OpsDev.nz helpers for resolving 1Password secrets with Service Account + CLI fallback.
Project description
op-opsdevnz
Python package for resolving 1Password op:// secrets across CI service accounts and developer workstations, plus a CLI fallback that depends on the authenticated 1Password CLI binary. Keeps OctoDNS and other automation workflows secret-free. Packaged for reuse by OpsDev.nz, a platform engineering collective sponsored by StartMeUp.nz.
Features
- Resolve
op://references via the official Service Account SDK with optional CLI fallback for local workflows. - Rich error handling plus an API that can return the secret value and which resolver was used.
- Environment override helpers for CI sandboxes/tests.
- OctoDNS hook (
opsdevnz.octodns_hooks.resolve) for the Metaname provider. - Small CLI (
op-opsdevnz resolve …) that mirrors theresolve_secret()helper so shell scripts match the Python API semantics.
Installation
# editable install while developing locally
pip install -e modules/op_opsdevnz
# latest release from PyPI
pip install op-opsdevnz
# or install straight from GitHub if you need main branch changes
pip install git+https://github.com/startmeup-nz/op-opsdevnz.git
Usage
from opsdevnz.onepassword import resolve_secret
result = resolve_secret(
secret_ref_env="METANAME_API_TOKEN_REF",
env_override="METANAME_API_TOKEN",
)
print(result.value, result.source) # -> ('***', 'sdk' | 'cli' | 'env')
CLI equivalent:
op-opsdevnz resolve --ref "op://Vault/Item/Field" --show-source
op-opsdevnz resolve --ref-env METANAME_API_TOKEN_REF --env-override METANAME_API_TOKEN
OctoDNS Hook
Set the resolver environment variable so the OctoDNS Metaname provider can load the helper automatically:
export OCTODNS_METANAME_SECRET_RESOLVER="op_opsdevnz.octodns_hooks:resolve"
Development
python -m venv .venv && source .venv/bin/activate
pip install -e .[dev]
make check
See CONTRIBUTING.md for the full workflow and RELEASING.md for publishing instructions.
License
Apache-2.0 © OpsDev.nz
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file op_opsdevnz-0.1.4.tar.gz.
File metadata
- Download URL: op_opsdevnz-0.1.4.tar.gz
- Upload date:
- Size: 11.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
233d41b356b49b94e520115dad1880a5d9cc43a89e65f3c9febf8d9c04601d7a
|
|
| MD5 |
294df129689144eaee02c59637c06fc4
|
|
| BLAKE2b-256 |
9fd84150976d7b86b91c1f7a6a9cb2ca2f2431e66c9c8454719ce9df1f4171ba
|
File details
Details for the file op_opsdevnz-0.1.4-py3-none-any.whl.
File metadata
- Download URL: op_opsdevnz-0.1.4-py3-none-any.whl
- Upload date:
- Size: 13.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
06c8072252f9ef3764b7bc59ebcafa6598495e2d602eb2a087ea7f7107d3dead
|
|
| MD5 |
176512373220739cd40a9d3994a2eff6
|
|
| BLAKE2b-256 |
11259d9d721eb9a2c5aba5224b9e3a4da8b5658c0f6b72ac28c8ec9e9e9f62ab
|
