FEAT(ws): load env variables using bash script uing 1password cli #314
Labels
feat
New feature or request
Comments
|
Requires Go to your GitHub repository. create GH action file ci.yml name: CI/CD Pipeline with 1Password Secrets
on:
push:
branches:
- main
jobs:
build:
runs-on: ubuntu-latest
steps:
# Step 1: Checkout the repository
- name: Checkout repository
uses: actions/checkout@v3
# Step 2: Install the 1Password CLI
- name: Install 1Password CLI
run: |
curl -sS https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-latest.tar.gz | tar -xz -C /usr/local/bin/
chmod +x /usr/local/bin/op
# Step 3: Sign in to 1Password
- name: Sign in to 1Password
env:
OP_SIGNIN_DOMAIN: ${{ secrets.OP_SIGNIN_DOMAIN }}
OP_EMAIL: ${{ secrets.OP_EMAIL }}
OP_SECRET_KEY: ${{ secrets.OP_SECRET_KEY }}
OP_MASTER_PASSWORD: ${{ secrets.OP_MASTER_PASSWORD }}
run: |
eval $(echo $OP_MASTER_PASSWORD | op signin $OP_SIGNIN_DOMAIN $OP_EMAIL $OP_SECRET_KEY --raw)
# Step 4: Retrieve secrets from 1Password and export them
- name: Retrieve and export secrets
run: |
export API_KEY=$(op item get "My-API-Key" --field "apiKey")
export DB_USER=$(op item get "My-Database-Credentials" --field "username")
export DB_PASSWORD=$(op item get "My-Database-Credentials" --field "password")
shell: bash
# Step 5: Use secrets in the build process
- name: Build and test with secrets
run: |
echo "Using API_KEY: $API_KEY"
echo "Using DB_USER: $DB_USER"
# Run your build or test commands here, e.g., using the secrets
# python myapp.py --db-user=$DB_USER --db-password=$DB_PASSWORD
shell: bash |
cat create_db_ini.sh
#!/usr/bin/env bash
# Retrieve credentials from 1Password using `op`
DB_HOST=$(op item get "PG_DB_ITEM" --field "host")
DB_NAME=$(op item get "PG_DB_ITEM" --field "pg_db_name")
DB_USER=$(op item get "PG_DB_ITEM" --field "db_user")
DB_PASSWORD=$(op item get "PG_DB_ITEM" --field "db_password")
# Create the `database.ini` file with the content
cat <<EOF > database.ini
[postgresql]
host=$DB_HOST
database=$DB_NAME
user=$DB_USER
password=$DB_PASSWORD
EOF
|
|
Usage source ./create_env_file.sh cat create_env_file.sh
#!/usr/bin/env bash
# Retrieve credentials from 1Password using `op`
ACCESS_KEY=$(op item get "ENV_FILE_ITEM" --field "AWS_ACCESS_KEY_ID")
SECRET_ACCESS_KEY=$(op item get "ENV_FILE_ITEM" --field "AWS_SECRET_ACCESS_KEY")
DB_PW=$(op item get "ENV_FILE_ITEM" --field "POSTGRES_PASSWORD")
DB_NAME=$(op item get "ENV_FILE_ITEM" --field "DB_NAME")
DB_USER=$(op item get "ENV_FILE_ITEM" --field "DB_USER")
SRC_EMAIL=$(op item get "ENV_FILE_ITEM" --field "SRC_EMAIL")
DEST_EMAIL=$(op item get "ENV_FILE_ITEM" --field "DEST_EMAIL")
SENDGRID_API_KEY=$(op item get "ENV_FILE_ITEM" --field "SENDGRID_API_KEY")
S3_BACKUP_BUCKET=$(op item get "ENV_FILE_ITEM" --field "S3_BACKUP_BUCKET")
RELEASE_VERSION=$(op item get "ENV_FILE_ITEM" --field "RELEASE_VERSION")
export S3_BACKUP_BUCKET=$S3_BACKUP_BUCKET
export AWS_ACCESS_KEY_ID=$ACCESS_KEY
export AWS_SECRET_ACCESS_KEY=$SECRET_ACCESS_KEY
export RELEASE_VERSION=$RELEASE_VERSION
export SENDGRID_API_KEY=$SENDGRID_API_KEY
# Create the `.env.prod` file with the content
cat <<EOF > .env.prod
AWS_ACCESS_KEY_ID=$ACCESS_KEY
AWS_SECRET_ACCESS_KEY=$SECRET_ACCESS_KEY
SRC_EMAIL=$SRC_EMAIL
DEST_EMAIL=$DEST_EMAIL
SENDGRID_API_KEY=$SENDGRID_API_KEY
DB_NAME=$DB_NAME
DB_USER=$DB_USER
POSTGRES_PASSWORD=$DB_PW
EOF
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
TODO add op cli post deploy install as script
The text was updated successfully, but these errors were encountered: