Menno van Leeuwen
a3b735f373
Some checks failed
Nix Format Check / check-format (push) Failing after 38s
OnePassword Lookup Plugin
This Ansible lookup plugin allows you to securely fetch secrets from 1Password using the 1Password CLI.
Requirements
- 1Password CLI (
op) must be installed and available in your PATH - You must be signed in to 1Password CLI (
op signin)
Usage
The lookup plugin accepts a 1Password reference string in the format op://vault/item/field.
- name: Fetch a secret from 1Password
debug:
msg: "{{ lookup('onepassword', 'op://vault/item/password') }}"
Examples
Fetch a password
- name: Fetch API key
debug:
msg: "{{ lookup('onepassword', 'op://My Vault/API Credentials/token') }}"
Using with templates
# In your template file (e.g., config.j2)
api_key: "{{ lookup('onepassword', 'op://My Vault/API Credentials/token') }}"
Multiple secrets
- name: Fetch multiple secrets
debug:
msg:
- "{{ lookup('onepassword', 'op://vault/item1/field') }}"
- "{{ lookup('onepassword', 'op://vault/item2/field') }}"
Error Handling
The plugin will raise an error if:
- The reference doesn't start with
op:// - The secret is not found in 1Password
- There's an error executing the 1Password CLI