Erich Blume
7983677da2
Quartz's "shortest" path mode resolves wiki-links by filename, not frontmatter title. This fixes the broken links from the previous title-based approach. Changes: - Rename zk duplicate files with -log suffix to avoid conflicts - Rename reference/storage/postgresql.md to postgresql-storage.md - Convert all wiki-links from [[Title]] to [[filename|Title]] format - Rename doc-card-titles task to doc-filenames (checks filename uniqueness) - Update pre-commit hook for renamed task Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
40 lines
712 B
Markdown
40 lines
712 B
Markdown
---
|
|
title: 1Password
|
|
tags:
|
|
- service
|
|
- secrets
|
|
---
|
|
|
|
# 1Password
|
|
|
|
Root credential store for all BlumeOps secrets, synced to Kubernetes via External Secrets Operator.
|
|
|
|
## Architecture
|
|
|
|
```
|
|
1Password Cloud
|
|
|
|
|
v
|
|
1Password Connect (namespace: 1password)
|
|
|
|
|
v
|
|
External Secrets Operator (namespace: external-secrets)
|
|
|
|
|
v
|
|
Native Kubernetes Secrets
|
|
```
|
|
|
|
## Vault
|
|
|
|
The `blumeops` vault contains all infrastructure credentials.
|
|
|
|
## Kubernetes Integration
|
|
|
|
**ClusterSecretStore:** `onepassword-blumeops`
|
|
|
|
Services reference 1Password items via `ExternalSecret` manifests.
|
|
|
|
## Related
|
|
|
|
- [[argocd|ArgoCD]] - Uses secrets for git access
|
|
- [[postgresql|PostgreSQL]] - Database credentials
|