MIT License
This GitHub Action loads secrets from 1Password into your GitHub workflow environment.
This action allows you to securely manage your secrets for GitHub Actions using 1Password, ensuring sensitive information is not exposed in your repository.
Differences to official 1Password Action:
To use this action in your workflow, follow these steps:
on: push
jobs:
hello-world:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Load secret
uses: shyim/1password-load-secrets-action@v1
with:
# export also as environment variable
export: true
# mask the secrets in the logs
mask-secrets: true
# secret mapping
secrets: |
SECRET=op://app-cicd/hello-world/secret
SECRET_SECOND=op://app-cicd/hello-world/secret-second
env:
OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
- name: Print masked secret
run: echo "Secret: $SECRET"
# Prints: Secret: ***
Supported variations in secrets are:
NAME=op://vault/item/field
- Sets NAME
with the value of that specific fieldop://vault/item/field
- Sets field
as environment variable, shorthand for the previous oneop://vault/item
- Sets all fields with values as environment variablesContributions are welcome! If you would like to contribute to this project, please fork the repository and submit a pull request.
This project is licensed under the MIT License - see the LICENSE file for details.
For more information, visit the repository.