A way to create vaults
demon opened this issue · 11 comments
Is there any way we can expose this to the user? There isn't currently any mechanism to automate vault creation, short of scripting something around op vault. Exposing this in the SDK would be a game changer for automation.
Hi @demon, thank you for your feedback! Can you describe your use-case around creating vaults and why this would be a game changer for automation?
At $DAYJOB, we are using the 1Password Connect Server alongside external-secrets. We currently have a mapping of 1 vault -> 1 k8s cluster. We automate all of this using Pulumi & Flux -- the notable exception being the creation of vaults (& connect servers).
I've got Pulumi shelling out to op which...works...but isn't very elegant. If we had vault creation (& deletion) available to us in the Python SDK, we could write a package around it to properly manage the resources.
Thanks for your feedback @demon and explaining your use-case in more depth. We are currently in the process of prioritizing vault CRUD in our roadmap for this year, so please keep an eye out for that! Can you describe your current automation process and how you would like to implement the creation of vaults and Connect servers?
Just to add to this. It's absolutely imperative for us to be able to programmatically create Vaults. We're an MSP and would like to use 1Password to store a Vault per customer but we've got 1000+ supported customers.
Hi @simonbaker-tio,
Thank you for sharing your feedback and for your interest from the MSP perspective. We’d love to dive deeper into your specific use case as we may already have tools that could support you. Please reach out to us at dev-products@agilebits.com, and we’ll ensure you’re connected with the right team at 1Password.
Looking forward to hearing from you!
Is there any way we can expose this to the user? There isn't currently any mechanism to automate vault creation, short of scripting something around
op vault. Exposing this in the SDK would be a game changer for automation.
Hi @sadiaazmal, any updates regarding this enhancement?
We'd love to be able to programmatically create Vaults and manage them (specifically the "Update vault access & permissions" functionality would be a game changer instead of using share-links for each secret) via the SDK.
Thank you!
Thank you for reaching out and sharing your feedback on programmatically creating and managing vaults, including updating vault access and permissions. We recognize how impactful this functionality would be, and it’s something we’re actively considering as we balance priorities across our roadmap.
To better understand your needs, could you share more details about your specific use case and the value this feature would provide? Additionally, do you have a preferred authentication method for managing vaults and permissions? Your insights will help us shape the feature to meet your needs effectively.
Hi @sadiaazmal,
Ideally we would like to integrate 1Password's Python SDK with our application's backend to achieve the following:
- Use a Service Account with enough permissions to create and manage new vaults
- Once a user logs in a new Vault is generated for them.
- Not possible from the SDK but possible from the CLI.
- New secrets are generated for the user.
- Unfortunately not in a new Vault at the moment, but in a predefined Vault as the Service Account can't use the SDK to achieve this.
- The user gets access to the vault and its secrets.
- Not to the entire Vault, as it is the predefined one at the moment and not a user-specific Vault, but only to the specific secrets. We are currently sharing a share-link for the secrets with the users.
All of these operations are possible from the CLI (op vault ...), but using it from a programatic environment sets a bad precedent and is prone to input sanitization issues.
Thank you!
@MarioBartolome Thank you for providing more details about your use case, this insight is invaluable as we shape our 2025 roadmap. We'll keep your input in mind as we refine our plans, please let me know if you have any additional thoughts or requirements.
+1 for sdk-accessible vault creation. It would greatly assist us in onboarding users quickly and without manual intervention.
+1 This would be a great feature for my use case where I want a single service account to be able to create other vaults and then have access to manage all items in the vaults it creates