← Back to Guides
Profile image for Will Stewart

By Will Stewart

Published 2nd June 2022

Deploy a 1Password Connect server on Northflank

1Password is a password manager, digital vault, form filler and secure digital wallet. In this guide, we will show you how to deploy a 1Password Connect server on Northflank.

1Password provides two images to make the Connect server function. However, they both need to share a common volume and have several issues with file permissions so we're going to make our own image combining both of the images.

  1. 1password/connect-api:latest
  2. 1password/connect-sync:latest

To do so, we will first have to create a repository on GitHub with the necessary files, and then create a service on Northflank. Let’s get started!

Project structure

onepassword/
├─ Dockerfile
└─ entrypoint.sh

Files

In your Github account, create a new repository and include the following two files:

Dockerfile

FROM ubuntu:latest

RUN apt-get update && apt-get install ca-certificates -y && update-ca-certificates

COPY entrypoint.sh entrypoint.sh
COPY --from=1password/connect-api:latest /bin/connect-api /bin/connect-api
COPY --from=1password/connect-sync:latest /bin/connect-sync /bin/connect-sync

RUN chmod +x entrypoint.sh
RUN chmod +x /bin/connect-api
RUN chmod +x /bin/connect-sync

EXPOSE 8080

CMD ./entrypoint.sh

entrypoint.sh

#!/bin/bash

mkdir -p /home/opuser/.op/data
chown -R 999 /home/opuser
chmod -R 700 /home/opuser
chmod -f -R 600 /home/opuser/.op/config || :
OP_HTTP_PORT=8080 /bin/connect-api &
OP_HTTP_PORT=9090 /bin/connect-sync &
wait -n
  
# Exit with status of process that exited first
exit $?

Combined service

Once your repository is created, we will move to Northflank to deploy your instance of 1Password.

  1. Create a new combined service and choose your name.

  2. Under repository, select the repository we have just created for 1password.

    • If your Northflank account is still not connected to your GitHub account, you can do so now. This page will show you the detailed steps to do so.

  3. Under build options, select Dockerfile and it will automatically find the Dockerfile in your repository.

  4. Under environment variables, add the following runtime variables:

    KeyValue
    OP_SESSION/home/opuser/.op/1password-credentials.json
    ONEPASSWORD_CREDSYour credentials
    • To find your credentials, you will have to set up a secret automation workflow following this link. Once you have set it up, download the Credentials File. Your credentials are the contents of this file. Save the Access Token so you can make requests to the Connect API later. There is more information on setting up a secret automation workflow in this 1Password page.

      1Password Credentials File in secret automation

  5. Under advanced, add a secret file with the mount path set to /home/opuser/.op/1password-credentials.json and the content to ${ONEPASSWORD_CREDS}.

    • Under networking, port 8080 with HTTP protocol will automatically be detected and publicly exposed.

  6. Under advanced, add a persistent volume with the name data and container mount path /home/opuser/.op/data.

    1Password deployed on Northflank, service creation

Testing the API to list vaults

Once we have our 1Password Connect server set up, we can test it with the following API call which will list the vaults. The Connect API reference will provide all the API request details.

Use the OP_ACCESS_TOKEN that you saved earlier alongside the Credentials File. Otherwise, if the token has expired, you can create a new one via the Secret Automation page.

curl \
-H "Accept: application/json" \
-H "Authorization: Bearer $OP_ACCESS_TOKEN" \
https://${HOSTNAME}/v1/vaults

List Vaults on 1Password Connect server

If you encounter any issues while following this guide we're happy to assist you with your Wiki.js deployment at support@northflank.com. At Northflank we also have dedicated support plans for business customers.

Using Northflank to deploy a 1Password Connect server

Northflank allows you to deploy your code and databases within minutes. Sign up for a Northflank account and create a free project to get started.

  • Connect with your preferred VCS: GitHub, GitLab or Bitbucket
  • Deployment of Docker containers
  • Scale vertically and horizontally with multiple replicas per service
  • Observe & monitor with real-time metrics & logs
  • Low latency and high performance
  • Multiple read and write replicas

Share this article with your network