Skip to main content
You can use Kubernetes integrations to deploy a 1Password Connect Server or a 1Password Service Account to a Kubernetes cluster. 1Password offers multiple Kubernetes integrations, including the Kubernetes Secrets Injector, the Kubernetes Operator, and Helm charts (which support both the Kubernetes Injector and the Kubernetes Operator). The best integration option depends on your unique environment.

Securing secrets across your full deployment stack?

The secure deployment guide covers how 1Password works across CI/CD pipelines, containers, and production applications.

Comparison

Both the Kubernetes Injector and the Kubernetes Operator work by allowing you to inject secrets from 1Password into a Kubernetes environment. However, they vary slightly based on your intended use case and their requirements. The 1Password Helm charts allow you to more easily deploy a Connect server, the Kubernetes Operator, or the Kubernetes Injector. Refer to the following table to learn the differences between the integrations.
FeatureKubernetes InjectorKubernetes Operator
Supports service accountsYesYes
Supports Connect serversYesYes
Allows for granular selection of secretsYesNo
Uses Kubernetes SecretsNoYes
Injects 1Password items directly into Kubernetes podsYesNo
Works with multiple credentials simultaneouslyYesNo
Supports automatic redeployment when 1Password items changeNoYes
Requires a Connect token to deployNoYes

Kubernetes Injector

The 1Password Kubernetes Secrets Injector implements a mutating webhook that allows you to inject 1Password secrets as environment variables into a Kubernetes pod or deployment. You can use the Kubernetes Injector with Connect servers or service accounts.

Kubernetes Operator

The 1Password Connect Kubernetes Operator integrates Kubernetes Secrets with 1Password with one or more Connect servers or service accounts. It allows you to:
  • Create Kubernetes Secrets from 1Password items and load them into Kubernetes deployments.
  • Automatically restart deployments when 1Password items update.

1Password Helm charts

Helm is a tool that helps you manage Kubernetes applications through specification files called Helm charts. Helm charts define a Kubernetes application and make it easy to share, install, and upgrade. The official 1Password Helm charts allow you to create a Secrets Automation workflow deployment using a predefined specification.