From f41d6309e541a26a87f551dffb0cc99e63d95a8e Mon Sep 17 00:00:00 2001 From: Keyfactor Date: Thu, 9 Oct 2025 19:55:16 +0000 Subject: [PATCH 1/2] Update generated docs --- README.md | 98 +++++++++++++++++++++++++++++++++++++++---------------- 1 file changed, 70 insertions(+), 28 deletions(-) diff --git a/README.md b/README.md index 7976a3f..b79958a 100644 --- a/README.md +++ b/README.md @@ -53,39 +53,81 @@ Before proceeding with installation, you should consider which pattern is best f ### Installation -To install 1Password CLI PAM Provider, you must install [kfutil](https://github.com/Keyfactor/kfutil). Kfutil is a command-line tool that simplifies the process of creating PAM Types in Keyfactor Command, among many other useful automation features. +> [!IMPORTANT] +> For the most up-to-date and complete documentation on how to install a PAM provider extension, please visit our [product documentation](https://software.keyfactor.com/Core-OnPrem/Current/Content/ReferenceGuide/Preparing%20Third%20Party%20PAM%20Providers%20to%20Work%20with.htm?Highlight=pam%20provider#InstallingCustomPAMProviderExtensions) +To install 1Password CLI PAM Provider, it is recommended you install [kfutil](https://github.com/Keyfactor/kfutil). `kfutil` is a command-line tool that simplifies the process of creating PAM Types in Keyfactor Command. -#### Prerequisites -1. Follow the [requirements section](docs/1password-cli.md#requirements) to configure a Service Account, grant necessary API permissions, and create secrets. -
Requirements - In order to use this PAM Provider extension, the 1Password CLI must be installed. +#### Requirements + In order to use this PAM Provider extension, the 1Password CLI must be installed. - Refer to the [1Password CLI documentation](https://developer.1password.com/docs/cli/get-started/) for how to install the CLI and add it to the execution path. - After the CLI is installed, it is prudent to verify that the integration will be able to reach it, by opening a new PowerShell terminal and typing the simple command `op`. This should not result in an error and instead show the top-level help info for the CLI. + Refer to the [1Password CLI documentation](https://developer.1password.com/docs/cli/get-started/) for how to install the CLI and add it to the execution path. + After the CLI is installed, it is prudent to verify that the integration will be able to reach it, by opening a new PowerShell terminal and typing the simple command `op`. This should not result in an error and instead show the top-level help info for the CLI. - A Service Account also needs to be created and configured with a Service Account Token. Refer to the [1Password Service Accounts documentation](https://developer.1password.com/docs/service-accounts/get-started/) for how to set up and provision a Service Account. - Please note that Service Account Tokens are associated with Vaults at time of creation. If additional Vaults are later added that need to be accessed, the Token will need to be reconfigured to be granted acccess to additional Vaults. + A Service Account also needs to be created and configured with a Service Account Token. Refer to the [1Password Service Accounts documentation](https://developer.1password.com/docs/service-accounts/get-started/) for how to set up and provision a Service Account. + Please note that Service Account Tokens are associated with Vaults at time of creation. If additional Vaults are later added that need to be accessed, the Token will need to be reconfigured to be granted acccess to additional Vaults. - Since this extension expects to be able to run the CLI in a PowerShell session, the account running the Keyfactor service that uses this PAM Provider will need to be able to access and use PowerShell. + Since this extension expects to be able to run the CLI in a PowerShell session, the account running the Keyfactor service that uses this PAM Provider will need to be able to access and use PowerShell. -
+#### Create PAM type in Keyfactor Command -2. Use kfutil to create the required PAM Types in the connected Command platform. - ```shell - # 1Password-CLI - kfutil pam types-create -r 1password-cli-pam -n 1Password-CLI - ``` +##### Using `kfutil` +Create the required PAM Types in the connected Command platform. + +```shell +# 1Password-CLI +kfutil pam types-create -r 1password-cli-pam -n 1Password-CLI +``` + +##### Using the API +For full API docs please visit our [product documentation](https://software.keyfactor.com/Core-OnPrem/Current/Content/WebAPI/KeyfactorAPI/PAMProvidersPOSTTypes.htm?Highlight=pam%20type) -#### Install on Keyfactor Command (Local) +Below is the payload to `POST` to the Keyfactor Command API +```json +{ + "Name": "1Password-CLI", + "Parameters": [ + { + "Name": "Vault", + "DisplayName": "1Password Secret Vault", + "DataType": 1, + "InstanceLevel": false, + "Description": "The name of the Vault in 1Password." + }, + { + "Name": "Token", + "DisplayName": "1Password Service Account Token", + "DataType": 2, + "InstanceLevel": false, + "Description": "The Service Account Token that is configured to access the specified Vault." + }, + { + "Name": "Item", + "DisplayName": "1Password Item Name", + "DataType": 1, + "InstanceLevel": true, + "Description": "The name of the credential item in 1Password. This could be the name of a Login object or a Password object." + }, + { + "Name": "Field", + "DisplayName": "Field Name on Item", + "DataType": 1, + "InstanceLevel": true, + "Description": "The name of the Field to retrieve from the specified Item. For a Login, this would be 'username' or 'password'. For an API Credential this would be 'credential'." + } + ] +} +``` + +#### Install PAM provider on Keyfactor Command Host (Local) @@ -97,9 +139,9 @@ To install 1Password CLI PAM Provider, you must install [kfutil](https://github. 1. Copy the unzipped assemblies to each of the following directories: - * `C:\Program Files\Keyfactor\Keyfactor Platform\WebAgentServices\Extensions\PamProviders\1password-cli-pam` - * `C:\Program Files\Keyfactor\Keyfactor Platform\WebConsole\Extensions\PamProviders\1password-cli-pam` - * `C:\Program Files\Keyfactor\Keyfactor Platform\KeyfactorAPI\Extensions\PamProviders` + * `C:\Program Files\Keyfactor\Keyfactor Platform\WebAgentServices\Extensions\1password-cli-pam` + * `C:\Program Files\Keyfactor\Keyfactor Platform\WebConsole\Extensions\1password-cli-pam` + * `C:\Program Files\Keyfactor\Keyfactor Platform\KeyfactorAPI\Extensions\1password-cli-pam` @@ -140,7 +182,7 @@ To install 1Password CLI PAM Provider, you must install [kfutil](https://github. -#### Install on a Universal Orchestrator (Remote) +#### Install PAM provider on a Universal Orchestrator Host (Remote) 1. Install the 1Password CLI PAM Provider assemblies. @@ -161,9 +203,7 @@ To install 1Password CLI PAM Provider, you must install [kfutil](https://github. * **Linux**: `/opt/keyfactor/orchestrator/extensions/1password-cli-pam` 2. Included in the release is a `manifest.json` file that contains the following object: - ```json - // 1password-cli-pam/manifest.json { "Keyfactor:PAMProviders:1Password-CLI:InitializationInfo": { @@ -193,7 +233,7 @@ To install 1Password CLI PAM Provider, you must install [kfutil](https://github. -#### Keyfactor Command (Local) +#### From Keyfactor Command Host (Local) @@ -202,7 +242,8 @@ To install 1Password CLI PAM Provider, you must install [kfutil](https://github. 2. Select the **Add** button to create a new PAM provider. Click the dropdown for **Provider Type** and select **1Password-CLI**. - > If you're running Keyfactor Command 11+, make sure "Remote Provider" is unchecked. +> [!IMPORTANT] +> If you're running Keyfactor Command 11+, make sure `Remote Provider` is unchecked. 3. Populate the fields with the necessary information collected in the [requirements](docs/1password-cli.md#requirements) section: @@ -229,7 +270,7 @@ Select the **Load From PAM Provider** tab, choose the **1Password-CLI** provider -#### Universal Orchestrator (Remote) +#### From a Universal Orchestrator Host (Remote) @@ -243,7 +284,7 @@ In Command 11 and greater, before using the 1Password-CLI PAM type, you must def 2. Select the **Add** button to create a new PAM provider. -3. Make sure that "Remote Provider" is checked. +3. Make sure that `Remote Provider` is checked. 4. Click the dropdown for **Provider Type** and select **1Password-CLI**. @@ -285,7 +326,8 @@ When entering Secret fields, select the **Load From Keyfactor Secrets** tab, and -> Additional information on 1Password-CLI can be found in the [supplimental documentation](docs/1password-cli.md). +> [!NOTE] +> Additional information on 1Password-CLI can be found in the [supplemental documentation](docs/1password-cli.md). From f36cd2a55293d7b0d7afea297508ce807939e564 Mon Sep 17 00:00:00 2001 From: spbsoluble <1661003+spbsoluble@users.noreply.github.com> Date: Thu, 9 Oct 2025 12:55:26 -0700 Subject: [PATCH 2/2] chore(ci): Update starter workflow to `v4` --- .../keyfactor-bootstrap-workflow-v3.yml | 20 -------------- ...eyfactor-configure-repository-workflow.yml | 24 ----------------- .../workflows/keyfactor-starter-workflow.yml | 27 +++++++++++++++++++ 3 files changed, 27 insertions(+), 44 deletions(-) delete mode 100644 .github/workflows/keyfactor-bootstrap-workflow-v3.yml delete mode 100644 .github/workflows/keyfactor-configure-repository-workflow.yml create mode 100644 .github/workflows/keyfactor-starter-workflow.yml diff --git a/.github/workflows/keyfactor-bootstrap-workflow-v3.yml b/.github/workflows/keyfactor-bootstrap-workflow-v3.yml deleted file mode 100644 index 64919a4..0000000 --- a/.github/workflows/keyfactor-bootstrap-workflow-v3.yml +++ /dev/null @@ -1,20 +0,0 @@ -name: Keyfactor Bootstrap Workflow - -on: - workflow_dispatch: - pull_request: - types: [opened, closed, synchronize, edited, reopened] - push: - create: - branches: - - 'release-*.*' - -jobs: - call-starter-workflow: - uses: keyfactor/actions/.github/workflows/starter.yml@v3 - secrets: - token: ${{ secrets.V2BUILDTOKEN}} - APPROVE_README_PUSH: ${{ secrets.APPROVE_README_PUSH}} - gpg_key: ${{ secrets.KF_GPG_PRIVATE_KEY }} - gpg_pass: ${{ secrets.KF_GPG_PASSPHRASE }} - scan_token: ${{ secrets.SAST_TOKEN }} diff --git a/.github/workflows/keyfactor-configure-repository-workflow.yml b/.github/workflows/keyfactor-configure-repository-workflow.yml deleted file mode 100644 index 79641e7..0000000 --- a/.github/workflows/keyfactor-configure-repository-workflow.yml +++ /dev/null @@ -1,24 +0,0 @@ -name: Configure Repository Workflow -on: [workflow_dispatch] - -jobs: - call-update-topic: - uses: Keyfactor/actions/.github/workflows/kf-update-topics.yml@v2 - secrets: - token: ${{ secrets.V2BUILDTOKEN }} - - call-update-description: - uses: Keyfactor/actions/.github/workflows/kf-update-description.yml@v2 - secrets: - token: ${{ secrets.V2BUILDTOKEN }} - - call-update-teams: - uses: Keyfactor/actions/.github/workflows/kf-update-teams.yml@v2 - secrets: - token: ${{ secrets.V2BUILDTOKEN }} - - call-set-autolink: - uses: Keyfactor/actions/.github/workflows/kf-configure-repo.yml@v2 - secrets: - token: ${{ secrets.V2BUILDTOKEN }} - diff --git a/.github/workflows/keyfactor-starter-workflow.yml b/.github/workflows/keyfactor-starter-workflow.yml new file mode 100644 index 0000000..bd5f384 --- /dev/null +++ b/.github/workflows/keyfactor-starter-workflow.yml @@ -0,0 +1,27 @@ +name: Keyfactor Bootstrap Workflow + +on: + workflow_dispatch: + pull_request: + types: [opened, closed, synchronize, edited, reopened] + push: + create: + branches: + - 'release-*.*' + +jobs: + call-starter-workflow: + uses: keyfactor/actions/.github/workflows/starter.yml@v4 + with: + command_token_url: ${{ vars.COMMAND_TOKEN_URL }} + command_hostname: ${{ vars.COMMAND_HOSTNAME }} + command_base_api_path: ${{ vars.COMMAND_API_PATH }} + secrets: + token: ${{ secrets.V2BUILDTOKEN}} + gpg_key: ${{ secrets.KF_GPG_PRIVATE_KEY }} + gpg_pass: ${{ secrets.KF_GPG_PASSPHRASE }} + scan_token: ${{ secrets.SAST_TOKEN }} + entra_username: ${{ secrets.DOCTOOL_ENTRA_USERNAME }} + entra_password: ${{ secrets.DOCTOOL_ENTRA_PASSWD }} + command_client_id: ${{ secrets.COMMAND_CLIENT_ID }} + command_client_secret: ${{ secrets.COMMAND_CLIENT_SECRET }} \ No newline at end of file