wesley/load-secrets-action
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
88 Commits 18 Branches 22 Tags
lucy/update-readme
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Lucy Butcher ea085fcce0
Some checks failed
Run acceptance tests / use-connect-without-export-env (push) Has been cancelled
Details
Run acceptance tests / use-connect-with-export-env (push) Has been cancelled
Details
Run acceptance tests / use-connect-with-references-with-id (push) Has been cancelled
Details
Run acceptance tests / use-service-account-without-export-env (push) Has been cancelled
Details
Run acceptance tests / use-service-account-with-export-env (push) Has been cancelled
Details
Run acceptance tests / use-service-account-with-references-with-id (push) Has been cancelled
Details
Run acceptance tests / run-on-macos-12 (push) Has been cancelled
Details
Added basic usage examples to readme
2022-10-18 09:03:48 -04:00
.github/workflows
added macos test case
2022-08-19 14:02:58 +03:00
configure
updated README and configuration.yml
2022-08-11 18:58:35 +03:00
dist
prevent command injection vulnerability
2022-08-15 13:32:42 +03:00
src
prevent command injection vulnerability
2022-08-15 13:32:42 +03:00
tests
Add ShellCheck workflow
2021-05-20 17:13:25 +02:00
.gitignore
improved readme
2022-08-30 10:51:22 +03:00
action.yml
use node16
2022-08-15 14:33:11 +03:00
entrypoint.sh
added macos installer reference
2022-08-19 14:01:55 +03:00
LICENSE
Add MIT license
2021-05-20 21:05:11 +02:00
package-lock.json
Update package-lock.json
2022-08-31 18:39:52 +02:00
package.json
Update package dependencies
2022-08-31 12:03:43 +02:00
README.md
Added basic usage examples to readme
2022-10-18 09:03:48 -04:00
tsconfig.json
Adjust package dependencies and add newlines
2021-09-01 20:09:34 +02:00

README.md

Load Secrets from 1Password - GitHub Action

load-secrets-action loads secrets from 1Password into GitHub Actions using 1Password Connect.

Specify in your workflow YAML file which secrets from 1Password should be loaded into your job, and the action will make them available as environment variables for the next steps.

Requirements

Before you get started, you'll need to:

  • Deploy 1Password Connect in your infrastructure.
  • Set the OP_CONNECT_HOST and OP_CONNECT_TOKEN environment variables to your Connect instance's credentials, so it'll be used to load secrets.

Supported runners

You can run the action on Mac and Linux runners. Windows is currently not supported.

1Password configuration

By default, you'll need to set the environment variables for your Connect instance in the step that uses load-secrets-action.

If you're using the action more than once in a single job, you can use the configure action to set the environment variables instead, so you don't have to set them separately in each load-secrets-action step.

Usage

You can load secrets using the action in two ways:

  1. Use secrets from the action's output
  2. Export secrets as environment variables

Use secrets from the action's output

This method allows you to use the loaded secrets outputted by the step: steps.step-id.outputs.secret-name.

You'll need to set an ID for the step to be able to access its outputs. For more information, see outputs.<output_id>.

on: push
jobs:
  hello-world:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2

      - name: Load secret
        id: op-load-secret
        uses: 1password/load-secrets-action@v1
        env:
          OP_CONNECT_HOST: <Your Connect instance URL>
          OP_CONNECT_TOKEN: ${{ secrets.OP_CONNECT_TOKEN }}
          SECRET: op://app-cicd/hello-world/secret

      - name: Print masked secret
        run: echo "Secret: ${{ steps.op-load-secret.outputs.SECRET }}"
        # Prints: Secret: ***

Read the full documentation for more usage examples.

Export secrets as environment variables

This method allows the action to access the loaded secrets as environment variables. These environment variables are accessible at a job level.

on: push
jobs:
  hello-world:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2

      - name: Load secret
        uses: 1password/load-secrets-action@v1
        with:
          # Export loaded secrets as environment variables
          export-env: true
        env:
          OP_CONNECT_HOST: <Your Connect instance URL>
          OP_CONNECT_TOKEN: ${{ secrets.OP_CONNECT_TOKEN }}
          SECRET: op://app-cicd/hello-world/secret

      - name: Print masked secret
        run: echo "Secret: $SECRET"
        # Prints: Secret: ***

Read the full documentation for more usage examples.

Masking

Similar to regular GitHub repository secrets, fields from 1Password will automatically be masked in GitHub Actions logs. If one of these values accidentally gets printed, it'll be replaced with ***.

Security

1Password requests you practice responsible disclosure if you discover a vulnerability.

Please file requests through BugCrowd.

Learn more about our security practices.

Get help

If you find yourself stuck, contact 1Password support for help.

Read the full documentation.

Description
Mirror of 1Password/load-secrets-action for local Gitea Actions use
Readme MIT 10 MiB
Languages
TypeScript 86.4%
Shell 7.7%
JavaScript 5.9%