Skip to content

1Password

1Password storage providers allows to read vault items and pass them around to a consumer - like a transformer.
If you have a 1Password account it's highly recommended to keep your encryption private key stored there.

Notice

This storage provider can not be used to manage terraform state files.

Tip

This provider was mainly developed to serve encryption providers - like age.

Initialization

OnePasswordStorageProviderInitConfig

Initialization params required to initialize 1Password storage provider.

1Password storage provider currently have no initialization params required.

Source code in terraflex/plugins/onepassword_storage_provider/onepassword_storage_provider.py 
28
29
30
31
32
class OnePasswordStorageProviderInitConfig(BaseModel):
    """Initialization params required to initialize 1Password storage provider.

    1Password storage provider currently have no initialization params required.
    """

ItemKey

OnePasswordProviderItemIdentifier

Bases: ItemKey

Params required to reference an item in 1Password storage provider.

Attributes:

Name Type Description
reference_uri str

1Password URI to the item. Example: op://<vault>/<item>/<field>
Source code in terraflex/plugins/onepassword_storage_provider/onepassword_storage_provider.py 
14
15
16
17
18
19
20
21
22
23
24
25
class OnePasswordProviderItemIdentifier(ItemKey):
    """Params required to reference an item in 1Password storage provider.

    Attributes:
        reference_uri: 1Password URI to the item. Example: `op://<vault>/<item>/<field>`
    """

    reference_uri: str

    @override
    def as_string(self) -> str:
        return self.reference_uri.replace("/", "_").replace(":", "_")

Example

terraflex.yaml
storage_providers:
  git-storage: # Initialize new storage provider - name can be anything
    type: git # In this case we use `git` storage provider
    origin_url: git@github.com:IamShobe/tf-state.git

  onepassword-example: # Initialize new storage provider - name can be anything
    type: onepassword # In this case we use `1password` storage provider

transformers:
  encryption: # Initialize new transformer - Name can be anything, we use `encryption` for semantics.
    type: encryption # In this case we use `encryption` transformer
    key_type: age # We use `age` as the encryption provider
    import_from_storage:
      provider: onepassword-example # Make sure name is matching your storage provider
      params:
        reference_uri: op://AutomationIAC/iac-terraform-age-key/password # The reference URI to use for the encryption key

stacks:
  my-stack: # Initialize new stack - Name can be anything
    transformers: # List of transformers to use in this specific stack
      - encryption # Make sure name is matching your transformer
    state_storage: # Terraform state storage configuration
      provider: git-storage # In this case we use our git storage provider
      params:
        path: terraform.tfstate # The path to the state file inside our repository