Add missing config for tests

.github/workflows/test.yml

@@ -15,6 +15,7 @@ jobs:
       - name: Configure 1Password Connect
         uses: ./configure # 1password/load-secrets-action/configure@<version>
         with:
+          use-connect: yes
           connect-host: http://localhost:8080
           connect-token: ${{ secrets.OP_CONNECT_TOKEN }}
       - name: Load secrets
@@ -49,3 +50,46 @@ jobs:
         run: printenv
       - name: Assert test secret values again
         run: ./tests/assert-env-set.sh
+  test-user:  
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Configure 1Password with a user
+        uses: ./configure # 1password/load-secrets-action/configure@<version>
+        with:
+          user-domain: ${{ secrets.USER_DOMAIN }}
+          user-email: ${{ secrets.USER_EMAIL }}
+          user-key: ${{ secrets.USER_KEY }}
+          user-pwd: ${{ secrets.USER_PWD }}
+      - name: Load secrets
+        uses: ./ # 1password/load-secrets-action@<version>
+        env:
+          SECRET: op://p4a7xwirm3lcwtu6okulbhym5i/mybhbbwhewncjb67cy4v7hjpgi/password
+          SECRET_IN_SECTION: op://p4a7xwirm3lcwtu6okulbhym5i/mybhbbwhewncjb67cy4v7hjpgi/test-section/password
+          UNMASKED_VALUE: op://p4a7xwirm3lcwtu6okulbhym5i/mybhbbwhewncjb67cy4v7hjpgi/test-section/username
+      - name: Load multiline secret
+        uses: ./ # 1password/load-secrets-action@<version>
+        env:
+          MULTILINE_SECRET: op://p4a7xwirm3lcwtu6okulbhym5i/bcshnrykfwf5i5zm7nkqy63dca/notesPlain
+      - name: Print environment variables with masked secrets
+        run: printenv
+      - name: Assert test secret values
+        run: ./tests/assert-env-set.sh
+      - name: Remove secrets
+        uses: ./ # 1password/load-secrets-action@<version>
+        with:
+          unset-previous: true
+      - name: Print environment variables with secrets removed
+        run: printenv
+      - name: Assert removed secrets
+        run: ./tests/assert-env-unset.sh
+      - name: Load secrets by vault and item titles
+        uses: ./ # 1password/load-secrets-action@<version>
+        env:
+          SECRET: op://acceptance-tests/test-secret/password
+          SECRET_IN_SECTION: op://acceptance-tests/test-secret/test-section/password
+          MULTILINE_SECRET: op://acceptance-tests/multiline-secret/notesPlain
+      - name: Print environment variables with masked secrets
+        run: printenv
+      - name: Assert test secret values again
+        run: ./tests/assert-env-set.sh

configure/action.yml

@@ -6,11 +6,26 @@ inputs:
     description: Your 1Password Connect instance URL
   connect-token:
     description: Token to authenticate to your 1Password Connect instance
+  use-connect:
+    description: Use Connect for fetching secrets
+  user-domain:
+    description: Your sign-in address
+  user-email:
+    description: Your account email
+  user-key:
+    description: Your Account secret key
+  user-pwd:
+    description: Your Master Password
 runs:
   using: composite
   steps: 
     - run: |
         export INPUT_CONNECT_HOST=${{ inputs.connect-host }}
         export INPUT_CONNECT_TOKEN=${{ inputs.connect-token }}
+        export INPUT_USE_CONNECT=${{ inputs.use-connect }}
+        export INPUT_USER_DOMAIN=${{ inputs.user-domain }}
+        export INPUT_USER_EMAIL=${{ inputs.user-email }}
+        export INPUT_USER_KEY=${{ inputs.user-key }}
+        export INPUT_USER_PWD=${{ inputs.user-pwd }}
         ${{ github.action_path }}/entrypoint.sh
       shell: bash

configure/entrypoint.sh

@@ -14,3 +14,28 @@ OP_CONNECT_TOKEN="${INPUT_CONNECT_TOKEN:-$OP_CONNECT_TOKEN}"
 if [ -n "$OP_CONNECT_TOKEN" ]; then
   echo "OP_CONNECT_TOKEN=$OP_CONNECT_TOKEN" >> $GITHUB_ENV
 fi
+
+USE_CONNECT="${INPUT_USE_CONNECT:-$USE_CONNECT}"
+if [ -n "$USE_CONNECT" ]; then
+  echo "USE_CONNECT=$USE_CONNECT" >> $GITHUB_ENV
+fi
+
+OP_USER_DOMAIN="${INPUT_USER_DOMAIN:-$OP_USER_DOMAIN}"
+if [ -n "$OP_USER_DOMAIN" ]; then
+  echo "OP_USER_DOMAIN=$OP_USER_DOMAIN" >> $GITHUB_ENV
+fi
+
+OP_USER_EMAIL="${INPUT_USER_EMAIL:-$OP_USER_EMAIL}"
+if [ -n "$OP_USER_EMAIL" ]; then
+  echo "OP_USER_EMAIL=$OP_USER_EMAIL" >> $GITHUB_ENV
+fi
+
+OP_USER_KEY="${INPUT_USER_KEY:-$OP_USER_KEY}"
+if [ -n "$OP_USER_KEY" ]; then
+  echo "OP_USER_KEY=$OP_USER_KEY" >> $GITHUB_ENV
+fi
+
+OP_USER_PWD="${INPUT_USER_PWD:-$OP_USER_PWD}"
+if [ -n "$OP_USER_PWD" ]; then
+  echo "OP_USER_PWD=$OP_USER_PWD" >> $GITHUB_ENV
+fi

entrypoint.sh

@@ -3,12 +3,22 @@
 set -e
 
 # Install op-cli
-$(curl -sSfLo op.zip "https://drive.google.com/uc?export=download&id=1HRAsihTN0Cx0pWZEWN06jAWxo0eW5eG-")
+curl -sSfLo op.zip "https://drive.google.com/uc?export=download&id=1HRAsihTN0Cx0pWZEWN06jAWxo0eW5eG-"
 unzip -od /usr/local/bin/ op.zip && rm op.zip
 
-if [ -z "$OP_CONNECT_TOKEN" ] || [ -z "$OP_CONNECT_HOST" ]; then
+if [ -z "$USE_CONNECT" ]; then
+  if [ -z "$OP_USER_DOMAIN" ] || [ -z "$OP_USER_EMAIL" ] || [ -z "$OP_USER_KEY" ] || [ -z "$OP_USER_PWD" ]; then
+    echo "\$OP_USER_DOMAIN, \$OP_USER_EMAIL, \$OP_USER_KEY and \$OP_USER_PWD must be set"
+    exit 1
+  fi
+
+  export OP_DEVICE=ugsqksnl4o6f2uwkyeibhqpony
+  eval $(printenv OP_USER_PWD | op signin "$OP_USER_DOMAIN" "$OP_USER_EMAIL" "$OP_USER_KEY")
+else
+  if [ -z "$OP_CONNECT_TOKEN" ] || [ -z "$OP_CONNECT_HOST" ]; then
     echo "\$OP_CONNECT_TOKEN and \$OP_CONNECT_HOST must be set"
     exit 1
+  fi
 fi
 
 managed_variables_var="OP_MANAGED_VARIABLES"
@@ -45,9 +55,7 @@ for env_var in $(op list envars); do
     exit 1
   fi
 
-  # If the field is marked as concealed or is a note, register a mask
+  # Register a mask for the secret to prevent accidental log exposure.
-  # for the secret to prevent accidental log exposure.
-  if [ "$field_type" == "CONCEALED" ] || [ "$field_purpose" == "NOTES" ]; then
   # To support multiline secrets, escape percent signs and add a mask per line.
   escaped_mask_value=$(echo "$secret_value" | sed -e 's/%/%25/g')
   IFS=$'\n'
@@ -59,7 +67,6 @@ for env_var in $(op list envars); do
     echo "::add-mask::$line"
   done
   unset IFS
-  fi
 
   # To support multiline secrets, we'll use the heredoc syntax to populate the environment variables.
   # As the heredoc identifier, we'll use a randomly generated 64-character string,