Bootstrapping 1Password Connect#
When installing a new environment, one of the steps is to synchronize secrets for that environment. However, when 1Password is used as the source for static secrets, this requires a running 1Password Connect server and a token to connect to that server. Bootstrapping an environment with this property therefore a different process to break this cycle.
The recommended process of bootstrapping this type of environment is:
environment/values-environment.yaml, enable only the minimum required applications plus
onepassword-connect. Leave everything else disabled to start.
Follow the normal secrets setup for the environment using a YAML file for static secrets. Fill in the
onepassword-connectsecret with the base64-encoded credentials file obtained from Add a new 1Password Connect server.
Install the environment using the normal instructions.
Now that you have a running 1Password Connect server, take the secrets from your static secrets YAML file and populate your 1Password vault with those secrets.
OP_CONNECT_TOKENenvironment variable to the token for this environment and sync secrets again using 1Password.