1PassMapper

1PassMapper – [FREE!] – A Credential helper for 1Password – Available on Github

This is a security thing, where you want to keep your credentials out of your git files
but when you deploy, you need to build the credentials and stick them into configuration
files that goes into for example, your docker docker container.

You want to keep a copy of the configuration template showing the base configuration and
everything as it should be, but you do not want to keep the actual credentials inside the file.

Also, when you update the credentials, you want them to update inside your build process,
and regardless of where you build, you can reuse the same objects by using different paths
inside the source file and it will update everywhere.

This is where 1PassMapper comes in.

It takes a credentials file which can be a local JSON object containing your credentials
or a similar file stored inside a 1Password item in the field `json`.
It will then take your template file and replace all the tags inside with the real data from
the 1Password service, or your credentials JSON file.

This lets you keep the template configuration files inside git and have for example the password
being stored as a tag instead of the real value, and this also implies that you can have different
sources for the same configuration file using for example environment as a differentiator.

The format of the JSON source file is the same whether it’s stored in the local file or
inside the JSON field in 1Password.

The examples below, assume the following command: 

1PassMapper -in sample-template.json -out config.json -vault CICD -item MySecretCollection

In the source file, you would use tags like in the below. 

sample-template.json
{
    "item1": "[[sql.host]]",
    "item2": "[[sql.user]]",
    "item3": "[[sql.pass]]",
    "item4": "[[host.domain]]",
    "item5": "[[cred.UNKNOWN]]"
}

and the string inside the [[tag]] is a json path to the target value. 
such as that in this JSON, stored in 1Pass. 

The credentials are stored in a field named "json" inside the 1Password
vault "CICD" and the item "MySecretCollection"
json:
{
  "sql": {
    "host": "some.domain",
    "port": "3306",
    "user": "root",
    "pass": "someAwesomePassword"
  },
    "host": {
    "domain": "myCoolDomain.com",
    "port": "443",
    "certKey": "certificate.key",
    "cert": "certificate.pem",
    "certpass": "myKeyPassword"
  }
}

Noting that the path “cred.UNKNOWN” is not found in the source, and the tag will be left as-is, 
in the resulting output “config.json”: 

{
    "item1": "some.domain",
    "item2": "3306",
    "item3": "root",
    "item4": "myCoolDomain.com",
    "item5": "[[cred.UNKNOWN]]"
}

Source code:
https://github.com/emberlabstech/1PassMapper