1Password is a password manager, digital vault, form filler and secure digital wallet. In this guide, we will show you how to deploy a 1Password Connect server on Northflank.
1Password provides two images to make the Connect server function. However, they both need to share a common volume and have several issues with file permissions so we're going to make our own image combining both of the images.
1password/connect-api:latest
1password/connect-sync:latest
To do so, we will first have to create a repository on GitHub with the necessary files, and then create a service on Northflank. Let’s get started!
onepassword/
├─ Dockerfile
└─ entrypoint.sh
In your Github account, create a new repository and include the following two files:
Dockerfile
FROM ubuntu:latest
RUN apt-get update && apt-get install ca-certificates -y && update-ca-certificates
COPY entrypoint.sh entrypoint.sh
COPY --from=1password/connect-api:latest /bin/connect-api /bin/connect-api
COPY --from=1password/connect-sync:latest /bin/connect-sync /bin/connect-sync
RUN chmod +x entrypoint.sh
RUN chmod +x /bin/connect-api
RUN chmod +x /bin/connect-sync
EXPOSE 8080
CMD ./entrypoint.sh
entrypoint.sh
#!/bin/bash
mkdir -p /home/opuser/.op/data
chown -R 999 /home/opuser
chmod -R 700 /home/opuser
chmod -f -R 600 /home/opuser/.op/config || :
OP_HTTP_PORT=8080 /bin/connect-api &
OP_HTTP_PORT=9090 /bin/connect-sync &
wait -n
# Exit with status of process that exited first
exit $?
Once your repository is created, we will move to Northflank to deploy your instance of 1Password.
Create a new combined service and choose your name.
Under repository, select the repository we have just created for 1password.
- If your Northflank account is still not connected to your GitHub account, you can do so now. This page will show you the detailed steps to do so.
Under build options, select Dockerfile and it will automatically find the Dockerfile in your repository.
Under environment variables, add the following runtime variables:
Key Value OP_SESSION
/home/opuser/.op/1password-credentials.json
ONEPASSWORD_CREDS
Your credentials - To find your credentials, you will have to set up a secret automation workflow following this link. Once you have set it up, download the Credentials File. Your credentials are the contents of this file. Save the Access Token so you can make requests to the Connect API later. There is more information on setting up a secret automation workflow in this 1Password page.
Under advanced, add a secret file with the mount path set to
/home/opuser/.op/1password-credentials.json
and the content to${ONEPASSWORD_CREDS}
.- Under networking, port
8080
with HTTP protocol will automatically be detected and publicly exposed.
Under advanced, add a persistent volume with the name
data
and container mount path/home/opuser/.op/data
.
Once we have our 1Password Connect server set up, we can test it with the following API call which will list the vaults. The Connect API reference will provide all the API request details.
OP_ACCESS_TOKEN
that you saved earlier alongside the Credentials File. Otherwise, if the token has expired, you can create a new one via the Secret Automation page. curl \
-H "Accept: application/json" \
-H "Authorization: Bearer $OP_ACCESS_TOKEN" \
https://${HOSTNAME}/v1/vaults
If you encounter any issues while following this guide we're happy to assist you with your Wiki.js deployment at support@northflank.com. At Northflank we also have dedicated support plans for business customers.
Northflank allows you to deploy your code and databases within minutes. Sign up for a Northflank account and create a free project to get started.
- Connect with your preferred VCS: GitHub, GitLab or Bitbucket
- Deployment of Docker containers
- Scale vertically and horizontally with multiple replicas per service
- Observe & monitor with real-time metrics & logs
- Low latency and high performance
- Multiple read and write replicas