I just recently discovered that 1Password has a cli and support for replacing GitHub secret management.<p>Is anyone using it? Are there any caveats? Service account or proxy setup? Which is best?
We use both the 1Password CLI and 1Password Connect.<p>The CLI tool is handy for retrieving secrets from your vaults in the CLI, handy for one-off uses like scripts etc.<p>The Connect server is more suited for infrastructure secrets and allows you to whitelist which vaults are available through it. You can then use secrets exposed from Connect as part of your Docker image build process on CI, for example.
I was thinking about doing this, not sure of the pros/cons. Eg moving all the secrets to 1Password, and having a simple internal cli tool for my team to push them to Github Secrets and/or just access them from 1Password in Github workflows<p>Interested if others have feedback