> ## Documentation Index
> Fetch the complete documentation index at: https://www.1password.dev/llms.txt
> Use this file to discover all available pages before exploring further.
# Use the 1Password provider for Pulumi
export const CodeResult = ({children, resultLang, wrap, expandable}) => {
const parseChildren = () => {
let language = "text";
let codeContent = "";
const extractText = node => {
if (typeof node === "string") {
return node;
}
if (Array.isArray(node)) {
return node.map(extractText).join("");
}
if (node?.props?.children) {
return extractText(node.props.children);
}
return "";
};
const extractLanguage = node => {
if (!node) return null;
if (node.props?.className) {
const className = node.props.className;
const langMatch = className.match(/language-(\w+)/);
if (langMatch) {
return langMatch[1];
}
}
if (node.props?.["data-language"]) {
return node.props["data-language"];
}
if (node.props?.language) {
return node.props.language;
}
return null;
};
if (typeof children === "string") {
codeContent = children;
} else if (Array.isArray(children)) {
codeContent = extractText(children);
for (const child of children) {
const detectedLang = extractLanguage(child);
if (detectedLang) {
language = detectedLang;
break;
}
}
} else if (children?.props) {
const detectedLang = extractLanguage(children);
if (detectedLang) {
language = detectedLang;
}
codeContent = extractText(children);
}
const parts = codeContent.split("#code-result");
if (parts.length < 2) {
return {
command: codeContent.trim(),
result: null,
language,
defaultOpen: false
};
}
const resultText = parts[1].trim();
const defaultOpen = resultText.startsWith("open");
const cleanResult = defaultOpen ? resultText.slice(4).trim() : resultText;
return {
command: parts[0].trim(),
result: cleanResult,
language,
defaultOpen
};
};
const {command, result, language, defaultOpen} = parseChildren();
const [isOpen, setIsOpen] = useState(defaultOpen);
if (!result) {
return children;
}
return
{}
{}
{isOpen &&
}
;
};
export const Small = ({children}) => {
return {children};
};
You can use the [1Password provider for Pulumi ](https://www.pulumi.com/registry/packages/onepassword/) to access and manage items in your 1Password vaults.
## Requirements
The provider can be configured to authenticate with a service account, a Connect server, or with your 1Password account details.
[1Password Service Accounts](/service-accounts/) allow you to restrict the provider's access to specific vaults in your 1Password account, so you can follow the principle of least privilege in your project.
To use a service account with the 1Password provider for Pulumi, you'll need:
* [1Password subscription](https://1password.com/pricing/password-manager)
* [1Password CLI](/cli/get-started)
* [1Password service account](/service-accounts/get-started)
[1Password Connect Servers](/connect/) are a good authentication option when you need unlimited requests and use self-hosted infrastructure.
Connect servers allow you to restrict the provider's access to specific vaults in your 1Password account, so you can follow the principle of least privilege in your project.
To use a Connect server with the 1Password provider for Pulumi, you'll need:
* [1Password subscription](https://1password.com/pricing/password-manager)
* [1Password Connect server](/connect/get-started/#step-1)
When you configure the provider with your 1Password account details, the provider can access any vault in your account, and you can use Touch ID, Windows Hello, or another system authentication option with the provider.
To use your account details with the 1Password provider for Pulumi, you'll need:
* [1Password subscription](https://1password.com/pricing/password-manager)
* [1Password CLI](/cli/get-started)
* [1Password desktop app\*](https://1password.com/downloads/)
* [1Password app integration\*](/cli/get-started#step-2-turn-on-the-1password-desktop-app-integration)
\* To authenticate with Touch ID, Windows Hello, or another system authentication option.
## Step 1: Install the 1Password provider for Pulumi
### With a package manager
To use the provider with JavaScript or TypeScript in Node.js, install using either `npm` or `yarn`:
To use the provider with Python, install using `pip`:
```shell theme={null}
pip install pulumi_onepassword
```
To use the provider with Go, use `go get` to download the latest version:
```shell theme={null}
go get github.com/1Password/pulumi-onepassword/sdk/go/...
```
### With the provider binary
To install the 1Password provider binary, use the [`pulumi plugin` ](https://www.pulumi.com/docs/cli/commands/pulumi_plugin/) command:
```shell theme={null}
pulumi plugin install resource onepassword --server github://api.github.com/1Password/pulumi-onepassword
```
## Step 2: Configure the provider with your credentials
You can provide your 1Password credentials to Pulumi in the environment or in your Pulumi configuration. Your Pulumi configuration is a good option if you want to store your credentials alongside your Pulumi stack for multi-user access.
1. [Create a service account](https://start.1password.com/developer-tools/infrastructure-secrets/serviceaccount/) or find the token for an existing service account. Make sure the service account has access to the appropriate vaults and adequate permissions in those vaults.
2. Provide the token to Pulumi using either an environment variable or your Pulumi configuration.
Environment variable
`} />
`} />
`} />
Pulumi configuration
```shell theme={null}
pulumi config set pulumi-onepassword:service_account_token --secret
#code-result
Value:
```
Make sure to pass `--secret` when setting sensitive data.
3. Install [1Password CLI](/cli/get-started) in your PATH. If you install the CLI outside of your PATH, specify the path to your 1Password CLI binary using either an environment variable or your Pulumi configuration.
Environment variable
`} />
`} />
`} />
Pulumi configuration
```shell theme={null}
pulumi config set pulumi-onepassword:op_cli_path --secret
#code-result
Value:
```
1. [Create a Connect server](/connect/get-started/#step-1) or find the host URL and token for an existing Connect server.
2. Provide the host URL and token to Pulumi using either environment variables or your Pulumi configuration.
**Host URL**
```shell theme={null}
pulumi config set pulumi-onepassword:url --secret
#code-result
Value:
```
**Token**
```shell theme={null}
pulumi config set pulumi-onepassword:token --secret
#code-result
Value:
```
Make sure to pass `--secret` when setting sensitive data.
1. Find the [sign-in address](https://support.1password.com/1password-glossary/#sign-in-address) or [unique identifier](/cli/reference/#unique-identifiers-ids) for your 1Password account.
2. Provide your account sign-in address or identifier to Pulumi using an environment variable or your Pulumi configuration.
```shell theme={null}
pulumi config set pulumi-onepassword:account --secret
#code-result
Value:
```
Make sure to pass `--secret` when setting sensitive data.
3. Install [1Password CLI](/cli/get-started) in your PATH. If you install the CLI outside of your PATH, specify the path to your 1Password CLI binary using either an environment variable or your Pulumi configuration.
```shell theme={null}
pulumi config set pulumi-onepassword:op_cli_path --secret
#code-result
Value:
```
4. To use Touch ID, Windows Hello, or another system authentication option with the provider, [turn on the 1Password CLI app integration](/cli/get-started#step-2-turn-on-the-1password-desktop-app-integration).
## Step 3: Use the provider
See [Pulumi's documentation ](https://www.pulumi.com/registry/packages/onepassword/) to learn how to access and manage your items using the 1Password provider.
## Reference
You can use either [Pulumi configuration keys ](https://www.pulumi.com/docs/concepts/config/) or environment variables to provide your 1Password credentials to Pulumi.
| Configuration key | Environment variable | Description | Authentication method |
| ------------------------------------------ | -------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | --------------------------------------------------------- |
| `pulumi-onepassword:service_account_token` | `OP_SERVICE_ACCOUNT_TOKEN` | The string value of your [1Password Service Account](/service-accounts/get-started) token. | Service account |
| `pulumi-onepassword:url` | `OP_CONNECT_HOST` | The URL where your [1Password Connect Server](/connect/) can be found. For example: `http://localhost:8080`. | Connect server |
| `pulumi-onepassword:token` | `OP_CONNECT_TOKEN` | The string value of your [Connect server token](/connect/concepts#connect-server-access-token). | Connect server |
| `pulumi-onepassword:account` | `OP_ACCOUNT` | A 1Password account [sign-in address](https://support.1password.com/1password-glossary/#sign-in-address) or [unique identifier](/cli/reference/#unique-identifiers-ids). | Account details |
| `pulumi-onepassword:op_cli_path` | `OP_CLI_PATH` | The [path to your 1Password CLI binary](/cli/config-directories). Only required if 1Password CLI binary is located outside of your PATH. |