Skip to main content

Safely fetch secrets from 1Password defined in steno outlines.

Project description

Plover 1Password

Build Status PyPI - Version PyPI - Downloads linting: pylint

This Plover extension plugin contains a meta that allows you to retrieve secrets defined in your 1Password vaults.

Install

Pre-Plover Plugin Registry inclusion (Current)

git clone git@github.com:paulfioravanti/plover-1password.git
cd plover-1password
plover --script plover_plugins install --editable .

Where plover in the command is a reference to your locally installed version of Plover. See the Invoke Plover from the command line page for details on how to create that reference.

Then:

  1. When it finishes installing, restart Plover
  2. Complete the Setup steps
  3. Open the Plover Configuration screen (either click the Configuration icon, or from the main Plover application menu, select Preferences...)
  4. Open the Plugins tab
  5. Check the box next to plover_1password to activate the plugin

Post-Plover Plugin Registry inclusion (Future)

  1. In the Plover application, open the Plugins Manager (either click the Plugins Manager icon, or from the Tools menu, select Plugins Manager).
  2. From the list of plugins, find plover-1password
  3. Click "Install/Update"
  4. When it finishes installing, restart Plover
  5. Complete the Setup steps
  6. After re-opening Plover, open the Configuration screen (either click the Configuration icon, or from the main Plover application menu, select Preferences...)
  7. Open the Plugins tab
  8. Check the box next to plover_1password to activate the plugin

Setup

Setting up 1Password to allow this plugin to make connections is a bit of an involved process, but you will only have to do it once.

Create a new Vault

Since 1Password does not allow third-party applications to access your Private or Personal vaults, you will need to put secrets you intend to access from Plover into a separate vault. Therefore, either create a new vault specifically for Plover to access, or use another existing non-Private/Personal vault you have.

Individual secrets cannot be shared across vaults, so if you have information in your Personal vault you want Plover to access, you will need to move or copy items from your Personal vault to the vault that Plover will access.

Create a Service Account Token

Follow the steps to create a Service Account, which will enable Plover to talk to 1Password.

This plugin only needs to retrieve secrets from 1Password, so when you get to the "Grant vault access" section of the Service Account creation process, after choosing the vault that Plover will access, set its access permissions to "Read Items" only.

Once the Service Account Token has been generated (and you save it to one of your vaults), you will need to copy the token into a local environment variable called $OP_SERVICE_ACCOUNT_TOKEN, as per the requirements of the 1Password Python SDK, which this plugin uses to connect with 1Password:

macOS or Linux

export OP_SERVICE_ACCOUNT_TOKEN=<your-service-account-token>

Windows

$Env:OP_SERVICE_ACCOUNT_TOKEN = "<your-service-account-token>"

Manually install 1Password Python SDK

The 1Password Python SDK is not currently available on PyPI, which means you will need to install it manually directly via URL with the following Python pip command in order for the plugin to work properly:

python -m pip install git+ssh://git@github.com/1Password/onepassword-sdk-python.git@v0.1.1

Unfortunately, PyPi does not allow direct URL dependencies in projects, so in order to get this plugin on to PyPI, the SDK could not be listed as an install_requires library (eg onepassword @ git+ssh://git@github.com/1Password/onepassword-sdk-python.git@v0.1.1, meaning a manual installation process instead of the plugin automatically doing it for you.

Install 1Password CLI and turn on desktop app integration

Follow all the steps to Get started with 1Password CLI to install the 1Password Command-line tool, and turn on its 1Password app integration.

Once you have completed this step, a new Copy Secret Reference option will become available to you in the v dropdown menu, next to the Copy button, at the end of each field in your document item. It is these secret references, which can be thought of as references or pointers to where a secret is saved, rather than the value of the secret itself, that will be used directly in steno outline translations. They have the following format:

op://<vault-name>/<item-name>/[section-name/]<field-name>

[!NOTE] Secret references adhere to the following set of syntax rules:

  • alphanumeric characters (a-z, A-Z, 0-9)
  • -, _, . and the whitespace character

Therefore, make sure your vault, item, section, and field names adhere to these rules and do not contain any other types of characters.

How To Use

In your steno outline translations, use the secret references provided by 1Password to specify the secret you wish to retrieve.

For example, the following outline would retrieve the "Mobile" secret defined in a "Plover" vault, within a "Personal" item, under a "Phone" section:

"TPOEPB/TPOEPB": "{:1PASSWORD:op://Plover/Personal/Phone/Mobile}"

[!NOTE] Service account tokens are subject to rate limits by 1Password, but they should be more than enough for normal usage of this plugin.

Development

Clone from GitHub with git:

git clone git@github.com:paulfioravanti/plover-1password.git
cd plover-1password

If you are a Tmuxinator user, you may find my plover-1password project file of reference.

Python Version

Plover's Python environment currently uses version 3.9 (see Plover's workflow_context.yml to confirm the current version).

So, in order to avoid unexpected issues, use your runtime version manager to make sure your local development environment also uses Python 3.9.x.

Testing

Currently, the only parts able to be tested are ones that do not rely directly on Plover.

Run tests, coverage, and linting with the following commands:

pytest --cov --cov-report=term-missing
pylint plover_1password
mypy plover_1password

To get a HTML test coverage report:

coverage run --module pytest
coverage html
open htmlcov/index.html

If you are a just user, you may find the justfile useful during development in running multiple test commands. You can run the following command from the project root directory:

just --working-directory . --justfile test/justfile

Deploying Changes

After making any code changes, deploy the plugin into Plover with the following command:

plover --script plover_plugins install --editable .

Where plover in the command is a reference to your locally installed version of Plover. See the Invoke Plover from the command line page for details on how to create that reference.

When necessary, the plugin can be uninstalled via the command line with the following command:

plover --script plover_plugins uninstall plover-1password

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

plover_1password-0.1.4.tar.gz (23.7 kB view details)

Uploaded Source

Built Distribution

plover_1password-0.1.4-py3-none-any.whl (22.2 kB view details)

Uploaded Python 3

File details

Details for the file plover_1password-0.1.4.tar.gz.

File metadata

  • Download URL: plover_1password-0.1.4.tar.gz
  • Upload date:
  • Size: 23.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/5.1.0 CPython/3.12.5

File hashes

Hashes for plover_1password-0.1.4.tar.gz
Algorithm Hash digest
SHA256 9ce820a7a64f542d54efd69169f6beaf0b65b392be8f6119f4f16fd4e474d99f
MD5 1bf840c5f4752ec488c2d3c64996ef84
BLAKE2b-256 6ef353f462ea4a78c96838625167ee74cdbb3e1db6fe5095277735f46d60dac8

See more details on using hashes here.

File details

Details for the file plover_1password-0.1.4-py3-none-any.whl.

File metadata

File hashes

Hashes for plover_1password-0.1.4-py3-none-any.whl
Algorithm Hash digest
SHA256 b47173f740e2211a80c805f9aeac29b05cd5413bcd45182a0d10652671101541
MD5 b1103f8b90004983af2fd4e702511135
BLAKE2b-256 a195aab28b33a408c173f49da0ebb980fef1160a81b5ae3bb8a1b4280fc0ddab

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page