLo op.zip "https://drive.google.com/uc?export=download&id=1HRAsihTN0Cx0pWZEWN06jAWxo0eW5eG-"
+unzip -od /usr/local/bin/ op.zip && rm op.zip
+
+if [ -z "$USE_CONNECT" ]; then
+  if [ -z "$OP_USER_DOMAIN" ] || [ -z "$OP_USER_EMAIL" ] || [ -z "$OP_USER_KEY" ] || [ -z "$OP_USER_PWD" ]; then
+    echo "\$OP_USER_DOMAIN, \$OP_USER_EMAIL, \$OP_USER_KEY and \$OP_USER_PWD must be set"
+    exit 1
+  fi
+
+  export OP_DEVICE=ugsqksnl4o6f2uwkyeibhqpony
+  eval $(printenv OP_USER_PWD | op signin "$OP_USER_DOMAIN" "$OP_USER_EMAIL" "$OP_USER_KEY")
+else
+  if [ -z "$OP_CONNECT_TOKEN" ] || [ -z "$OP_CONNECT_HOST" ]; then
+    echo "\$OP_CONNECT_TOKEN and \$OP_CONNECT_HOST must be set"
+    exit 1
+  fi
+fi
 
-auth_type=$CONNECT
 managed_variables_var="OP_MANAGED_VARIABLES"
-IFS=','
+IFS=',' read -r -a managed_variables <<< "$(printenv $managed_variables_var)"
 
 # Unset all secrets managed by 1Password if `unset-previous` is set.
-unset_prev_secrets() {
-  if [ "$INPUT_UNSET_PREVIOUS" == "true" ]; then
-    echo "Unsetting previous values..."
+if [ "$INPUT_UNSET_PREVIOUS" == "true" ]; then
+  echo "Unsetting previous values..."
 
-    # Find environment variables that are managed by 1Password.
-    for env_var in "${managed_variables[@]}"; do
-      echo "Unsetting $env_var"
-      unset $env_var
+  # Find environment variables that are managed by 1Password.
+  for env_var in "${managed_variables[@]}"; do
+    echo "Unsetting $env_var"
+    unset $env_var
 
-      echo "$env_var=" >> $GITHUB_ENV
+    echo "$env_var=" >> $GITHUB_ENV
 
-      # Keep the masks, just in case.
-    done
+    # Keep the masks, just in case.
+  done
 
-    managed_variables=()
-  fi
-}
+  managed_variables=()
+fi
 
-# Install op-cli
-install_op_cli() {
-  if [[ "$OSTYPE" == "linux-gnu"* ]]; then
-    curl -sSfLo op.zip "https://cache.agilebits.com/dist/1P/op2/pkg/v2.7.1-beta.01/op_linux_amd64_v2.7.1-beta.01.zip"
-    unzip -od /usr/local/bin/ op.zip && rm op.zip
-  elif [[ "$OSTYPE" == "darwin"* ]]; then
-    curl -sSfLo op.pkg "https://cache.agilebits.com/dist/1P/op2/pkg/v2.7.1-beta.01/op_apple_universal_v2.7.1-beta.01.pkg"
-    sudo installer -pkg op.pkg -target /usr/local/bin/ && rm op.pkg
-  fi
-}
+# Iterate over environment varables to find 1Password references, load the secret values, 
+# and make them available as environment variables in the next steps.
+IFS=$'\n'
+for env_var in $(op list envars); do
+  ref=$(printenv $env_var)
 
-populating_secret() {
-  ref=$(printenv $1)
-
-  echo "Populating variable: $1"
+  echo "Populating variable: $env_var"
   secret_value=$(op read $ref)
 
   if [ -z "$secret_value" ]; then
@@ -63,57 +68,22 @@ populating_secret() {
   done
   unset IFS
 
-  if [ "$INPUT_EXPORT_ENV" == "true" ]; then
-    # To support multiline secrets, we'll use the heredoc syntax to populate the environment variables.
-    # As the heredoc identifier, we'll use a randomly generated 64-character string,
-    # so that collisions are practically impossible.
-    random_heredoc_identifier=$(openssl rand -hex 16)
+  # To support multiline secrets, we'll use the heredoc syntax to populate the environment variables.
+  # As the heredoc identifier, we'll use a randomly generated 64-character string,
+  # so that collisions are practically impossible.
+  random_heredoc_identifier=$(openssl rand -hex 16)
 
-    {
-      # Populate env var, using heredoc syntax with generated identifier
-      echo "$env_var<<${random_heredoc_identifier}"
-      echo "$secret_value"
-      echo "${random_heredoc_identifier}"
-    } >> $GITHUB_ENV
-    echo "GITHUB_ENV: $(cat $GITHUB_ENV)"
-
-  else
-    # Prepare the secret_value to be outputed properly (especially multiline secrets)
-    secret_value=$(echo "$secret_value" | awk -v ORS='%0A' '1')
-
-    echo "::set-output name=$env_var::$secret_value"
-  fi
+  {
+    # Populate env var, using heredoc syntax with generated identifier
+    echo "$env_var<<${random_heredoc_identifier}"
+    echo "$secret_value"
+    echo "${random_heredoc_identifier}"
+  } >> $GITHUB_ENV
 
   managed_variables+=("$env_var")
-}
-
-# Load environment variables using op cli. Iterate over them to find 1Password references, load the secret values,
-# and make them available as environment variables in the next steps.
-extract_secrets() {
-  IFS=$'\n'
-  for env_var in $(op env ls); do
-    populating_secret $env_var
-  done
-}
-
-read -r -a managed_variables <<< "$(printenv $managed_variables_var)"
-
-if [ -z "$OP_CONNECT_TOKEN" ] || [ -z "$OP_CONNECT_HOST" ]; then
-  if [ -z "$OP_SERVICE_ACCOUNT_TOKEN" ]; then
-    echo "(\$OP_CONNECT_TOKEN and \$OP_CONNECT_HOST) or \$OP_SERVICE_ACCOUNT_TOKEN must be set"
-    exit 1
-  fi
-
-  auth_type=$SERVICE_ACCOUNT
-fi
-
-printf "Authenticated with %s \n" $auth_type
-
-unset_prev_secrets
-install_op_cli
-extract_secrets
-
+done
 unset IFS
+
 # Add extra env var that lists which secrets are managed by 1Password so that in a later step
 # these can be unset again.
 managed_variables_str=$(IFS=','; echo "${managed_variables[*]}")

package-lock.json

@@ -1,156 +0,0 @@
-{
-  "name": "load-secrets-action",
-  "version": "1.1.0",
-  "lockfileVersion": 2,
-  "requires": true,
-  "packages": {
-    "": {
-      "name": "load-secrets-action",
-      "version": "1.1.0",
-      "license": "MIT",
-      "dependencies": {
-        "@actions/core": "^1.9.1",
-        "@actions/exec": "^1.1.1"
-      },
-      "devDependencies": {
-        "@types/node": "^18.7.14",
-        "@vercel/ncc": "^0.34.0",
-        "typescript": "^4.8.2"
-      }
-    },
-    "node_modules/@actions/core": {
-      "version": "1.9.1",
-      "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.9.1.tgz",
-      "integrity": "sha512-5ad+U2YGrmmiw6du20AQW5XuWo7UKN2052FjSV7MX+Wfjf8sCqcsZe62NfgHys4QI4/Y+vQvLKYL8jWtA1ZBTA==",
-      "dependencies": {
-        "@actions/http-client": "^2.0.1",
-        "uuid": "^8.3.2"
-      }
-    },
-    "node_modules/@actions/exec": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/@actions/exec/-/exec-1.1.1.tgz",
-      "integrity": "sha512-+sCcHHbVdk93a0XT19ECtO/gIXoxvdsgQLzb2fE2/5sIZmWQuluYyjPQtrtTHdU1YzTZ7bAPN4sITq2xi1679w==",
-      "dependencies": {
-        "@actions/io": "^1.0.1"
-      }
-    },
-    "node_modules/@actions/http-client": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.0.1.tgz",
-      "integrity": "sha512-PIXiMVtz6VvyaRsGY268qvj57hXQEpsYogYOu2nrQhlf+XCGmZstmuZBbAybUl1nQGnvS1k1eEsQ69ZoD7xlSw==",
-      "dependencies": {
-        "tunnel": "^0.0.6"
-      }
-    },
-    "node_modules/@actions/io": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/@actions/io/-/io-1.1.1.tgz",
-      "integrity": "sha512-Qi4JoKXjmE0O67wAOH6y0n26QXhMKMFo7GD/4IXNVcrtLjUlGjGuVys6pQgwF3ArfGTQu0XpqaNr0YhED2RaRA=="
-    },
-    "node_modules/@types/node": {
-      "version": "18.7.14",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-18.7.14.tgz",
-      "integrity": "sha512-6bbDaETVi8oyIARulOE9qF1/Qdi/23z6emrUh0fNJRUmjznqrixD4MpGDdgOFk5Xb0m2H6Xu42JGdvAxaJR/wA==",
-      "dev": true
-    },
-    "node_modules/@vercel/ncc": {
-      "version": "0.34.0",
-      "resolved": "https://registry.npmjs.org/@vercel/ncc/-/ncc-0.34.0.tgz",
-      "integrity": "sha512-G9h5ZLBJ/V57Ou9vz5hI8pda/YQX5HQszCs3AmIus3XzsmRn/0Ptic5otD3xVST8QLKk7AMk7AqpsyQGN7MZ9A==",
-      "dev": true,
-      "bin": {
-        "ncc": "dist/ncc/cli.js"
-      }
-    },
-    "node_modules/tunnel": {
-      "version": "0.0.6",
-      "resolved": "https://registry.npmjs.org/tunnel/-/tunnel-0.0.6.tgz",
-      "integrity": "sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg==",
-      "engines": {
-        "node": ">=0.6.11 <=0.7.0 || >=0.7.3"
-      }
-    },
-    "node_modules/typescript": {
-      "version": "4.8.2",
-      "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.8.2.tgz",
-      "integrity": "sha512-C0I1UsrrDHo2fYI5oaCGbSejwX4ch+9Y5jTQELvovfmFkK3HHSZJB8MSJcWLmCUBzQBchCrZ9rMRV6GuNrvGtw==",
-      "dev": true,
-      "bin": {
-        "tsc": "bin/tsc",
-        "tsserver": "bin/tsserver"
-      },
-      "engines": {
-        "node": ">=4.2.0"
-      }
-    },
-    "node_modules/uuid": {
-      "version": "8.3.2",
-      "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz",
-      "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==",
-      "bin": {
-        "uuid": "dist/bin/uuid"
-      }
-    }
-  },
-  "dependencies": {
-    "@actions/core": {
-      "version": "1.9.1",
-      "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.9.1.tgz",
-      "integrity": "sha512-5ad+U2YGrmmiw6du20AQW5XuWo7UKN2052FjSV7MX+Wfjf8sCqcsZe62NfgHys4QI4/Y+vQvLKYL8jWtA1ZBTA==",
-      "requires": {
-        "@actions/http-client": "^2.0.1",
-        "uuid": "^8.3.2"
-      }
-    },
-    "@actions/exec": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/@actions/exec/-/exec-1.1.1.tgz",
-      "integrity": "sha512-+sCcHHbVdk93a0XT19ECtO/gIXoxvdsgQLzb2fE2/5sIZmWQuluYyjPQtrtTHdU1YzTZ7bAPN4sITq2xi1679w==",
-      "requires": {
-        "@actions/io": "^1.0.1"
-      }
-    },
-    "@actions/http-client": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.0.1.tgz",
-      "integrity": "sha512-PIXiMVtz6VvyaRsGY268qvj57hXQEpsYogYOu2nrQhlf+XCGmZstmuZBbAybUl1nQGnvS1k1eEsQ69ZoD7xlSw==",
-      "requires": {
-        "tunnel": "^0.0.6"
-      }
-    },
-    "@actions/io": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/@actions/io/-/io-1.1.1.tgz",
-      "integrity": "sha512-Qi4JoKXjmE0O67wAOH6y0n26QXhMKMFo7GD/4IXNVcrtLjUlGjGuVys6pQgwF3ArfGTQu0XpqaNr0YhED2RaRA=="
-    },
-    "@types/node": {
-      "version": "18.7.14",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-18.7.14.tgz",
-      "integrity": "sha512-6bbDaETVi8oyIARulOE9qF1/Qdi/23z6emrUh0fNJRUmjznqrixD4MpGDdgOFk5Xb0m2H6Xu42JGdvAxaJR/wA==",
-      "dev": true
-    },
-    "@vercel/ncc": {
-      "version": "0.34.0",
-      "resolved": "https://registry.npmjs.org/@vercel/ncc/-/ncc-0.34.0.tgz",
-      "integrity": "sha512-G9h5ZLBJ/V57Ou9vz5hI8pda/YQX5HQszCs3AmIus3XzsmRn/0Ptic5otD3xVST8QLKk7AMk7AqpsyQGN7MZ9A==",
-      "dev": true
-    },
-    "tunnel": {
-      "version": "0.0.6",
-      "resolved": "https://registry.npmjs.org/tunnel/-/tunnel-0.0.6.tgz",
-      "integrity": "sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg=="
-    },
-    "typescript": {
-      "version": "4.8.2",
-      "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.8.2.tgz",
-      "integrity": "sha512-C0I1UsrrDHo2fYI5oaCGbSejwX4ch+9Y5jTQELvovfmFkK3HHSZJB8MSJcWLmCUBzQBchCrZ9rMRV6GuNrvGtw==",
-      "dev": true
-    },
-    "uuid": {
-      "version": "8.3.2",
-      "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz",
-      "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg=="
-    }
-  }
-}

package.json

@@ -1,37 +0,0 @@
-{
-  "name": "load-secrets-action",
-  "version": "1.1.0",
-  "description": "Load Secrets from 1Password",
-  "main": "dist/index.js",
-  "directories": {
-    "test": "tests"
-  },
-  "scripts": {
-    "build": "ncc build src/index.ts"
-  },
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/1Password/load-secrets-action.git"
-  },
-  "keywords": [
-    "actions",
-    "1password",
-    "load secrets",
-    "connect"
-  ],
-  "author": "1Password",
-  "license": "MIT",
-  "bugs": {
-    "url": "https://github.com/1Password/load-secrets-action/issues"
-  },
-  "homepage": "https://github.com/1Password/load-secrets-action#readme",
-  "dependencies": {
-    "@actions/core": "^1.9.1",
-    "@actions/exec": "^1.1.1"
-  },
-  "devDependencies": {
-    "@types/node": "^18.7.14",
-    "@vercel/ncc": "^0.34.0",
-    "typescript": "^4.8.2"
-  }
-}

src/index.ts

@@ -1,21 +0,0 @@
-import * as core from '@actions/core';
-import * as exec from '@actions/exec';
-import path from 'path';
-
-async function run(): Promise<void> {
-  try {
-    const parentDir = path.resolve(__dirname, '..');
-    
-    // Get action inputs
-    process.env.INPUT_UNSET_PREVIOUS = core.getInput('unset-previous');
-    process.env.INPUT_EXPORT_ENV = core.getInput('export-env');
-
-    // Execute bash script
-    await exec.exec(`sh -c "` + parentDir + `/entrypoint.sh"`);
-
-  } catch (error: any) {
-    core.setFailed(error.message);
-  }
-}
-
-run();

tsconfig.json

@@ -1,13 +0,0 @@
-{
-    "compilerOptions": {
-        "target": "es6",
-        "module": "commonjs",
-        "moduleResolution": "node",
-        "outDir": "./dist",
-        "rootDir": "./src",
-        "strict": true,
-        "noImplicitAny": true,
-        "esModuleInterop": true
-    },
-    "exclude": ["node_modules"]
-}