Object Relational Mapping for 1Password items, manage 1Password vaults with code.
Project description
1Password ORM
A robust Python ORM for managing 1Password secrets with elegance. This library provides a secure, type-safe interface for interacting with 1Password items using familiar ORM patterns.
🌟 Key Features
- 🔐 Type-safe field definitions with built-in validation
- 🔄 Automated password generation and management
- 🎯 Clean, Pythonic model-based structure
- 🔑 Comprehensive support for all 1Password item types
- 🚀 Easy CRUD operations with version tracking
- 🔒 Secure integration with 1Password Connect
- 📦 Kubernetes secrets generation
📦 Installation
pip install op-orm
🔧 Quick Start
- Set up environment variables:
export OP_CONNECT_TOKEN="your-1password-connect-token"
export OP_INTEGRATION_NAME="your-app-name"
- Define your models:
from op_orm.types import OpModelDatabase, StringField, PasswordField, UrlField
class PostgresDatabase(OpModelDatabase):
title = "production-postgres"
sections = ["connection", "auth"]
host = StringField(section_id="connection", value="db.example.com")
port = StringField(section_id="connection", value="5432")
database = StringField(section_id="connection", value="myapp")
username = StringField(section_id="auth", value="admin")
password = PasswordField(section_id="auth")
- Use your models:
# Create and save credentials
db = PostgresDatabase()
db.password.generate_password() # Generates secure random password
db.create()
# Update credentials
db.update_existing_fields({
"username": "new_admin",
"host": "new-db.example.com"
})
# Retrieve credentials
db.resolve_all() # Fetches latest values from 1Password
print(f"Connection string: postgresql://{db.username.value}@{db.host.value}")
🏗️ Model Types
The library provides specialized models for common credential types:
OpModelServer- Server credentialsOpModelDatabase- Database connectionsOpModelAPIKey- API credentialsOpModelLogin- Login credentialsOpModelSSHKey- SSH keysOpModelSecureNote- Secure notes- And more...
🔐 Field Types
Available field types for model attributes:
StringField- Text values (optionally concealed)PasswordField- Auto-generating password fieldsUrlField- URL fields with validation
🚀 Advanced Usage
Kubernetes Secret Generation
Generate Kubernetes secrets from your models:
from op_orm.deployment_generator import generate_deployment_files
# Generate YAML for k8s secrets
deployment = generate_deployment_files([PostgresDatabase])
with open("k8s-secrets.yaml", "w") as f:
f.write(deployment)
Custom Field Validation
Add custom validation to your fields:
class APICredentials(OpModelAPIKey):
api_key = StringField(section_id="api", concealed=True)
environment = StringField(section_id="api")
def validate(self):
if self.environment.value not in ["prod", "staging", "dev"]:
raise ValueError("Invalid environment")
Generate Kubernetes Secrets from OpModel
The generate_deployments command-line tool streamlines the integration between your Python OpModel classes and the 1Password Kubernetes Operator (connect). It automates the process of creating Kubernetes secret definitions by scanning your Python files for OpModel subclasses and converting them into the appropriate YAML format required by the 1Password k8s operator.
Usage
- Use
-pflag to preview the generated YAML in terminal - Use
-oflag followed by a filename to save the deployments - Simply point to your Python file containing OpModel definitions
This tool helps bridge the gap between your application's secrets management and the 1Password Kubernetes Operator, ensuring smooth deployment of your secrets in a Kubernetes environment.
usage: generate_deployments [-h] [-p] [-o OUTPUT] file_path
Collect OpModel subclasses from a Python file.
positional arguments:
file_path Path to the Python file.
options:
-h, --help show this help message and exit
-p, --print print to stdout
-o OUTPUT, --output OUTPUT
File to save the k8s secret deployments.
Example usage:
generate_deployments examples/example_models.py -p -o secrets.yaml
This will output the 1password k8s items in a single deployment file
🤝 Contributing
Contributions are welcome! Please feel free to submit a Pull Request.
📄 License
This project is licensed under the GPL3 License - see the LICENSE file for details.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file op_orm-0.1.0.tar.gz.
File metadata
- Download URL: op_orm-0.1.0.tar.gz
- Upload date:
- Size: 49.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.12.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
10917d3326f48062d87939b051ca14cbd0b0bc3b182d9b7cfe53f3c6af67010f
|
|
| MD5 |
2aca340982fb213ca3125b96be47f003
|
|
| BLAKE2b-256 |
dc5fcf2a9a924d6ce9e0728ba9b2d41066b54ae259c759c77699c082f7e3b651
|
File details
Details for the file op_orm-0.1.0-py3-none-any.whl.
File metadata
- Download URL: op_orm-0.1.0-py3-none-any.whl
- Upload date:
- Size: 36.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.12.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
1a565387920f100f27c549f9a4c8272b6bc37684f8391dcce0a2c271f894c4fe
|
|
| MD5 |
bafd82f7715ed9aabac9b4e22f03ae69
|
|
| BLAKE2b-256 |
8fa88b2d59c000efa5882621b256e01cd784a7d2f2b676b8deb098059c1d41fb
|
