{"id":13680268,"url":"https://github.com/cdhunt/SecretManagement.1Password","last_synced_at":"2025-04-29T23:30:59.513Z","repository":{"id":37768640,"uuid":"313704736","full_name":"cdhunt/SecretManagement.1Password","owner":"cdhunt","description":"This is a SecretManagement extension for 1Password.","archived":false,"fork":false,"pushed_at":"2025-02-13T19:07:39.000Z","size":70,"stargazers_count":25,"open_issues_count":16,"forks_count":15,"subscribers_count":6,"default_branch":"main","last_synced_at":"2025-04-03T19:51:06.446Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"PowerShell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cdhunt.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-11-17T18:15:34.000Z","updated_at":"2025-03-08T17:25:47.000Z","dependencies_parsed_at":"2023-01-17T17:01:07.161Z","dependency_job_id":null,"html_url":"https://github.com/cdhunt/SecretManagement.1Password","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cdhunt%2FSecretManagement.1Password","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cdhunt%2FSecretManagement.1Password/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cdhunt%2FSecretManagement.1Password/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cdhunt%2FSecretManagement.1Password/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cdhunt","download_url":"https://codeload.github.com/cdhunt/SecretManagement.1Password/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":251599838,"owners_count":21615587,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-02T13:01:15.010Z","updated_at":"2025-04-29T23:30:54.497Z","avatar_url":"https://github.com/cdhunt.png","language":"PowerShell","funding_links":[],"categories":["PowerShell"],"sub_categories":[],"readme":"# SecretManagement extension for 1Password\n\nThis powershell module is a\n[SecretManagement](https://github.com/PowerShell/SecretManagement)\nextension for\n[1Password](https://1password.com/).\nIt leverages the [`1password-cli`](https://support.1password.com/command-line/)\nto interact with 1Password.\n\nThe SecretManagment.1Password module requires that the 1Password CLI application is installed and configured to access 1Password.\n\n## Prerequisites\n\n* [PowerShell](https://github.com/PowerShell/PowerShell)\n* The [`1password-cli`](https://support.1password.com/command-line/) and accessible from Path\n* Enable access to 1Password through one of the following methods:\n  * Activate the [1Password app integration](https://developer.1password.com/docs/cli/app-integration/)\n  * [Add a new 1Password account to 1Password CLI manually](https://developer.1password.com/docs/cli/reference/management-commands/account#account-add) with your account password and Secret Key.\n    ```pwsh\n    op account add --address my.1password.com --email user@example.org\n    ```\n* The [SecretManagement PowerShell](https://github.com/PowerShell/SecretManagement) module\n\nYou can get the `SecretManagement` module from the PowerShell Gallery:\n\nUsing PowerShellGet v2:\n\n```pwsh\nInstall-Module Microsoft.PowerShell.SecretManagement\n```\n\nUsing PowerShellGet v3:\n\n```pwsh\nInstall-PSResource Microsoft.PowerShell.SecretManagement -Prerelease\n```\n## Installation\n\nThis module can be installed from the PowerShell Gallery:\n\nUsing PowerShellGet v2:\n\n```pwsh\nInstall-Module SecretManagement.1Password\n```\n\nUsing PowerShellGet v3:\n\n```pwsh\nInstall-PSResource SecretManagement.1Password\n```\n\n## Registration\n\nOnce the SecretManagement.1Password module is installed, a SecretManagement vault must be registered as follows:\n\n```pwsh\nRegister-SecretVault -Name '1Password: MyVaultName' `\n        -ModuleName 'SecretManagement.1Password' `\n        -VaultParameters @{AccountName='myaccount.1password.com'; OPVault = 'MyVaultName'}\n```\nNext are the detials provided in the registration:\n* **Name**: Name of the SecretManagement vault. This will be the name to use when managing secrets from the SecretManagement powershell cmdlets.\n* **ModuleName**: Name of the PowerShell extension module that will be interacting with the underlyging secrets source. In this case, as the source will be \"1Password\" the extension module name must be \"SecretManagement.1Password\".\n* **VaultParameters**: Optional. Details required by the extension module to access the source secrets. See the section [Vault parameters](#Vault-parameters) for details specific for the SecretManagement.1Password extension module (used to access 1Password).\n\n**Note**: The name given to the SecretManagement vault (provided with the `Name` parameter) doesn't need to match the name of an existing vault in 1Password. Considering that the SecretManagement module supports multiple sources, it may be useful to prefix each of its vaults with a word that allows to know the source. For instance, in the case of 1Password vaults, the SecretManagement vaults can be named as \"1Password: VaultName\".\n\nIt is recommended to regiser one SecretManagement vault for each 1Password vault that need to be accessed.\n\n\n### Vault parameters\n\nThe module also has the following vault parameter that must be provided at registration.\n\n```pwsh\n$vaultParameters = @{\n    AccountName = 'myaccount.1password.com'\n    OPVault = 'MyVaultName'\n}\n```\n\n#### AccountName\n\nOptional. Specifies what 1Password account to connect to when accessing secrets. It is common to have a corporate and a personal account. This parameter allows to select one of your accounts. If this parameter is not provided, then the default 1Password account will be used.\n\nThe 1Password account name can be found in the URL used to access 1Password as follows:\n\n```\nhttps://myaccountname.1password.com/\n        ^^^^^^^^^^^^^^^^^^^^^^^^^^^\n```\nCorporate accounts are typically accessed through a URL like `https://myaccountname.1password.com/`. In this example, the account name is `myaccountname.1password.com`.\n\nPersonal accounts typically have `my.1password.com` as account name.\n\n#### OPVault\n\nName or Id of the 1Password vault associated with the SecretManagement vault.\n\nIf this parameter is missing then the 1Password CLI will search on all vaults in the target account. \n\n\u003e [!WARNING]\n\u003e Not linking the SecretManagement vault with a unique 1Password vault may cause issues because there may be more than one secret, stored in different 1Password vaults, sharing the same name. In that case, retrieval and updates uperations will have issues.\n\n## Dependencies\n\nThis module extension has been developed and tested with the following dependencies' version:\n* **PowerShell**: 5.1\n* **Microsoft.PowerShell.SecretManagement**: 1.1.2\n* **1Password CLI**: 2.30.0\n\n## Known issues\n\n### Development issue: Reimporting the extension module (or the parent SecretManagement module) doesn't refresh changes made in the extension module after the later has been previusly loaded\n\n\u003e [!NOTE]\n\u003e This issue affects only to developers of this module extension. Regular users are not affected.\n\nThe SecretManagement.1Password module is an extension for the main module Microsoft.PowerShell.SecretManagement.\n\nThe need to nest extension modules comes due to the fact that all extension modules for Microsoft.PowerShell.SecretManagement, contain the same public function names which would be overwritten if more than one extension module (vault type) were loaded on the same session.\n\nWhile developing there is the need to make changes to the functions of the extension module and then run them to see the effect. This can be done by loading the extension module (*.psm1) as a main module and then calling directly its functions. However, this approach presents limitations:\n\n- It doesn't allow to see the parameters being passed by the main module (Microsoft.PowerShell.SecretManagement).\n- It doesn't allow to see the transformations made by the parent module before the output is being finally returned to the calling code.\n\nTo see all effects of running the extension module as a nested extension of its parent module (Microsoft.PowerShell.SecretManagement) it is needed to import the parent module and then call one of the cmdlets associated with a vault registered with Microsoft.PowerShell.SecretManagement. Let's see an example\n\n```pwsh\n# Import the main module.\nImport-Module Microsoft.PowerShell.SecretManagement\n# Make sure the target vault is registered with its associated extension module.\nRegister-SecretVault -Name \"MyVaultName\" `\n        -ModuleName 'PathToModule\\SecretManagement.1Password\\SecretManagement.1Password.psd1' `\n        -VaultParameters @{OPVault = 'Employee'} `\n        -AllowClobber\n# Call an extension cmdlet through the main module.\nGet-Secret -Vault \"MyVaultName\" -Name \"MySecretName\"\n```\nNote that the extension module is referenced with the path to the main *.psd1 file of the extension module. This path is specific for each development environment.\n\nThe above code works well if the extension module is not changed. However, if changes are made, then re-importing the main module will not refresh the extension module in the PowerShell cache with the new changes. Even the following code, that uses the -Force parameter and explicitly unload both, the main and the extension modules, will not solve the issue:\n\n```pwsh\nGet-Module SecretManagement.1Password | Remove-Module -Force;\nGet-Module Microsoft.PowerShell.SecretManagement | Remove-Module -Force;\nImport-Module Microsoft.PowerShell.SecretManagement -Force;\nImport-Module 'PathToModule\\SecretManagement.1Password\\SecretManagement.1Password.psd1' -Force;\nGet-SecretVault \"MyVaultName\" | Unregister-SecretVault\nRegister-SecretVault -Name \"MyVaultName\" `\n        -ModuleName 'SecretManagement.1Password' `\n        -VaultParameters @{OPVault = 'Employee'} `\n        -AllowClobber\n```\nThis is a [known issue](https://github.com/PowerShell/PowerShell/issues/2505#issuecomment-263105859) discussed internally by the PowerShell team who reached to the conclusion that [it is by \"design\"](https://github.com/PowerShell/PowerShell/issues/2505#issuecomment-902325128).\n\nNot being able to reload nested modules during development time also affects Pester tests which require the console session to be re-started every time a change is made in the functions of the extension (nested) module. The easiest way to restart the console, in VSCode, to avoid restarting the development environment, is as follows:\n1. Click on the commands box, on the top of the main window\n1. Select \"Show and Run Commands \u003e\"\n1. Run \"PowerShell: Restart Session\"\n\n#### References\n\n- [Reloading module does not reload submodules](https://github.com/PowerShell/PowerShell/issues/2505#issuecomment-263105859)\n- [Conclusion from the PowerShell team about the issue](https://github.com/PowerShell/PowerShell/issues/2505#issuecomment-902325128)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcdhunt%2FSecretManagement.1Password","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcdhunt%2FSecretManagement.1Password","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcdhunt%2FSecretManagement.1Password/lists"}