Added basic usage examples to readme

This MR updates the readme to:
- Match the final edited text used in the developer portal
- Link out to the developer portal for usage examples beyond basic setup

README.md

@@ -1,36 +1,38 @@
 # Load Secrets from 1Password - GitHub Action
 
-This action loads secrets from 1Password into GitHub Actions using [1Password Connect](https://1password.com/secrets/).
+`load-secrets-action` loads secrets from 1Password into GitHub Actions using [1Password Connect](https://developer.1password.com/docs/connect).
 
 Specify in your workflow YAML file which secrets from 1Password should be loaded into your job, and the action will make them available as environment variables for the next steps.
 
-Read more on the [1Password Developer Portal](https://developer.1password.com/ci-cd/github-actions).
-
-
 ## Requirements
 
 Before you get started, you'll need to:
 
-- [Deploy 1Password Connect](/docs/connect/get-started#step-2-deploy-1password-connect-server) in your infrastructure.
+- [Deploy 1Password Connect](https://developer.1password.com/docs/connect/get-started#step-2-deploy-1password-connect-server) in your infrastructure.
 - Set the `OP_CONNECT_HOST` and `OP_CONNECT_TOKEN` environment variables to your Connect instance's credentials, so it'll be used to load secrets.
 
-_Supported runners_: You can run the action on Mac and Linux runners. Windows is currently not supported.
+### Supported runners
 
+You can run the action on Mac and Linux runners. Windows is currently not supported.
+
+## 1Password configuration
+
+By default, you'll need to set the environment variables for your Connect instance in the step that uses `load-secrets-action`.
+
+If you're using the action more than once in a single job, [you can use the `configure` action](https://developer.1password.com/docs/connect/github-actions/#1password-configuration) to set the environment variables instead, so you don't have to set them separately in each `load-secrets-action` step.
 
 ## Usage
 
-You can configure the action to use your 1Password Connect instance.
+You can load secrets using the action in two ways:
 
-If you provide `OP_CONNECT_HOST` and `OP_CONNECT_TOKEN` variables, the Connect instance will be used to load secrets. Make sure [1Password Connect](https://support.1password.com/secrets-automation/#step-2-deploy-a-1password-connect-server) is deployed in your infrastructure.
-
-There are two ways that secrets can be loaded:
-
-- [use the secrets from the action's ouput](#use-secrets-from-the-actions-output)
-- [export secrets as environment variables](#export-secrets-as-environment-variables)
+1. [Use secrets from the action's output](#use-secrets-from-the-actions-output)
+2. [Export secrets as environment variables](#export-secrets-as-environment-variables)
 
 ### Use secrets from the action's output
 
-This method allows for you to use the loaded secrets as an output from the step: `steps.step-id.outputs.secret-name`. You will need to set an id for the step that uses this action to be able to access its outputs. For more details, , see [`outputs.<output_id>`](https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#outputsoutput_id).
+This method allows you to use the loaded secrets outputted by the step: `steps.step-id.outputs.secret-name`.
+
+You'll need to set an ID for the step to be able to access its outputs. For more information, see [`outputs.<output_id>`](https://docs.github.com/actions/creating-actions/metadata-syntax-for-github-actions#outputsoutput_id).
 
 ```yml
 on: push
@@ -53,53 +55,11 @@ jobs:
         # Prints: Secret: ***
 ```
 
-<details>
-<summary><b>Longer usage example</b></summary>
-
-```yml
-on: push
-name: Deploy app
-
-jobs:
-  test:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-
-      - name: Configure 1Password Connect
-        uses: 1password/load-secrets-action/configure@v1
-        with:
-          # Persist the 1Password Connect URL for next steps. You can also persist
-          # the Connect token using input `connect-token`, but keep in mind that
-          # every single step in the job would then be able to access the token.
-          connect-host: https://1password.acme.com
-
-      - name: Load Docker credentials
-        id: load-docker-credentials
-        uses: 1password/load-secrets-action@v1
-        env:
-          OP_CONNECT_TOKEN: ${{ secrets.OP_CONNECT_TOKEN }}
-          DOCKERHUB_USERNAME: op://app-cicd/docker/username
-          DOCKERHUB_TOKEN: op://app-cicd/docker/token
-
-      - name: Login to Docker Hub
-        uses: docker/login-action@v1
-        with:
-          username: ${{ steps.load-docker-credentials.outputs.DOCKERHUB_USERNAME }}
-          password: ${{ steps.load-docker-credentials.outputs.DOCKERHUB_TOKEN }}
-
-      - name: Build and push Docker image
-        uses: docker/build-push-action@v2
-        with:
-          push: true
-          tags: acme/app:latest
-```
-
-</details>
+[Read the full documentation for more usage examples.](https://developer.1password.com/docs/connect/github-actions/#use-secrets-from-the-actions-output)
 
 ### Export secrets as environment variables
 
-This method, allows the action to access the loaded secrets as environment variables. These environment variables are accessible at a job level.
+This method allows the action to access the loaded secrets as environment variables. These environment variables are accessible at a job level.
 
 ```yml
 on: push
@@ -124,144 +84,23 @@ jobs:
         # Prints: Secret: ***
 ```
 
-<details>
-<summary><b>Longer usage example</b></summary>
-
-```yml
-on: push
-name: Deploy app
-
-jobs:
-  test:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-
-      - name: Configure 1Password Connect
-        uses: 1password/load-secrets-action/configure@v1
-        with:
-          # Persist the 1Password Connect URL for next steps. You can also persist
-          # the Connect token using input `connect-token`, but keep in mind that
-          # every single step in the job would then be able to access the token.
-          connect-host: https://1password.acme.com
-
-      - name: Load Docker credentials
-        uses: 1password/load-secrets-action@v1
-        with:
-          # Export loaded secrets as environment variables
-          export-env: true
-        env:
-          OP_CONNECT_TOKEN: ${{ secrets.OP_CONNECT_TOKEN }}
-          DOCKERHUB_USERNAME: op://app-cicd/docker/username
-          DOCKERHUB_TOKEN: op://app-cicd/docker/token
-
-      - name: Login to Docker Hub
-        uses: docker/login-action@v1
-        with:
-          username: ${{ env.DOCKERHUB_USERNAME }}
-          password: ${{ env.DOCKERHUB_TOKEN }}
-
-      - name: Print environment variables with masked secrets
-        run: printenv
-
-      - name: Build and push Docker image
-        uses: docker/build-push-action@v2
-        with:
-          push: true
-          tags: acme/app:latest
-
-      - name: Load AWS credentials
-        uses: 1password/load-secrets-action@v1
-        with:
-          # Export loaded secrets as environment variables
-          export-env: true
-          # Remove local copies of the Docker credentials, which are not needed anymore
-          unset-previous: true
-        env:
-          OP_CONNECT_TOKEN: ${{ secrets.OP_CONNECT_TOKEN }}
-          AWS_ACCESS_KEY_ID: op://app-cicd/aws/access-key-id
-          AWS_SECRET_ACCESS_KEY: op://app-cicd/aws/secret-access-key
-
-      - name: Deploy app
-        # This script expects AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY to be set, which was
-        # done automatically by the step above
-        run: ./deploy.sh
-```
-
-</details>
-
-## Action Inputs
-
-| Name             | Default | Description                                                                        |
-| ---------------- | ------- | ---------------------------------------------------------------------------------- |
-| `export-env`     | `false` | Export the loaded secrets as environment variables                                 |
-| `unset-previous` | `false` | Whether to unset environment variables populated by 1Password in earlier job steps |
-
-## Secrets Reference Syntax
-
-To specify which secret should be loaded into which environment variable, the action will look for `op://` reference URIs in environment variables, and replace those with the actual secret values.
-
-These reference URIs have the following syntax:
-
-> `op://<vault>/<item>[/<section>]/<field>`
-
-So for example, the reference URI `op://app-cicd/aws/secret-access-key` would be interpreted as:
-
-- **Vault:** `app-cicd`
-- **Item:** `aws`
-- **Section:** default section
-- **Field:** `secret-access-key`
+[Read the full documentation for more usage examples.](https://developer.1password.com/docs/connect/github-actions/#export-secrets-as-environment-variables)
 
 ## Masking
 
-Similar to regular GitHub repository secrets, fields from 1Password will automatically be masked from the GitHub Actions logs too.
-So if one of these values accidentally gets printed, it'll get replaced with `***`.
-
-## 1Password Configuration
-
-To use the action with Connect, you need to have a [1Password Connect](https://support.1password.com/secrets-automation/#step-1-set-up-a-secrets-automation-workflow) instance deployed somewhere.
-To configure the action with your Connect host and token, set the `OP_CONNECT_HOST` and `OP_CONNECT_TOKEN` environment variables.  
-
-If you're using the `load-secrets` action more than once in a single job, you can use the `configure` action to avoid duplicate configuration:
-
-```yml
-on: push
-jobs:
-  hello-world:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-
-      - name: Configure 1Password Connect
-        uses: 1password/load-secrets-action/configure@v1
-        with:
-          connect-host: <Your Connect instance URL>
-          connect-token: ${{ secrets.OP_CONNECT_TOKEN }}
-      - name: Load secret
-        uses: 1password/load-secrets-action@v1
-        env:
-          SECRET: op://app-cicd/hello-world/secret
-```
-
-### `configure` Action Inputs
-
-| Name                    | Default | Environment variable       | Description                                              |
-| ----------------------- | ------- | -------------------------- | -------------------------------------------------------- |
-| `connect-host`          |         | `OP_CONNECT_HOST`          | Your 1Password Connect instance URL                      |
-| `connect-token`         |         | `OP_CONNECT_TOKEN`         | Token to authenticate to your 1Password Connect instance |
-
-## Supported Runners
-
-You can run the action on Linux and macOS runners. Windows is currently not supported.
+Similar to regular GitHub repository secrets, fields from 1Password will automatically be masked in GitHub Actions logs. If one of these values accidentally gets printed, it'll be replaced with `***`.
 
 ## Security
 
 1Password requests you practice responsible disclosure if you discover a vulnerability.
 
-Please file requests via [**BugCrowd**](https://bugcrowd.com/agilebits).
+Please file requests through [BugCrowd](https://bugcrowd.com/agilebits).
 
-For information about security practices, please visit our [Security homepage](https://bugcrowd.com/agilebits).
+[Learn more about our security practices.](https://bugcrowd.com/agilebits)
 
-## Getting help
+## Get help
+
+If you find yourself stuck, [contact 1Password support](https://support.1password.com/) for help.
+
+[Read the full documentation](https://developer.1password.com/docs/connect/github-actions/).
 
-If you find yourself stuck, visit our [**Support Page**](https://support.1password.com/) for help.

entrypoint.sh

@@ -2,11 +2,6 @@
 # shellcheck disable=SC2046,SC2001,SC2086
 set -e
 
-# Pass User-Agent Inforomation to the 1Password CLI
-export OP_INTEGRATION_NAME="1Password GitHub Action"
-export OP_INTEGRATION_ID="GHA"
-export OP_INTEGRATION_BUILDNUMBER="1010001"
-
 readonly CONNECT="CONNECT"
 readonly SERVICE_ACCOUNT="SERVICE_ACCOUNT"
 
@@ -36,10 +31,10 @@ unset_prev_secrets() {
 # Install op-cli
 install_op_cli() {
   if [[ "$OSTYPE" == "linux-gnu"* ]]; then
-    curl -sSfLo op.zip "https://cache.agilebits.com/dist/1P/op2/pkg/v2.10.0-beta.02/op_linux_amd64_v2.10.0-beta.02.zip"
+    curl -sSfLo op.zip "https://cache.agilebits.com/dist/1P/op2/pkg/v2.7.1-beta.01/op_linux_amd64_v2.7.1-beta.01.zip"
     unzip -od /usr/local/bin/ op.zip && rm op.zip
   elif [[ "$OSTYPE" == "darwin"* ]]; then
-    curl -sSfLo op.pkg "https://cache.agilebits.com/dist/1P/op2/pkg/v2.10.0-beta.02/op_apple_universal_v2.10.0-beta.02.pkg"
+    curl -sSfLo op.pkg "https://cache.agilebits.com/dist/1P/op2/pkg/v2.7.1-beta.01/op_apple_universal_v2.7.1-beta.01.pkg"
     sudo installer -pkg op.pkg -target /usr/local/bin/ && rm op.pkg
   fi
 }
@@ -48,7 +43,7 @@ populating_secret() {
   ref=$(printenv $1)
 
   echo "Populating variable: $1"
-  secret_value=$(op read "$ref")
+  secret_value=$(op read $ref)
 
   if [ -z "$secret_value" ]; then
     echo "Could not find or access secret $ref"
@@ -72,7 +67,7 @@ populating_secret() {
     # To support multiline secrets, we'll use the heredoc syntax to populate the environment variables.
     # As the heredoc identifier, we'll use a randomly generated 64-character string,
     # so that collisions are practically impossible.
-    random_heredoc_identifier=$(openssl rand -hex 32)
+    random_heredoc_identifier=$(openssl rand -hex 16)
 
     {
       # Populate env var, using heredoc syntax with generated identifier