# Firecrawl Secrets for 1Password ## Action Required: Manual Secret Creation in 1Password The 1Password Connect token is READ-ONLY for security. These secrets must be manually added to 1Password. ### Vault Information - **Vault Name:** mk-labs - **Vault ID:** mnefk7klz35qqvv2eucygh4pzm ### Item to Create - **Item Name:** firecrawl - **Item Type:** Server / API Credential ### Fields to Add #### 1. postgres-password - **Label:** postgres-password - **Type:** Password (concealed) - **Value:** `ll1fTJSer8h0Bwq7PBmkTcRbAlFKGzbV` - **Purpose:** PostgreSQL database authentication #### 2. bull-auth-key - **Label:** bull-auth-key - **Type:** Password (concealed) - **Value:** `fCHhkTNeplAwI2scqGo0C4cwJGA33FBpmyIVxlbzkodRbFKy5WlroxJeezjYg1UQ` - **Purpose:** Redis Bull queue admin UI authentication ## Instructions 1. Open 1Password desktop app or web interface 2. Navigate to the "mk-labs" vault 3. Create a new item: - Name: `firecrawl` - Type: `Server` or `Password` 4. Add custom fields: - Field 1: Label = `postgres-password`, Value = (32-char password above) - Field 2: Label = `bull-auth-key`, Value = (64-char key above) 5. Save the item ## Verification After creating the item in 1Password, verify it's accessible: ```bash # Port-forward to 1Password Connect (if not already running) kubectl port-forward -n onepassword-connect svc/onepassword-connect 8080:8080 & # Test retrieval (read-only access should work) curl -s -H "Authorization: Bearer *** kubectl get secret -n onepassword-connect connect-token -o jsonpath='{.data.token}' | base64 -d)" \ "http://localhost:8080/v1/vaults/mnefk7klz35qqvv2eucygh4pzm/items" | \ jq -r '.[] | select(.title == "firecrawl") | .title' ``` Expected output: `firecrawl` ## Next Steps Once the item is created in 1Password, the ExternalSecret manifest will automatically sync these values to Kubernetes.