# OnePassword Lookup Plugin

This Ansible lookup plugin allows you to securely fetch secrets from 1Password using the 1Password CLI.

## Requirements

- 1Password CLI (`op`) must be installed and available in your PATH
- You must be signed in to 1Password CLI (`op signin`)

## Usage

The lookup plugin accepts a 1Password reference string in the format `op://vault/item/field`.

```yaml
- name: Fetch a secret from 1Password
  debug:
    msg: "{{ lookup('onepassword', 'op://vault/item/password') }}"
```

## Examples

### Fetch a password

```yaml
- name: Fetch API key
  debug:
    msg: "{{ lookup('onepassword', 'op://My Vault/API Credentials/token') }}"
```

### Using with templates

```yaml
# In your template file (e.g., config.j2)
api_key: "{{ lookup('onepassword', 'op://My Vault/API Credentials/token') }}"
```

### Multiple secrets

```yaml
- name: Fetch multiple secrets
  debug:
    msg: 
      - "{{ lookup('onepassword', 'op://vault/item1/field') }}"
      - "{{ lookup('onepassword', 'op://vault/item2/field') }}"
```

## Error Handling

The plugin will raise an error if:
- The reference doesn't start with `op://`
- The secret is not found in 1Password
- There's an error executing the 1Password CLI