Load Secrets from 1Password - GitHub Action
Provide the secrets your GitHub runner needs from 1Password.
load-secrets-action loads secrets from 1Password into GitHub Actions using Service Accounts or 1Password Connect.
Specify in your workflow YAML file which secrets from 1Password should be loaded into your job, and the action will make them available as environment variables for the next steps.
Read more on the 1Password Developer Portal.
🪄 See it in action!
✨ Quickstart
Export secrets as a step's output (recommended)
on: push
jobs:
hello-world:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Load secret
id: load_secrets
uses: 1password/load-secrets-action@v3
env:
OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
SECRET: op://app-cicd/hello-world/secret
- name: Print masked secret
run: 'echo "Secret: ${{ steps.load_secrets.outputs.SECRET }}"'
# Prints: Secret: ***
Export secrets as env variables
on: push
jobs:
hello-world:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Load secret
uses: 1password/load-secrets-action@v3
with:
# Export loaded secrets as environment variables
export-env: true
env:
OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
SECRET: op://app-cicd/hello-world/secret
- name: Print masked secret
run: 'echo "Secret: $SECRET"'
# Prints: Secret: ***
💙 Community & Support
- File an issue for bugs and feature requests.
- Join the Developer Slack workspace.
- Subscribe to the Developer Newsletter.
🔐 Security
1Password requests you practice responsible disclosure if you discover a vulnerability.
Please file requests by sending an email to bugbounty@agilebits.com.