{"id":28241831,"url":"https://github.com/significa/1password-secrets","last_synced_at":"2025-06-11T09:31:11.802Z","repository":{"id":95032725,"uuid":"595184395","full_name":"significa/1password-secrets","owner":"significa","description":"1password-secrets is a CLI utility to sync 1Password secrets to local env files and Fly apps.","archived":false,"fork":false,"pushed_at":"2025-06-09T09:50:17.000Z","size":99,"stargazers_count":18,"open_issues_count":4,"forks_count":3,"subscribers_count":7,"default_branch":"main","last_synced_at":"2025-06-09T11:05:18.002Z","etag":null,"topics":["1password","1password-cli","cli-tool","flyio","secrets"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/significa.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2023-01-30T15:16:26.000Z","updated_at":"2025-05-07T09:37:11.000Z","dependencies_parsed_at":"2023-10-11T12:54:48.220Z","dependency_job_id":"e81d5137-6cf9-4789-bea2-0cdc60472d45","html_url":"https://github.com/significa/1password-secrets","commit_stats":null,"previous_names":["significa/fly-1password-secrets"],"tags_count":11,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/significa%2F1password-secrets","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/significa%2F1password-secrets/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/significa%2F1password-secrets/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/significa%2F1password-secrets/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/significa","download_url":"https://codeload.github.com/significa/1password-secrets/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/significa%2F1password-secrets/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":258865001,"owners_count":22769967,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["1password","1password-cli","cli-tool","flyio","secrets"],"created_at":"2025-05-19T05:08:52.976Z","updated_at":"2025-06-11T09:31:11.790Z","avatar_url":"https://github.com/significa.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![PyPI version 1password-secrets](https://raw.githubusercontent.com/significa/.github/main/assets/significa-github-banner-small.png)](https://significa.co)\n\n# 1password-secrets\n\n[![PyPI version 1password-secrets](https://img.shields.io/pypi/v/1password-secrets.svg)](https://pypi.python.org/pypi/1password-secrets/)\n[![CI/CD](https://github.com/significa/1password-secrets/actions/workflows/ci-cd.yaml/badge.svg)](https://github.com/significa/1password-secrets/actions/workflows/ci-cd.yaml)\n\n1password-secrets is a CLI utility to sync 1Password secrets (env files). It enables:\n\n- Seamless sharing of _local_ secrets used for development.\n  Developers starting out in a project can just use this tool to retrieve the `.env` file needed for\n  local development.\n  Likewise it is also simple to push any local changes to the 1password vault.\n\n- More secure and simpler method of managing Fly.io secrets.\n  By default, Fly secrets must be managed by `flyctl`. This means that when setting secrets in\n  production, developers must use `flyctl` to pass credentials via arguments - risking credentials\n  being stored in their histories. Alternatively, one must write secrets in a file and run\n  `flyctl secrets import`. This works well, but you must ensure everything is synced to a\n  secret/password manager and then delete the file.\n  1password-secrets enables a leaner management of secrets via 1password. When passing a fly app name, it\n  automatically finds and imports secrets on 1password to Fly. This way you ensure\n  developers always keep secrets up-to-date and never in any files on disk.\n\nMotivation: Using 1password avoids the need for another external secret management tool and keeps\nthe access control in a centralised place that we already use.\n\n## Getting started\n\n### Requirements\n\n- Have the following dependencies: 1Password, Python and optionally fly.  \n  Install them with one command:  \n  ```sh\n  brew install --cask 1password 1password-cli \u0026\u0026 \\\n  brew install flyctl\n  ```\n  \n  Minimum supported versions:  \n  1Password \u003e= `8.9.13`  \n  1Password CLI \u003e= `2.13.1`  \n  Python \u003e= `3.10`  \n  flyctl \u003e= `0.0.451` (optional)  \n\n  More information and installation instructions for other systems can be found\n  [in the 1password documentation](https://developer.1password.com/docs/cli/get-started/).\n\n- Allow 1Password to connect to 1Password-CLI by going to 1Password's `Settings` -\u003e `Developer` -\u003e\n  `Command-Line Interface (CLI)` and select `Integrate with 1Password CLI`.\n\n- Sign into your 1Password desktop and if you wish to use the fly integration, also make sure\n  the CLI is authenticated.\n\n### Installation\n\nIn order to keep your system tidy and without conflicts in your global and user packages,\nwe recommend [pipx](https://github.com/pypa/pipx?tab=readme-ov-file):\n\n```\npipx install 1password-secrets\n```\n\nThis should do the trick for all systems.\nAdapt the installation command to fit your preferred tool.\n\nUse `pipx upgrade 1password-secrets` to update to the latest release.\n\n## Usage\n\n### Local\n\n1password-secrets will allow you to `create`, `pull` and `push` secrets to a 1password secure note\nwith `repo:\u003cowner\u003e/\u003crepo\u003e` or `local:\u003cdir-basename\u003e` in its name. `repo` is used when within a valid\ngit repository with remote \"origin\" set.\n\nThe remote name can be changed with the `--remote` switch if you use a different remote\n(e.g. `upstream`)\n\nBy default it syncs to `./.env` file, this can be overridden with a `file_name` field in 1password\ncontaining the desired relative file path.\n\nBy default it searches items across 1password vaults. Restrict the search to a single vault with the\n`--vault` switch.\n\n- To bootstrap a 1Password secret matching the current repo/directory, run:\n  `1password-secrets local create ./env`  \n  Where `./env` is an existing file you want to use.\n\n- To get secrets from 1Password, run:\n  `1password-secrets local pull`\n\n- To push the local changes to 1Password, run:\n  `1password-secrets local push`\n\n### Fly\n\nMake sure you have a Secure Note in 1Password by having `fly:\u003cfly-app-name\u003e` in the title. `fly-app-name`\nis the name of your fly application.\n\nAs with `Local` secrets above, you can specify a single 1Password vault by name or id with the\n`--vault` option.\n\n- To import secrets to fly, run:\n  `1password-secrets fly import \u003cfly-app-name\u003e`\n\n- Secrets can be edited directly on the 1Password app or by using the command:\n  `1password-secrets fly edit \u003cfly-app-name\u003e`\n\n## Development\n\n- Ensure you have `make` installed.\n- Create a virtual environment: `make setup-venv`.\n- Activate the virtual environment: `source ./venv/bin/activate`.\n- Install dependencies: `make install-deps`.\n\nThen you can install (link) the repo globally with `make local-install`.\n\nBefore pushing any changes ensure your code is properly formatted with `make lint`.\nAuto format the code with `make format`\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsignifica%2F1password-secrets","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsignifica%2F1password-secrets","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsignifica%2F1password-secrets/lists"}