-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
A way to generate a 'Share Link' for items #111
Comments
Hey @hwilliamsoctopus, thank you for your feature request! I think this would be a great addition for the SDKs. To be able to log it in our internal tracker, can you give me a bit of context about your use-case, for using item sharing programatically? Thanks! |
Sure thing @hculea! So currently we have an onboarding platform which allows third parties to integrate with our product. This platform has exclusive invite-only access, and when we create accounts for the third parties, a series of complex setup already needs to be done programmatically. This means that when one of our team members wants to create an invite, it is already done through a simple interface to hide the complexity and set things up correctly. After the invite is created, we need to share with the third party a number of properties/credentials related to it so that they can get it set up. We also need to make some of these available to the wider team and therefore 1password is the ideal place for us to store these:
Therefore we already use the SDK now to save to 1password, however after using our interface, the person generating the link has to now:
This last manual step is the bit I was hoping to to solve with this issue, meaning the interface could return the exact share link to be passed back to the 3rd party in an email immediately. So as a rough flow our system is:
And it is the part between step 4-5 that would be solved here as it could be automated. |
Hi @hwilliamsoctopus, |
+1 on this request. We have system that monitors expiring secrets (not in 1Password) and messages the secret owner, asking if they want to create a new secret or if it is no longer relevant and can be deleted. We would like to use 1Password to deliver the new secret, should the secret owner choose to create a new secret. @sadiaazmal I think it may be possible with the CLI commands you mentioned. I will try it out and get back. |
Hi @jelleholtkamp, Also, I would love to hear more about your external system that monitors expiring secrets. How do you currently run and manage this system? |
@sadiaazmal I got it working with the CLI. Would still like to see this implemented in the SDK though, because using a native SDK makes error handling easier and better. To provide a bit more context, we have a script that checks for expiring secrets in a third party system. When those secrets are about to expire, that script will trigger an approval flow which basically asks the secret owner and IT if the secret needs to be renewed. If both approve the renewal, another script will be triggered which renews the secret and delivers it to the secret owner. The delivery part needs to be secure, so this is handled by 1Password. The script puts the secret in a vault, creates a share link and sends the share link to the secret owner. |
I'm glad to hear it's working with the CLI @jelleholtkamp! We’re also planning to introduce the ability to generate sharing links directly through the SDK in the near future. Thank you for providing additional details about your use case. If you're open to it, I’d love to discuss your workflows and any challenges you're encountering with rotating and managing secrets over a brief call. This insight would help our team identify areas for improvement to better support your security and development needs. Feel free to schedule a time that suits you using this link. Thank you again for feedback and clarification! |
Thanks for getting back @sadiaazmal I haven't tried through the CLI but am aware it will most likely be possible there, however for this use case it would not work well. This is in a deployed environment, and managing the interface with 1password would be ideal if it sat within our codebase as opposed to having to add CLI installation to the pipeline and then create ad-hoc scripts to call the CLI. This would then not be in line with the rest of our codebase and be more difficult to maintain. Hope that makes sense |
+1 on this request. Similar to @hwilliamsoctopus we would also like to be able to create share links directly with the SDK since we'd like to set up an cloud automation to generate keys in a 3rd-party application via API and immediately share keys with the requestor. Using the CLI means this needs to be re-authenticated whenever a session expires, which is not useful for an unattended service account flow. |
Hey @sadiaazmal - has this made it onto the roadmap yet, or are there any estimated timelines? |
Thank you for following up! We're actively working on implementing and shipping this feature in our upcoming releases. Excited to bring this to the community. |
Use Case
Be able to programatically create a vault item, and generate a share link to this vault item with a set expiry, so this can be forwarded on to necessary parties without manual interaction through the 1password app.
Requirements and desired behavior
The items interface should expose an api to
create_share_link
which behaves almost identically to:https://developer.1password.com/docs/cli/reference/management-commands/item/#item-share
Additional information
No response
The text was updated successfully, but these errors were encountered: