# 1password-secrets
[](https://pypi.python.org/pypi/1password-secrets/)
[](https://github.com/significa/1password-secrets/actions/workflows/ci-cd.yaml)
1password-secrets is a set of utilities to sync 1Password secrets. It enables:
- Seamless sharing of _local_ secrets used for development.
Developers starting out in a project can just use this tool to retrieve the `.env` file needed for
local development.
Likewise it is also simple to push back any local changes to the 1password vault.
- More secure and simpler method of managing Fly.io secrets.
By default, Fly secrets must be managed by `flyctl`. This means that setting secrets in
production, developers must use `flyctl` passing credentials via arguments - risking credentials
being stored in their histories. Alternatively one must secrets in a file and run
`flyctl secrets import`. This works well, but you must ensure everything is synched to a
secret/password manager and then delete the file.
1password-secrets enables a leaner management of secrets via 1password. Via an app name,
automatically finds and imports secrets in an 1password _secure note_ to Fly. This way you ensure
developers always keep secrets up-to-date and never lost files in their computer.
Motivation: Using 1password for this avoids the need for another external secret management tool.
And keeps the access control in a centralised place that we already use.
## Getting started
### Requirements
- Install the required dependencies:
1Password >= `8.9.13`
1Password CLI >= `2.13.1`
flyctl >= `0.0.451`
Python >= `3.9`
```
brew install --cask 1password 1password-cli && \
brew install flyctl
```
More information and installation instructions for other systems can be found
[in the 1password documentation](https://developer.1password.com/docs/cli/get-started/).
- Allow 1Password to connect to 1Password-CLI by going to `Settings` -> `Developer` ->
`Command-Line Interface (CLI)` and select `Connect with 1Password CLI`.
- Sign into your 1Password desktop and if you wish to use the fly integration, also make sure
the CLI is authenticated.
### Installation
In most systems (Mac and Linux) when `pip3` (Python's 3 PIP) is in path
and you want to install it at the user level:
`pip3 install -U 1password-secrets`
Otherwise you may need to install it with invoking your preferred Python version:
`python3 -m pip install -U 1password-secrets`.
Or, even more specific `python3.12 -m pip install -U 1password-secrets`
Also, if your "_environment is externally managed_" you _can_ bypass it with:
`python3 -m pip install -U --break-system-packages 1password-secrets`
If you use tools like `pipx` or manage your environment differently adapt the installation
instructions.
## Usage
### Local
From within a valid git repository with remote "origin" ending in `<owner>/<repo>.git`,
1password-secrets will be able to `pull` and `push` secrets to a 1password secure note containing
`repo:<owner>/<repo>` in its name. By default it syncs to `./.env` file,
this can overridden with a `file_name` field containing the desired relative file path.
To get secrets from 1Password, run:
`1password-secrets local pull`
To push the local changes to 1Password, run:
`1password-secrets local push`
### Fly
Make sure you have a Secure Note in 1Password with `fly:<fly-app-name>` in the title. `fly-app-name`
is the name of your fly application.
To import secrets to fly, run:
`1password-secrets fly import <fly-app-name>`
Secrets can be edit directly on 1Password app or using the command:
`1password-secrets fly edit <fly-app-name>`
## Development
- Ensure you have `make` installed.
- Create a virtual environment: `make setup-venv`.
- Install dependencies: `make install-deps`.
Then you can install (link) the repo globally with `make local-install`.
Before pushing changes ensure your code is properly formatted with `make lint`.
Auto format the code with `make format`
Raw data
{
"_id": null,
"home_page": "https://github.com/significa/fly-1password-secrets",
"name": "1password-secrets",
"maintainer": "",
"docs_url": null,
"requires_python": ">=3.9",
"maintainer_email": "",
"keywords": "fly.io,1password,secrets",
"author": "Significa",
"author_email": "",
"download_url": "https://files.pythonhosted.org/packages/d4/c3/2bfa085159610d648a6b6786aeddcb2dd589cefc4b2110e4de685ab0adfd/1password-secrets-0.0.8.tar.gz",
"platform": null,
"description": "# 1password-secrets\n\n[](https://pypi.python.org/pypi/1password-secrets/)\n[](https://github.com/significa/1password-secrets/actions/workflows/ci-cd.yaml)\n\n1password-secrets is a set of utilities to sync 1Password secrets. It enables:\n\n- Seamless sharing of _local_ secrets used for development.\n Developers starting out in a project can just use this tool to retrieve the `.env` file needed for\n local development.\n Likewise it is also simple to push back any local changes to the 1password vault.\n\n- More secure and simpler method of managing Fly.io secrets.\n By default, Fly secrets must be managed by `flyctl`. This means that setting secrets in\n production, developers must use `flyctl` passing credentials via arguments - risking credentials\n being stored in their histories. Alternatively one must secrets in a file and run\n `flyctl secrets import`. This works well, but you must ensure everything is synched to a\n secret/password manager and then delete the file.\n 1password-secrets enables a leaner management of secrets via 1password. Via an app name,\n automatically finds and imports secrets in an 1password _secure note_ to Fly. This way you ensure\n developers always keep secrets up-to-date and never lost files in their computer.\n\nMotivation: Using 1password for this avoids the need for another external secret management tool.\nAnd keeps the access control in a centralised place that we already use.\n\n## Getting started\n\n### Requirements\n\n- Install the required dependencies:\n\n 1Password >= `8.9.13`\n\n 1Password CLI >= `2.13.1`\n\n flyctl >= `0.0.451`\n\n Python >= `3.9`\n\n ```\n brew install --cask 1password 1password-cli && \\\n brew install flyctl\n ```\n\n More information and installation instructions for other systems can be found\n [in the 1password documentation](https://developer.1password.com/docs/cli/get-started/).\n\n- Allow 1Password to connect to 1Password-CLI by going to `Settings` -> `Developer` ->\n `Command-Line Interface (CLI)` and select `Connect with 1Password CLI`.\n\n- Sign into your 1Password desktop and if you wish to use the fly integration, also make sure\n the CLI is authenticated.\n\n### Installation\n\nIn most systems (Mac and Linux) when `pip3` (Python's 3 PIP) is in path\nand you want to install it at the user level:\n\n`pip3 install -U 1password-secrets`\n\nOtherwise you may need to install it with invoking your preferred Python version:\n`python3 -m pip install -U 1password-secrets`.\n\nOr, even more specific `python3.12 -m pip install -U 1password-secrets`\n\nAlso, if your \"_environment is externally managed_\" you _can_ bypass it with:\n`python3 -m pip install -U --break-system-packages 1password-secrets`\n\nIf you use tools like `pipx` or manage your environment differently adapt the installation\ninstructions.\n\n## Usage\n\n### Local\n\nFrom within a valid git repository with remote \"origin\" ending in `<owner>/<repo>.git`,\n1password-secrets will be able to `pull` and `push` secrets to a 1password secure note containing\n`repo:<owner>/<repo>` in its name. By default it syncs to `./.env` file,\nthis can overridden with a `file_name` field containing the desired relative file path.\n\nTo get secrets from 1Password, run:\n`1password-secrets local pull`\n\nTo push the local changes to 1Password, run:\n`1password-secrets local push`\n\n### Fly\n\nMake sure you have a Secure Note in 1Password with `fly:<fly-app-name>` in the title. `fly-app-name`\nis the name of your fly application.\n\nTo import secrets to fly, run:\n`1password-secrets fly import <fly-app-name>`\n\nSecrets can be edit directly on 1Password app or using the command:\n`1password-secrets fly edit <fly-app-name>`\n\n## Development\n\n- Ensure you have `make` installed.\n- Create a virtual environment: `make setup-venv`.\n- Install dependencies: `make install-deps`.\n\nThen you can install (link) the repo globally with `make local-install`.\n\nBefore pushing changes ensure your code is properly formatted with `make lint`.\nAuto format the code with `make format`\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "1password-secrets is a set of utilities to sync 1Password secrets.",
"version": "0.0.8",
"project_urls": {
"Homepage": "https://github.com/significa/fly-1password-secrets"
},
"split_keywords": [
"fly.io",
"1password",
"secrets"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "cfb910b6af08ee8e16acdf89e3157530107ec9cb1e3b360a6e2996afcccd8801",
"md5": "efcf386264cfd0a53af9ada239f6c9f5",
"sha256": "8e1c9beddbe7105acefe6cbe67e5b7f9ba39cc5193c10d2a7c49189a4238534d"
},
"downloads": -1,
"filename": "1password_secrets-0.0.8-py3-none-any.whl",
"has_sig": false,
"md5_digest": "efcf386264cfd0a53af9ada239f6c9f5",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.9",
"size": 8212,
"upload_time": "2024-03-18T11:19:25",
"upload_time_iso_8601": "2024-03-18T11:19:25.822197Z",
"url": "https://files.pythonhosted.org/packages/cf/b9/10b6af08ee8e16acdf89e3157530107ec9cb1e3b360a6e2996afcccd8801/1password_secrets-0.0.8-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "d4c32bfa085159610d648a6b6786aeddcb2dd589cefc4b2110e4de685ab0adfd",
"md5": "586970f4cc78356441164252eb95b5a4",
"sha256": "c06fb3ec62ce81abc69679b6dd065dd063d15690fd4f0e757b67c1cc0447bf54"
},
"downloads": -1,
"filename": "1password-secrets-0.0.8.tar.gz",
"has_sig": false,
"md5_digest": "586970f4cc78356441164252eb95b5a4",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.9",
"size": 8119,
"upload_time": "2024-03-18T11:19:27",
"upload_time_iso_8601": "2024-03-18T11:19:27.026837Z",
"url": "https://files.pythonhosted.org/packages/d4/c3/2bfa085159610d648a6b6786aeddcb2dd589cefc4b2110e4de685ab0adfd/1password-secrets-0.0.8.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-03-18 11:19:27",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "significa",
"github_project": "fly-1password-secrets",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"requirements": [
{
"name": "python-dotenv",
"specs": [
[
"==",
"0.21.1"
]
]
},
{
"name": "sgqlc",
"specs": [
[
"==",
"16.1"
]
]
}
],
"lcname": "1password-secrets"
}
JSON
