feat: update 1Password lookup syntax in Ansible tasks and documentation for improved clarity and usage

2025-03-11 21:17:05 +01:00 · 2025-03-11 21:17:05 +01:00 · a3b735f373
commit a3b735f373
parent 10ac4091e6
3 changed files with 54 additions and 16 deletions
--- a/config/ansible/README.md
+++ b/config/ansible/README.md
@ -5,21 +5,7 @@
 This Ansible configuration includes a custom lookup plugin for fetching secrets from 1Password. 
 The 1Password CLI must be installed and authenticated on the machine running Ansible.

-### Usage
-
-```yaml
-# Simple password lookup
-password: "{{ lookup('onepassword', 'item-name') }}"
-
-# Fetch specific field
-api_key: "{{ lookup('onepassword', 'item-name', field='api_key') }}"
-
-# Fetch from specific vault (using vault ID)
-database_password: "{{ lookup('onepassword', 'database', field='password', vault='j7nmhqlsjmp2r6umly5t75hzb4') }}"
-
-# Fetch a field without revealing it (for non-password fields)
-note: "{{ lookup('onepassword', 'item-name', field='notes', reveal=false) }}"
-```
+See [1Password Integration Readme](plugins/lookup/README.md)

 ### Prerequisites

--- a/config/ansible/plugins/lookup/README.md
+++ b/config/ansible/plugins/lookup/README.md
@ -0,0 +1,52 @@
+# OnePassword Lookup Plugin
+
+This Ansible lookup plugin allows you to securely fetch secrets from 1Password using the 1Password CLI.
+
+## Requirements
+
+- 1Password CLI (`op`) must be installed and available in your PATH
+- You must be signed in to 1Password CLI (`op signin`)
+
+## Usage
+
+The lookup plugin accepts a 1Password reference string in the format `op://vault/item/field`.
+
+```yaml
+- name: Fetch a secret from 1Password
+  debug:
+    msg: "{{ lookup('onepassword', 'op://vault/item/password') }}"
+```
+
+## Examples
+
+### Fetch a password
+
+```yaml
+- name: Fetch API key
+  debug:
+    msg: "{{ lookup('onepassword', 'op://My Vault/API Credentials/token') }}"
+```
+
+### Using with templates
+
+```yaml
+# In your template file (e.g., config.j2)
+api_key: "{{ lookup('onepassword', 'op://My Vault/API Credentials/token') }}"
+```
+
+### Multiple secrets
+
+```yaml
+- name: Fetch multiple secrets
+  debug:
+    msg: 
+      - "{{ lookup('onepassword', 'op://vault/item1/field') }}"
+      - "{{ lookup('onepassword', 'op://vault/item2/field') }}"
+```
+
+## Error Handling
+
+The plugin will raise an error if:
+- The reference doesn't start with `op://`
+- The secret is not found in 1Password
+- There's an error executing the 1Password CLI
--- a/config/ansible/tasks/servers/cifs.yml
+++ b/config/ansible/tasks/servers/cifs.yml
@ -20,7 +20,7 @@
        dest: /root/.smbcredentials
        content: |
          username=u451316
-          password={{ lookup('onepassword', '5j5y5axfjr3f3sn5nixb6htg4y', vault='j7nmhqlsjmp2r6umly5t75hzb4') | default('CHANGE_ME') }}
+          password={{ lookup('onepassword', 'op://j7nmhqlsjmp2r6umly5t75hzb4/5j5y5axfjr3f3sn5nixb6htg4y/new_password') }}
        mode: '0600'

    - name: Add fstab entry for storage-box