DEV Community

John McCracken
John McCracken

Posted on

1Password CLI, AWS and Terraform

The issue

1Password CLI is great, having a single source for managing access keys and being able to use fingerprint ID on a Mac is such a cool feature. The AWS plugin works great, but if you want to use AWS through a third party (in this case Terraform), I failed to get it to work.

This blog post is based on finding a MacOS solution, mileage may vary on other operating systems.

The plan

After some searching I came across this guide Storing AWS CLI Credentials in 1Password by Kenneth Falck. Its now outdated and didn't work for me, but it was more than enough to point in the right direction.

So firstly, setup everything:

The solution

next, edit the ~/.aws/config file:

[default]
credential_process = sh -c "op item get '*1PASSWORD OBJ*' --format json | jq '.fields | map({(.label):.}) | add | {Version:1, AccessKeyId:."access key id".value, SecretAccessKey:."secret access key".value}'"
Enter fullscreen mode Exit fullscreen mode

Amend the *1PASSWORD OBJ* name to the name of the 1Password access key entry.
If you followed the guides, the fields should be access key id and secret access key, if different, change accordingly.

credential_process allows you to load credentials from an external process.

To check it works, try aws iam get-user, if this works, try a terraform command.

Hopefully it works... 😬

Thanks to Kenneth Falck for initially solving this.

Top comments (2)

Collapse
 
kamikadzerr profile image
Ярослав Сапак

David is correct
the way it worked for me

[default]
credential_process =  sh -c 'op item get '"'"'name-of-item-in-1p'"'"' --format json | jq '"'"'.fields | map({(.label):.}) | add | {Version:1, AccessKeyId:."access key id".value, SecretAccessKey:."secret access key".value}'"'"''
Enter fullscreen mode Exit fullscreen mode
Collapse
 
davidswalkabout profile image
DavidP

There are unescaped inner double-quotes that cause a parsing error.