vleeuwenmenno/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: update 1Password lookup syntax in Ansible tasks and documentation for improved clarity and usage
Some checks failed
Nix Format Check / check-format (push) Failing after 38s
Details

Browse Source
This commit is contained in:
Menno van Leeuwen 2025-03-11 21:17:05 +01:00
parent 10ac4091e6
commit a3b735f373
Signed by: vleeuwenmenno
SSH Key Fingerprint: SHA256:OJFmjANpakwD3F2Rsws4GLtbdz1TJ5tkQF0RZmF0TRE
3 changed files with 54 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
config/ansible/README.md
View File

@ -5,21 +5,7 @@
This Ansible configuration includes a custom lookup plugin for fetching secrets from 1Password. This Ansible configuration includes a custom lookup plugin for fetching secrets from 1Password.
The 1Password CLI must be installed and authenticated on the machine running Ansible. The 1Password CLI must be installed and authenticated on the machine running Ansible.
### Usage See [1Password Integration Readme](plugins/lookup/README.md)
```yaml
# Simple password lookup
password: "{{ lookup('onepassword', 'item-name') }}"
# Fetch specific field
api_key: "{{ lookup('onepassword', 'item-name', field='api_key') }}"
# Fetch from specific vault (using vault ID)
database_password: "{{ lookup('onepassword', 'database', field='password', vault='j7nmhqlsjmp2r6umly5t75hzb4') }}"
# Fetch a field without revealing it (for non-password fields)
note: "{{ lookup('onepassword', 'item-name', field='notes', reveal=false) }}"
```
### Prerequisites ### Prerequisites

52
config/ansible/plugins/lookup/README.md Normal file
View File

@ -0,0 +1,52 @@
# OnePassword Lookup Plugin
This Ansible lookup plugin allows you to securely fetch secrets from 1Password using the 1Password CLI.
## Requirements
- 1Password CLI (`op`) must be installed and available in your PATH
- You must be signed in to 1Password CLI (`op signin`)
## Usage
The lookup plugin accepts a 1Password reference string in the format `op://vault/item/field`.
```yaml
- name: Fetch a secret from 1Password
debug:
msg: "{{ lookup('onepassword', 'op://vault/item/password') }}"
```
## Examples
### Fetch a password
```yaml
- name: Fetch API key
debug:
msg: "{{ lookup('onepassword', 'op://My Vault/API Credentials/token') }}"
```
### Using with templates
```yaml
# In your template file (e.g., config.j2)
api_key: "{{ lookup('onepassword', 'op://My Vault/API Credentials/token') }}"
```
### Multiple secrets
```yaml
- name: Fetch multiple secrets
debug:
msg:
- "{{ lookup('onepassword', 'op://vault/item1/field') }}"
- "{{ lookup('onepassword', 'op://vault/item2/field') }}"
```
## Error Handling
The plugin will raise an error if:
- The reference doesn't start with `op://`
- The secret is not found in 1Password
- There's an error executing the 1Password CLI

2
config/ansible/tasks/servers/cifs.yml
View File

@ -20,7 +20,7 @@
dest: /root/.smbcredentials dest: /root/.smbcredentials
content: | content: |
username=u451316 username=u451316
password={{ lookup('onepassword', '5j5y5axfjr3f3sn5nixb6htg4y', vault='j7nmhqlsjmp2r6umly5t75hzb4') | default('CHANGE_ME') }} password={{ lookup('onepassword', 'op://j7nmhqlsjmp2r6umly5t75hzb4/5j5y5axfjr3f3sn5nixb6htg4y/new_password') }}
mode: '0600' mode: '0600'
- name: Add fstab entry for storage-box - name: Add fstab entry for storage-box