Bootstrapping 1Password Connect

When installing a new environment, one of the steps is to synchronize secrets for that environment. However, when 1Password is used as the source for static secrets, this requires a running 1Password Connect server and a token to connect to that server. Bootstrapping an environment with this property therefore a different process to break this cycle.

The recommended process of bootstrapping this type of environment is:

  1. In environment/values-environment.yaml, enable only the minimum required applications plus onepassword-connect. Leave everything else disabled to start.

  2. Follow the normal secrets setup for the environment using a YAML file for static secrets. Fill in the onepassword-connect secret with the base64-encoded credentials file obtained from Add a new 1Password Connect server.

  3. Install the environment using the normal instructions.

  4. Now that you have a running 1Password Connect server, take the secrets from your static secrets YAML file and populate your 1Password vault with those secrets.

  5. Set the OP_CONNECT_TOKEN environment variable to the token for this environment and sync secrets again using 1Password.

  6. Now, enable the rest of the applications you want to run in this environment and finish secrets setup and installation.