[](https://significa.co)
# 1password-secrets
[](https://pypi.python.org/pypi/1password-secrets/)
[](https://github.com/significa/1password-secrets/actions/workflows/ci-cd.yaml)
1password-secrets is a CLI utility to sync 1Password secrets (env files). It enables:
- Seamless sharing of _local_ secrets used for development.
Developers starting out in a project can just use this tool to retrieve the `.env` file needed for
local development.
Likewise it is also simple to push back any local changes to the 1password vault.
- More secure and simpler method of managing Fly.io secrets.
By default, Fly secrets must be managed by `flyctl`. This means that setting secrets in
production, developers must use `flyctl` passing credentials via arguments - risking credentials
being stored in their histories. Alternatively one must secrets in a file and run
`flyctl secrets import`. This works well, but you must ensure everything is synched to a
secret/password manager and then delete the file.
1password-secrets enables a leaner management of secrets via 1password. Via an app name,
automatically finds and imports secrets in an 1password _secure note_ to Fly. This way you ensure
developers always keep secrets up-to-date and never lost files in their computer.
Motivation: Using 1password for this avoids the need for another external secret management tool.
And keeps the access control in a centralised place that we already use.
## Getting started
### Requirements
- Install the required dependencies:
1Password >= `8.9.13`
1Password CLI >= `2.13.1`
flyctl >= `0.0.451`
Python >= `3.10`
```
brew install --cask 1password 1password-cli && \
brew install flyctl
```
More information and installation instructions for other systems can be found
[in the 1password documentation](https://developer.1password.com/docs/cli/get-started/).
- Allow 1Password to connect to 1Password-CLI by going to `Settings` -> `Developer` ->
`Command-Line Interface (CLI)` and select `Connect with 1Password CLI`.
- Sign into your 1Password desktop and if you wish to use the fly integration, also make sure
the CLI is authenticated.
### Installation
In most systems (Mac and Linux) when `pip3` (Python's 3 PIP) is in path
and you want to install it at the user level:
`pip3 install -U 1password-secrets`
Otherwise you may need to install it with invoking your preferred Python version:
`python3 -m pip install -U 1password-secrets`.
Or, even more specific `python3.12 -m pip install -U 1password-secrets`
Also, if your "_environment is externally managed_" you _can_ bypass it with:
`python3 -m pip install -U --break-system-packages 1password-secrets`
If you use tools like `pipx` or manage your environment differently adapt the installation
instructions.
## Usage
### Local
1password-secrets will allow you to `create`, `pull` and `push` secrets to a 1password secure note
with `repo:<owner>/<repo>` or `local:<dir-basename>` in its name. `repo` is used when within a valid
git repository with remote "origin" set.
The remote name can be changed with the `--remote` switch if you use a different remote
(e.g. `upstream`)
By default it syncs to `./.env` file, this can overridden with a `file_name` field in 1password
containing the desired relative file path.
By default it searches items across 1password vaults. Restrict the search to a single vault with the
`--vault` switch.
- To bootstrap a 1Password secret matching the current repo/directory, run:
`1password-secrets local create ./env`
Where `./env` is an existing file you with to use.
- To get secrets from 1Password, run:
`1password-secrets local pull`
- To push the local changes to 1Password, run:
`1password-secrets local push`
### Fly
Make sure you have a Secure Note in 1Password with `fly:<fly-app-name>` in the title. `fly-app-name`
is the name of your fly application.
As with `Local` secrets above, you can specify a single 1Password vault by name or id with the
`--vault` option.
- To import secrets to fly, run:
`1password-secrets fly import <fly-app-name>`
- Secrets can be edited directly on 1Password app or using the command:
`1password-secrets fly edit <fly-app-name>`
## Development
- Ensure you have `make` installed.
- Create a virtual environment: `make setup-venv`.
- Install dependencies: `make install-deps`.
Then you can install (link) the repo globally with `make local-install`.
Before pushing changes ensure your code is properly formatted with `make lint`.
Auto format the code with `make format`
Raw data
{
"_id": null,
"home_page": "https://github.com/significa/fly-1password-secrets",
"name": "1password-secrets",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.10",
"maintainer_email": null,
"keywords": "fly.io, 1password, secrets",
"author": "Significa",
"author_email": null,
"download_url": "https://files.pythonhosted.org/packages/7b/32/791da34f6958281e57ec8577765d82f003b75b6437f7cb36304e5bcda44d/1password-secrets-0.2.1.tar.gz",
"platform": null,
"description": "[](https://significa.co)\n\n# 1password-secrets\n\n[](https://pypi.python.org/pypi/1password-secrets/)\n[](https://github.com/significa/1password-secrets/actions/workflows/ci-cd.yaml)\n\n1password-secrets is a CLI utility to sync 1Password secrets (env files). It enables:\n\n- Seamless sharing of _local_ secrets used for development.\n Developers starting out in a project can just use this tool to retrieve the `.env` file needed for\n local development.\n Likewise it is also simple to push back any local changes to the 1password vault.\n\n- More secure and simpler method of managing Fly.io secrets.\n By default, Fly secrets must be managed by `flyctl`. This means that setting secrets in\n production, developers must use `flyctl` passing credentials via arguments - risking credentials\n being stored in their histories. Alternatively one must secrets in a file and run\n `flyctl secrets import`. This works well, but you must ensure everything is synched to a\n secret/password manager and then delete the file.\n 1password-secrets enables a leaner management of secrets via 1password. Via an app name,\n automatically finds and imports secrets in an 1password _secure note_ to Fly. This way you ensure\n developers always keep secrets up-to-date and never lost files in their computer.\n\nMotivation: Using 1password for this avoids the need for another external secret management tool.\nAnd keeps the access control in a centralised place that we already use.\n\n## Getting started\n\n### Requirements\n\n- Install the required dependencies:\n\n 1Password >= `8.9.13`\n\n 1Password CLI >= `2.13.1`\n\n flyctl >= `0.0.451`\n\n Python >= `3.10`\n\n ```\n brew install --cask 1password 1password-cli && \\\n brew install flyctl\n ```\n\n More information and installation instructions for other systems can be found\n [in the 1password documentation](https://developer.1password.com/docs/cli/get-started/).\n\n- Allow 1Password to connect to 1Password-CLI by going to `Settings` -> `Developer` ->\n `Command-Line Interface (CLI)` and select `Connect with 1Password CLI`.\n\n- Sign into your 1Password desktop and if you wish to use the fly integration, also make sure\n the CLI is authenticated.\n\n### Installation\n\nIn most systems (Mac and Linux) when `pip3` (Python's 3 PIP) is in path\nand you want to install it at the user level:\n\n`pip3 install -U 1password-secrets`\n\nOtherwise you may need to install it with invoking your preferred Python version:\n`python3 -m pip install -U 1password-secrets`.\n\nOr, even more specific `python3.12 -m pip install -U 1password-secrets`\n\nAlso, if your \"_environment is externally managed_\" you _can_ bypass it with:\n`python3 -m pip install -U --break-system-packages 1password-secrets`\n\nIf you use tools like `pipx` or manage your environment differently adapt the installation\ninstructions.\n\n## Usage\n\n### Local\n\n1password-secrets will allow you to `create`, `pull` and `push` secrets to a 1password secure note\nwith `repo:<owner>/<repo>` or `local:<dir-basename>` in its name. `repo` is used when within a valid\ngit repository with remote \"origin\" set.\n\nThe remote name can be changed with the `--remote` switch if you use a different remote\n(e.g. `upstream`)\n\nBy default it syncs to `./.env` file, this can overridden with a `file_name` field in 1password\ncontaining the desired relative file path.\n\nBy default it searches items across 1password vaults. Restrict the search to a single vault with the\n`--vault` switch.\n\n- To bootstrap a 1Password secret matching the current repo/directory, run:\n `1password-secrets local create ./env` \n Where `./env` is an existing file you with to use.\n\n- To get secrets from 1Password, run:\n `1password-secrets local pull`\n\n- To push the local changes to 1Password, run:\n `1password-secrets local push`\n\n### Fly\n\nMake sure you have a Secure Note in 1Password with `fly:<fly-app-name>` in the title. `fly-app-name`\nis the name of your fly application.\n\nAs with `Local` secrets above, you can specify a single 1Password vault by name or id with the\n`--vault` option.\n\n- To import secrets to fly, run:\n `1password-secrets fly import <fly-app-name>`\n\n- Secrets can be edited directly on 1Password app or using the command:\n `1password-secrets fly edit <fly-app-name>`\n\n## Development\n\n- Ensure you have `make` installed.\n- Create a virtual environment: `make setup-venv`.\n- Install dependencies: `make install-deps`.\n\nThen you can install (link) the repo globally with `make local-install`.\n\nBefore pushing changes ensure your code is properly formatted with `make lint`.\nAuto format the code with `make format`\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "1password-secrets is a set of utilities to sync 1Password secrets.",
"version": "0.2.1",
"project_urls": {
"Homepage": "https://github.com/significa/fly-1password-secrets"
},
"split_keywords": [
"fly.io",
" 1password",
" secrets"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "07e721e11910d8ed438fda9bbebcceea972f8dd1a7c36cc915c3613ba3818a96",
"md5": "58cddbaab08da5c795f20402d57526a8",
"sha256": "d8544b4f368abdc6ddd729384aeeb3f16a7dbe128ed3efc9ce48e01308433f2b"
},
"downloads": -1,
"filename": "1password_secrets-0.2.1-py3-none-any.whl",
"has_sig": false,
"md5_digest": "58cddbaab08da5c795f20402d57526a8",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.10",
"size": 8883,
"upload_time": "2024-09-17T11:28:47",
"upload_time_iso_8601": "2024-09-17T11:28:47.730053Z",
"url": "https://files.pythonhosted.org/packages/07/e7/21e11910d8ed438fda9bbebcceea972f8dd1a7c36cc915c3613ba3818a96/1password_secrets-0.2.1-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "7b32791da34f6958281e57ec8577765d82f003b75b6437f7cb36304e5bcda44d",
"md5": "c588a2c988ddbf99c1a114fad959ad07",
"sha256": "5753d8584a599df0a3b3e37d87a44fe58f4213fe43df41f18547bc68ad6d9a6a"
},
"downloads": -1,
"filename": "1password-secrets-0.2.1.tar.gz",
"has_sig": false,
"md5_digest": "c588a2c988ddbf99c1a114fad959ad07",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.10",
"size": 8999,
"upload_time": "2024-09-17T11:28:49",
"upload_time_iso_8601": "2024-09-17T11:28:49.121653Z",
"url": "https://files.pythonhosted.org/packages/7b/32/791da34f6958281e57ec8577765d82f003b75b6437f7cb36304e5bcda44d/1password-secrets-0.2.1.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-09-17 11:28:49",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "significa",
"github_project": "fly-1password-secrets",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"requirements": [
{
"name": "python-dotenv",
"specs": [
[
"==",
"1.0.1"
]
]
},
{
"name": "sgqlc",
"specs": [
[
"==",
"16.4"
]
]
}
],
"lcname": "1password-secrets"
}
JSON
