Erich Blume
4ccb7b9a26
## Summary - Quartz's "shortest" path mode resolves wiki-links by **filename**, not frontmatter title - Previous PR used title-based links like `[[Grafana Alloy]]` which looked for non-existent `Grafana-Alloy.md` - Now using filename-based links like `[[alloy|Grafana Alloy]]` which correctly resolve ## Changes - Rename zk duplicate files with `-log` suffix (e.g., `argocd.md` → `argocd-log.md`) - Rename `reference/storage/postgresql.md` to `postgresql-storage.md` - Convert all 175 wiki-links from `[[Title]]` to `[[filename|Title]]` format - Rename `doc-card-titles` task to `doc-filenames` (checks filename uniqueness, not titles) - Update pre-commit hook for renamed task ## Deployment and Testing - [x] Pre-commit hooks pass - [x] `mise run doc-filenames` shows no duplicate filenames - [ ] Verify wiki-links work correctly in Quartz build 🤖 Generated with [Claude Code](https://claude.com/claude-code) Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/90
40 lines
712 B
Markdown
40 lines
712 B
Markdown
---
|
|
title: 1Password
|
|
tags:
|
|
- service
|
|
- secrets
|
|
---
|
|
|
|
# 1Password
|
|
|
|
Root credential store for all BlumeOps secrets, synced to Kubernetes via External Secrets Operator.
|
|
|
|
## Architecture
|
|
|
|
```
|
|
1Password Cloud
|
|
|
|
|
v
|
|
1Password Connect (namespace: 1password)
|
|
|
|
|
v
|
|
External Secrets Operator (namespace: external-secrets)
|
|
|
|
|
v
|
|
Native Kubernetes Secrets
|
|
```
|
|
|
|
## Vault
|
|
|
|
The `blumeops` vault contains all infrastructure credentials.
|
|
|
|
## Kubernetes Integration
|
|
|
|
**ClusterSecretStore:** `onepassword-blumeops`
|
|
|
|
Services reference 1Password items via `ExternalSecret` manifests.
|
|
|
|
## Related
|
|
|
|
- [[argocd|ArgoCD]] - Uses secrets for git access
|
|
- [[postgresql|PostgreSQL]] - Database credentials
|