wesley/load-secrets-action
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e5d7353d74311846d226de04c5d5b70c70e4fec5
load-secrets-action/README.md
Bolaji Olajide 13c259d353 update
2025-12-22 18:08:38 +01:00

3.6 KiB
Raw Blame History

Load Secrets from 1Password - GitHub Action

Provide the secrets your GitHub runner needs from 1Password.

Get started

load-secrets-action loads secrets from 1Password into GitHub Actions using Service Accounts or 1Password Connect.

Specify in your workflow YAML file which secrets from 1Password should be loaded into your job, and the action will make them available as environment variables for the next steps.

Read more on the 1Password Developer Portal.

🪄 See it in action!

Using 1Password Service Accounts with GitHub Actions - showcase

Quickstart

Export secrets as a step's output (recommended)

on: push
jobs:
  hello-world:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Load secret
        id: load_secrets
        uses: 1password/load-secrets-action@v3
        env:
          OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
          SECRET: op://app-cicd/hello-world/secret
          OP_ENV_FILE: "./path/to/.env.tpl" # see tests/.env.tpl for example

      - name: Print masked secret
        run: 'echo "Secret: ${{ steps.load_secrets.outputs.SECRET }}"'
        # Prints: Secret: ***

Export secrets as env variables

on: push
jobs:
  hello-world:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Load secret
        uses: 1password/load-secrets-action@v3
        with:
          # Export loaded secrets as environment variables
          export-env: true
        env:
          OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
          SECRET: op://app-cicd/hello-world/secret
          OP_ENV_FILE: "./path/to/.env.tpl" # see tests/.env.tpl for example

      - name: Print masked secret
        run: 'echo "Secret: $SECRET"'
        # Prints: Secret: ***

🔑 SSH Key Format

When loading SSH keys, you can specify the format using the ssh-format query parameter. This is useful when you need the private key in a specific format like OpenSSH.

- name: Load SSH key
  uses: 1password/load-secrets-action@v3
  env:
    OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
    # Load SSH private key in OpenSSH format
    SSH_PRIVATE_KEY: op://vault/item/private key?ssh-format=openssh

For more details on secret reference syntax, see the 1Password CLI documentation.

💙 Community & Support

🔐 Security

1Password requests you practice responsible disclosure if you discover a vulnerability.

Please file requests by sending an email to bugbounty@agilebits.com.