1- name : " credential retrieval "
2- description : " Retrieve the credentials from password manager"
1+ name : " Credential Retrieval "
2+ description : " Retrieve credentials from a password manager"
33
44inputs :
5- load-all :
6- description : " Loads all the credentials in 1Password vault"
5+ mode :
6+ description : |
7+ Mode to use the credential retrieval library:
8+ - alltoenv: Loads all credentials in the 1Password vault and sets them as MASKED GitHub environment variables.
9+ - alltofile: Loads all credentials in the 1Password vault and stores them in a specified file.
10+ Options:
11+ - secret-filepath
12+ - file-format
713required : false
8- type : boolean
9- default : true
14+ type : choice
15+ default : " alltoenv"
16+ options :
17+ - alltoenv
18+ - alltofile
19+
20+ secret-filepath :
21+ description : |
22+ Specifies the filepath where secrets will be downloaded.
23+ Secrets will be appended to the end of the file.
24+ required : false
25+ type : string
26+ default : " .env"
27+
28+ file-format :
29+ description : |
30+ Specifies the format of the configuration file.
31+ - env: Uses the format VARNAME=VARVALUE
32+ required : false
33+ type : choice
34+ default : " env"
35+ options :
36+ - env
37+
38+ # OP values
1039 op-token :
11- description : " 1Password token of the service account"
40+ description : " 1Password token for the service account"
1241 required : true
1342 type : string
43+
1444 op-vault :
15- description : " 1Password vault to search all credentials"
45+ description : " 1Password vault to search for all credentials"
1646 required : true
1747 type : string
1848
@@ -23,14 +53,23 @@ runs:
2353 uses : 1password/install-cli-action@v1
2454 with :
2555 version : latest-beta
26- - name : Download ALL vault secrets
27- if : ${{ inputs.load-all }}
56+
57+ - name : List All Items in the Vault
2858 env :
2959 OP_SERVICE_ACCOUNT_TOKEN : " ${{ inputs.op-token }}"
3060 shell : bash
3161 run : |
32- echo "Get a list with all the credential names"
62+ echo "Retrieving a list of all credential names in the vault ${{ inputs.op-vault }} "
3363 op item list --vault ${{ inputs.op-vault }} --categories 'API Credential' --format json > op_list.json
64+
65+ name : " Download All Vault Secrets and Set Them as envvars"
66+ if : ${{ inputs.mode == 'alltoenv' }}
67+ env :
68+ OP_SERVICE_ACCOUNT_TOKEN : " ${{ inputs.op-token }}"
69+ shell : bash
70+ run : |
71+ # Download ALL vault secrets and SET THEM AS VARS
72+ # Extracts number of items
3473 if [[ -f op_list.json ]];then
3574 number_entries=$(jq length op_list.json)
3675 fi
3978 item_name=$(jq -r ".[$i].title" op_list.json)
4079 item_credential=$(op read "op://${{ inputs.op-vault }}/${item_name}/credential")
4180 echo "::add-mask::$item_credential"
42- echo ${item_name}=${item_credential} >> $GITHUB_ENV
81+ echo " ${item_name}=${item_credential}" >> $GITHUB_ENV
4382 done
83+ rm op_list.json
4484
85+ name : " Download All Vault Secrets and Store Them in File ${{ inputs.secret-filepath }}"
86+ if : ${{ inputs.mode == 'alltofile' }}
87+ env :
88+ OP_SERVICE_ACCOUNT_TOKEN : " ${{ inputs.op-token }}"
89+ shell : bash
90+ run : |
91+ # Download ALL vault secrets and STORE THEM IN FILE ${{ inputs.secret-filepath }}
92+ # Extracts number of items
93+ if [[ -f op_list.json ]];then
94+ number_entries=$(jq length op_list.json)
95+ fi
96+ for ((i=0; i<number_entries; i++)); do
97+ item_name=$(jq -r ".[$i].title" op_list.json)
98+ item_credential=$(op read "op://${{ inputs.op-vault }}/${item_name}/credential")
99+ case "${{ inputs.file-format }}" in
100+ "env")
101+ echo "${item_name}=${item_credential}" >> "${{ inputs.secret-filepath }}"
102+ ;;
103+ *)
104+ echo "Unsupported output format: ${{ inputs.file-format }}"
105+ exit 1
106+ ;;
107+ esac
108+ done
45109 rm op_list.json
0 commit comments