Files
homelab/cluster/applications/firecrawl/SECRETS_SETUP.md
Hermes Agent service account 6bdb536848 firecrawl: Day 4 - Add ExternalSecret for 1Password integration
- Add ExternalSecret manifest to sync firecrawl secrets from 1Password
- Configure POSTGRES_PASSWORD and BULL_AUTH_KEY from mk-labs vault
- Add comprehensive SECRETS_SETUP.md documentation
- Verified ExternalSecrets Operator successfully synced secrets
- All 18 deployment manifests validated with dry-run

Status: firecrawl-secrets Secret created and populated correctly
2026-06-06 18:11:59 -05:00

1.8 KiB

Firecrawl Secrets for 1Password

Action Required: Manual Secret Creation in 1Password

The 1Password Connect token is READ-ONLY for security. These secrets must be manually added to 1Password.

Vault Information

  • Vault Name: mk-labs
  • Vault ID: mnefk7klz35qqvv2eucygh4pzm

Item to Create

  • Item Name: firecrawl
  • Item Type: Server / API Credential

Fields to Add

1. postgres-password

  • Label: postgres-password
  • Type: Password (concealed)
  • Value: ll1fTJSer8h0Bwq7PBmkTcRbAlFKGzbV
  • Purpose: PostgreSQL database authentication

2. bull-auth-key

  • Label: bull-auth-key
  • Type: Password (concealed)
  • Value: fCHhkTNeplAwI2scqGo0C4cwJGA33FBpmyIVxlbzkodRbFKy5WlroxJeezjYg1UQ
  • Purpose: Redis Bull queue admin UI authentication

Instructions

  1. Open 1Password desktop app or web interface
  2. Navigate to the "mk-labs" vault
  3. Create a new item:
    • Name: firecrawl
    • Type: Server or Password
  4. Add custom fields:
    • Field 1: Label = postgres-password, Value = (32-char password above)
    • Field 2: Label = bull-auth-key, Value = (64-char key above)
  5. Save the item

Verification

After creating the item in 1Password, verify it's accessible:

# Port-forward to 1Password Connect (if not already running)
kubectl port-forward -n onepassword-connect svc/onepassword-connect 8080:8080 &

# Test retrieval (read-only access should work)
curl -s -H "Authorization: Bearer *** kubectl get secret -n onepassword-connect connect-token -o jsonpath='{.data.token}' | base64 -d)" \
  "http://localhost:8080/v1/vaults/mnefk7klz35qqvv2eucygh4pzm/items" | \
  jq -r '.[] | select(.title == "firecrawl") | .title'

Expected output: firecrawl

Next Steps

Once the item is created in 1Password, the ExternalSecret manifest will automatically sync these values to Kubernetes.