-
Notifications
You must be signed in to change notification settings - Fork 504
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #1571 from edlyn-liew/master
Add 1Password Connect Secret Retrieval Step Template
- Loading branch information
Showing
3 changed files
with
67 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,65 @@ | ||
| { | ||
| "Id": "ac8e0d06-e7f8-4840-86bb-862341ebeb9d", | ||
| "Name": "1Password Connect - Retrieve Secrets", | ||
| "Description": "This step retrieves one or more secrets from 1Password Connect Server and creates [sensitive output variables](https://octopus.com/docs/projects/variables/output-variables#sensitive-output-variables) for each value retrieved. \n\nThe step supports creating a variable for each key-value in a secret that's retrieved, or you can specify individual keys. These values can be used in other steps in your deployment or runbook process.\n\n\nWe highly recommend creating a custom docker image based off the base image `octopuslabs/workertools:latest`. As running this step template will require the following additional packages installed:\n- 1Password CLI (op) \n- DNS Utilities (nslookup)", | ||
| "ActionType": "Octopus.Script", | ||
| "Version": 1, | ||
| "CommunityActionTemplateId": null, | ||
| "Packages": [], | ||
| "GitDependencies": [], | ||
| "Properties": { | ||
| "Octopus.Action.Script.ScriptSource": "Inline", | ||
| "Octopus.Action.Script.Syntax": "PowerShell", | ||
| "Octopus.Action.Script.ScriptBody": "# Check if the 1Password CLI is installed\nif (-not (Get-Command op -ErrorAction SilentlyContinue)) {\n Write-Output \"Error: 1Password CLI (op) is not installed.\"\n exit 1\n}\n\n# Retrieve environment variables from Octopus\n$env:OP_CONNECT_HOST =$OctopusParameters[\"OnePass.CONNECT_HOST\"]\n$env:OP_CONNECT_TOKEN = $OctopusParameters[\"OnePass.CONNECT_TOKEN\"]\n\n# Perform nslookup after removing \"http://\" or \"https://\"\n$hostLookup = $env:OP_CONNECT_HOST -replace 'https?://', ''\nnslookup $hostLookup\n\n$STEP_NAME = $OctopusParameters[\"Octopus.Step.Name\"]\n\n# Retrieve the list of secrets to process from Octopus variable\n$SECRETS = $OctopusParameters[\"OnePass.SecretsManager.RetrieveSecrets.SecretNames\"]\nWrite-Output $SECRETS\n\n# Validation\nif ([string]::IsNullOrEmpty($SECRETS)) {\n Write-Output \"Required parameter 'OnePass.SecretsManager.RetrieveSecrets.SecretNames' not specified. Exiting...\"\n exit 1\n}\n\n# Helper function to save Octopus variable\nfunction Save-OctopusVariable {\n param (\n [string]$name,\n [string]$value\n )\n\n Set-OctopusVariable -name $name -value $value --sensitive\n Write-Output \"Created output variable: ##{Octopus.Action[$STEP_NAME].Output.$name}\"\n}\n\n# Process each secret entry\n$SECRETS -split \"`n\" | ForEach-Object {\n $secret_entry = $_.Trim()\n if ([string]::IsNullOrEmpty($secret_entry)) { return }\n\n # Check if the secret entry contains the '|' character\n if ($secret_entry -notmatch '\\|') {\n Write-Output \"Warning: The entry '$secret_entry' is not formatted correctly and will be skipped.\"\n return\n }\n\n # Parse the secret entry\n $split_entry = $secret_entry -split '\\|'\n $secret_path = $split_entry[0].Trim() # 1Password path\n $octopus_variable_name = $split_entry[1].Trim() # Octopus variable name\n\n Write-Output \"Fetching secret for path: $secret_path\"\n\n # Retrieve the secret field using 1Password CLI\n $field_value = (& op read $secret_path 2>$null)\n\n # Validate retrieval\n if ($LASTEXITCODE -ne 0 -or [string]::IsNullOrEmpty($field_value)) {\n Write-Output \"Error: Failed to retrieve secret for path '$secret_path'.\"\n exit 1\n }\n\n # Save the retrieved value in the specified Octopus variable\n Save-OctopusVariable -name $octopus_variable_name -value $field_value\n Write-Output \"Secret retrieval and variable setting complete.\"\n}" | ||
| }, | ||
| "Parameters": [ | ||
| { | ||
| "Id": "c5bdd946-b8dd-48b4-97ad-83ee3194ac6e", | ||
| "Name": "OnePass.CONNECT_HOST", | ||
| "Label": "One Password Connect Host", | ||
| "HelpText": "https://developer.1password.com/docs/connect/manage-connect/#create-a-token\n\nIn the format `https://your-1password-connect-server-url` \n\n", | ||
| "DefaultValue": "", | ||
| "DisplaySettings": { | ||
| "Octopus.ControlType": "SingleLineText" | ||
| } | ||
| }, | ||
| { | ||
| "Id": "1b38e91f-4432-4c3e-aaf2-8085875675c8", | ||
| "Name": "OnePass.CONNECT_TOKEN", | ||
| "Label": "One Password Connect Token", | ||
| "HelpText": "https://developer.1password.com/docs/connect/manage-connect/#create-a-token\n\n\n", | ||
| "DefaultValue": "", | ||
| "DisplaySettings": { | ||
| "Octopus.ControlType": "Sensitive" | ||
| } | ||
| }, | ||
| { | ||
| "Id": "69f9e17b-522e-4e32-9c3d-71adbe42326c", | ||
| "Name": "OnePass.SecretsManager.RetrieveSecrets.SecretNames", | ||
| "Label": "", | ||
| "HelpText": "Specify the names of the secrets to be returned from OnePassword Connect Vault, in the format:\n\n `op://vault-name/item-name/section-name/field-name | OctopusVariableName`.\n\nWhere OctopusVariableName is the name of the Variable you would like for the retrieved password to be stored in \n\n**Note:** Multiple fields can be retrieved by entering each one on a new line.", | ||
| "DefaultValue": "", | ||
| "DisplaySettings": { | ||
| "Octopus.ControlType": "MultiLineText" | ||
| } | ||
| }, | ||
| { | ||
| "Id": "9ed20f04-53c6-442f-ba11-45581b9a0281", | ||
| "Name": "OnePass.SecretsManager.RetrieveSecrets.PrintVariableNames", | ||
| "Label": "Print output variable names", | ||
| "HelpText": "Write out the Octopus [output variable](https://octopus.com/docs/projects/variables/output-variables) names to the task log. Default: `False`.", | ||
| "DefaultValue": "False", | ||
| "DisplaySettings": { | ||
| "Octopus.ControlType": "Checkbox" | ||
| } | ||
| } | ||
| ], | ||
| "StepPackageId": "Octopus.Script", | ||
| "$Meta": { | ||
| "ExportedAt": "2024-11-06T05:48:36.574Z", | ||
| "OctopusVersion": "2024.4.6576", | ||
| "Type": "ActionTemplate" | ||
| }, | ||
| "LastModifiedBy": "edlyn.liew@octopus.com", | ||
| "Category": "1password-connect" | ||
| } |