external-secrets icon indicating copy to clipboard operation
external-secrets copied to clipboard
verified publisher icon external-secrets

Allow formatting of SSH keys from 1password

Open bdsoha opened this issue 1 year ago • 1 comments

Summary

The current implementation does not allow retrieving SSH private keys in open-ssh format. When using the CLI and the read subcommand, I can provide ?ssh-format=openssh to the end of the path to return the key in open-ssh format.

Proposed solution

Allowing query parameters to be appended to lookup keys, when using property

func (provider *ProviderOnePassword) getField(item *onepassword.Item, property string) ([]byte, error) {}
func (provider *ProviderOnePassword) getFields(item *onepassword.Item, property string) (map[string][]byte, error) {}

Example

Assuming the following config:

apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: airflow-connections
spec:
  # ...
  data:
    - secretKey: ssh_key
      remoteRef:
        key: ssh
        property: private key

The outputted key is as follows:

-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----

However, the expected value should be in openssh format:

-----BEGIN OPENSSH PRIVATE KEY-----
...
-----END OPENSSH PRIVATE KEY-----

bdsoha avatar Jul 25 '24 13:07 bdsoha

This is also related to:

  • https://github.com/1Password/terraform-provider-onepassword/issues/189
  • https://github.com/1Password/onepassword-operator/issues/172

bdsoha avatar Aug 12 '24 12:08 bdsoha