You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
For people in non-cloud native infrastructures, it would be really helpful to provide the connect-server as compiled binaries or even as packages (rpm/deb).
Also system service files in the examples would be nice.
I had to put in some trial and error to get this running, but it's totally possible and I think the simplicity of SystemD is sometimes better than the docker/k8s/ecs configuration for smaller environments.
Note
The cli binaries can be extracted from the docker images like so:
# /etc/systemd/system/connect-api.service[Unit]Description=1Password Connect Server API
Documentation=https://github.com/1Password/connect/blob/main/docs/configuration.md
Wants=network-online.target
After=network-online.target
# Depends on connect-sync to create the database first.Wants=connect-sync.service
After=connect-sync.service
[Service]User=opuser
Group=opuser
Environment=OP_HTTP_PORT=8080
Environment=OP_BUS_PORT=10000
Environment=OP_BUS_PEERS=localhost:10001
ExecStart=/usr/local/bin/connect-api
[Install]WantedBy=multi-user.target
Files can be copied into /etc/systemd/system/ and then started
Of course we also need to create the same connect-server in the web-ui
or via the 1password-cli to get the credentials.json
And the file needs to be placed in the created service directory, similar to the other deployments.
I also noticed that the currently compiled binaries are build using go1.20.6,
which is about 7 months old and will be EOL once go1.22 releases - I expect that to be soon.
I think going for #37 is a bit too much, since we can still inspect the image and find the versions by other means,
but it would be much appreciated if this information is not "hidden", but shown clearly. Maybe even a warning is appropriate here.
When building Connect we've taken a great deal in care in making sure to provide you with the same level of security that you have come to expect with 1Password.
For people in non-cloud native infrastructures, it would be really helpful to provide the connect-server as compiled binaries or even as packages (rpm/deb).
Also system service files in the examples would be nice.
I had to put in some trial and error to get this running, but it's totally possible and I think the simplicity of SystemD is sometimes better than the docker/k8s/ecs configuration for smaller environments.
Note
The cli binaries can be extracted from the docker images like so:
Note
The way one might deploy varies, I created a dedicated user, similar to what is done in the docker image:
# binaries are simply copied into /usr/local/bin adduser --system --home /srv/connect-server opuser mkdir -p /srv/connect-server/.op/data chown -R opuser: /srv/connect-server chmod -R 700 /srv/connect-server/.op
Now all that is missing are the service files:
Files can be copied into
/etc/systemd/system/
and then startedImportant
Of course we also need to create the same connect-server in the web-ui
or via the 1password-cli to get the
credentials.json
And the file needs to be placed in the created service directory, similar to the other deployments.
I also noticed that the currently compiled binaries are build using
go1.20.6
,which is about 7 months old and will be EOL once
go1.22
releases - I expect that to be soon.I think going for #37 is a bit too much, since we can still inspect the image and find the versions by other means,
but it would be much appreciated if this information is not "hidden", but shown clearly. Maybe even a warning is appropriate here.
I mean, the docker image on docker-hub is 6 months old now, which does not convey "we take security seriously".
The text was updated successfully, but these errors were encountered: