eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions
blumeops/argocd/apps
History
Exact
Erich Blume 482414346e Add External Secrets Operator with 1Password Connect (#66) (#66) 
## Summary
- Add 1Password Connect server for secrets automation API
- Add External Secrets Operator (ESO) to sync secrets from 1Password to K8s
- Add ClusterSecretStore connecting ESO to 1Password Connect
- Convert devpi secret to ExternalSecret as proof of concept

## Architecture
```
1Password Cloud → 1Password Connect (k8s) → ESO → Native K8s Secrets
```

## Deployment and Testing
- [ ] Mirror Helm charts to forge (connect-helm-charts, external-secrets) - DONE
- [ ] Create 1Password Connect credentials (`op connect server create`)
- [ ] Store credentials in 1Password item "1Password Connect"
- [ ] Bootstrap secret: `op inject -i argocd/manifests/1password-connect/secret-credentials.yaml.tpl | kubectl apply -f -`
- [ ] Deploy 1password-connect: `argocd app sync 1password-connect`
- [ ] Deploy external-secrets: `argocd app sync external-secrets`
- [ ] Deploy external-secrets-config: `argocd app sync external-secrets-config`
- [ ] Test devpi ExternalSecret: `argocd app sync devpi`
- [ ] Verify secret synced: `kubectl get externalsecret -n devpi`

## Future Work
After PoC validated, migrate remaining 12 secret templates to ExternalSecrets:
- databases (3), tailscale-operator (1), grafana-config (2), teslamate (2)
- forgejo-runner (1), argocd (1), immich (1), 1password-connect (1 - self-bootstrap)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/66
2026-01-28 19:30:10 -08:00
..
1password-connect.yaml Add External Secrets Operator with 1Password Connect (#66) (#66) 2026-01-28 19:30:10 -08:00
alloy-k8s.yaml Add Immich photo management + migrate forge URLs (#62) 2026-01-26 11:20:11 -08:00
apps.yaml Add Immich photo management + migrate forge URLs (#62) 2026-01-26 11:20:11 -08:00
argocd.yaml Add Immich photo management + migrate forge URLs (#62) 2026-01-26 11:20:11 -08:00
blumeops-pg.yaml Add Immich photo management + migrate forge URLs (#62) 2026-01-26 11:20:11 -08:00
cloudnative-pg.yaml Add Immich photo management + migrate forge URLs (#62) 2026-01-26 11:20:11 -08:00
devpi.yaml Add Immich photo management + migrate forge URLs (#62) 2026-01-26 11:20:11 -08:00
external-secrets-config.yaml Add External Secrets Operator with 1Password Connect (#66) (#66) 2026-01-28 19:30:10 -08:00
external-secrets-crds.yaml Add External Secrets Operator with 1Password Connect (#66) (#66) 2026-01-28 19:30:10 -08:00
external-secrets.yaml Add External Secrets Operator with 1Password Connect (#66) (#66) 2026-01-28 19:30:10 -08:00
forgejo-runner.yaml Migrate Forgejo runner to Kubernetes with DinD (#60) 2026-01-25 19:56:17 -08:00
grafana-config.yaml Add Immich photo management + migrate forge URLs (#62) 2026-01-26 11:20:11 -08:00
grafana.yaml Add Immich photo management + migrate forge URLs (#62) 2026-01-26 11:20:11 -08:00
immich-storage.yaml Add Immich photo management + migrate forge URLs (#62) 2026-01-26 11:20:11 -08:00
immich.yaml Add Immich photo management + migrate forge URLs (#62) 2026-01-26 11:20:11 -08:00
kiwix.yaml Add Immich photo management + migrate forge URLs (#62) 2026-01-26 11:20:11 -08:00
kube-state-metrics.yaml Add Immich photo management + migrate forge URLs (#62) 2026-01-26 11:20:11 -08:00
loki.yaml Add Immich photo management + migrate forge URLs (#62) 2026-01-26 11:20:11 -08:00
miniflux.yaml Add Immich photo management + migrate forge URLs (#62) 2026-01-26 11:20:11 -08:00
prometheus.yaml Add Immich photo management + migrate forge URLs (#62) 2026-01-26 11:20:11 -08:00
tailscale-operator.yaml Add Immich photo management + migrate forge URLs (#62) 2026-01-26 11:20:11 -08:00
teslamate.yaml Add Immich photo management + migrate forge URLs (#62) 2026-01-26 11:20:11 -08:00
torrent.yaml Add Immich photo management + migrate forge URLs (#62) 2026-01-26 11:20:11 -08:00