Teams and Businesses

Deploy a 1Password Connect server on Kubernetes

Learn how to deploy a 1Password Connect server on Kubernetes, so you can automate system-to-system secret management in your infrastructure.

With a Secrets Automation workflow, you can securely access your 1Password items and vaults in your company’s apps and cloud infrastructure using a private REST API provided by a 1Password Connect server.

You can set up Secrets Automation if you’re an owner, administrator, or part of a group with permission to manage Secrets Automation.

Before you get started, you’ll need a deployment environment with Docker or Kubernetes to deploy the Connect server.

Step 1: Set up a Secrets Automation workflow

To get started, set up a Secrets Automation workflow and get your Connect server credentials and first access token. Click Get Started, sign in to your 1Password account, and follow the onscreen instructions.

Get Started

After you complete the setup process, you’ll see:

  • Your 1password-credentials.json file. It contains the credentials you’ll need to deploy the Connect server.
  • An access token. You’ll use this in your applications or services to authenticate with the REST API. You can issue additional tokens later.

Step 2: Deploy a 1Password Connect server

  1. Get the latest Helm release.

  2. Install the Helm charts for 1Password Connect:

     helm repo add 1password https://1password.github.io/connect-helm-charts/
    
  3. Install the Helm package for 1Password Connect and create a Kubernetes secret containing your 1password-credentials.json file. In the same directory as the file:

     helm install connect 1password/connect --set-file connect.credentials=1password-credentials.json
    

    Helm will install and deploy 1Password Connect in your default namespace.

Step 3: Set up applications and services to get information from 1Password

Applications and services get information from 1Password through REST API requests to a Connect server. The requests are authenticated with an access token. Create a new token for each application or service you use.

If your language or platform isn’t listed, you can build your own client using the 1Password Connect REST API.

Appendix: Manage Secrets Automation managers

To grant permission to a group to manage Secrets Automation:

  1. Sign in to your account on 1Password.com and click Integrations in the sidebar.
  2. Click the Permissions tab and choose Secrets Automation.
  3. Click Manage and select the groups who can manage Secrets Automation, and click Update.

Appendix: Issue additional access tokens

Issue a new access token for each application or service:

  1. Sign in to your account on 1Password.com and click Integrations in the sidebar.
  2. Choose the Secrets Automation environment you want to issue a token for.
  3. Click New Token and follow the onscreen instructions.

Get help

To change the vaults a token has access to, issue a new token.

To get help and share feedback, join the discussion with the 1Password Support Community.

Learn more

Published: