morning - anyone used pulumi_onepassword provider. It is giving me the run around on passing crede...

blue-spoon-32355

01/15/2025, 11:01 PM

morning - anyone used pulumi_onepassword provider. It is giving me the run around on passing credentials to it. the documentation is lacking and LLMs including pulumi's arent getting it right

modern-zebra-45309

01/16/2025, 8:41 AM

Can you show a minimal code example that illustrates your problem?

blue-spoon-32355

01/16/2025, 10:02 PM

Copy code

import pulumi
import pulumi_aws as aws
import pulumi_onepassword as onepassword

# 1. Configure the 1Password Provider
provider_args = pulumi.ProviderResourceArgs.create(
    onepassword=onepassword.ProviderArgs(
        service_account_token=pulumi.get_secret("op_service_account_token"), 
    )
)

# 2. Fetch the Secret from 1Password
my_secret = onepassword.get_item(
    "my_secret",
    args=onepassword.GetItemArgs(
        vault="my_vault",
        uuid="my_secret_uuid",  # Replace with the actual UUID of your 1Password secret
    ),
    opts=pulumi.ResourceOptions(providers={"onepassword": provider_args}),
)

# 3. Use the Secret to Create an AWS Resource
# Example: Create an AWS IAM User with a programmatically generated password
iam_user = aws.iam.User("my_user")

iam_user_login_profile = aws.iam.UserLoginProfile(
    "my_user_login_profile",
    user=iam_user.name,
    password=my_secret.fields["password"].apply(lambda secret: secret), 
)

# 4. Output the IAM User's ARN
pulumi.export("iam_user_arn", iam_user.arn)

blue-spoon-32355

01/16/2025, 10:03 PM

this was generated from good ol gemini but it has lots of mistakes

modern-zebra-45309

01/17/2025, 10:52 AM

Yes, that's not correct, I don't think it even instantiates a provider. Have a look at https://www.pulumi.com/registry/packages/onepassword/api-docs/provider/ and https://www.pulumi.com/registry/packages/onepassword/installation-configuration/.

modern-zebra-45309

01/17/2025, 10:55 AM

I suggest you start by providing the token as an environment variable

OP_SERVICE_ACCOUNT_TOKEN

, figure out the 1Password request, and worry about how to manage/persist the 1Password credentials later

Open in Slack

Previous Next

Pulumi Community

No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.