- Add ExternalSecret manifest to sync firecrawl secrets from 1Password - Configure POSTGRES_PASSWORD and BULL_AUTH_KEY from mk-labs vault - Add comprehensive SECRETS_SETUP.md documentation - Verified ExternalSecrets Operator successfully synced secrets - All 18 deployment manifests validated with dry-run Status: firecrawl-secrets Secret created and populated correctly
1.8 KiB
1.8 KiB
Firecrawl Secrets for 1Password
Action Required: Manual Secret Creation in 1Password
The 1Password Connect token is READ-ONLY for security. These secrets must be manually added to 1Password.
Vault Information
- Vault Name: mk-labs
- Vault ID: mnefk7klz35qqvv2eucygh4pzm
Item to Create
- Item Name: firecrawl
- Item Type: Server / API Credential
Fields to Add
1. postgres-password
- Label: postgres-password
- Type: Password (concealed)
- Value:
ll1fTJSer8h0Bwq7PBmkTcRbAlFKGzbV - Purpose: PostgreSQL database authentication
2. bull-auth-key
- Label: bull-auth-key
- Type: Password (concealed)
- Value:
fCHhkTNeplAwI2scqGo0C4cwJGA33FBpmyIVxlbzkodRbFKy5WlroxJeezjYg1UQ - Purpose: Redis Bull queue admin UI authentication
Instructions
- Open 1Password desktop app or web interface
- Navigate to the "mk-labs" vault
- Create a new item:
- Name:
firecrawl - Type:
ServerorPassword
- Name:
- Add custom fields:
- Field 1: Label =
postgres-password, Value = (32-char password above) - Field 2: Label =
bull-auth-key, Value = (64-char key above)
- Field 1: Label =
- Save the item
Verification
After creating the item in 1Password, verify it's accessible:
# Port-forward to 1Password Connect (if not already running)
kubectl port-forward -n onepassword-connect svc/onepassword-connect 8080:8080 &
# Test retrieval (read-only access should work)
curl -s -H "Authorization: Bearer *** kubectl get secret -n onepassword-connect connect-token -o jsonpath='{.data.token}' | base64 -d)" \
"http://localhost:8080/v1/vaults/mnefk7klz35qqvv2eucygh4pzm/items" | \
jq -r '.[] | select(.title == "firecrawl") | .title'
Expected output: firecrawl
Next Steps
Once the item is created in 1Password, the ExternalSecret manifest will automatically sync these values to Kubernetes.