- Add ExternalSecret manifest to sync firecrawl secrets from 1Password - Configure POSTGRES_PASSWORD and BULL_AUTH_KEY from mk-labs vault - Add comprehensive SECRETS_SETUP.md documentation - Verified ExternalSecrets Operator successfully synced secrets - All 18 deployment manifests validated with dry-run Status: firecrawl-secrets Secret created and populated correctly
60 lines
1.8 KiB
Markdown
60 lines
1.8 KiB
Markdown
# Firecrawl Secrets for 1Password
|
|
|
|
## Action Required: Manual Secret Creation in 1Password
|
|
|
|
The 1Password Connect token is READ-ONLY for security. These secrets must be manually added to 1Password.
|
|
|
|
### Vault Information
|
|
- **Vault Name:** mk-labs
|
|
- **Vault ID:** mnefk7klz35qqvv2eucygh4pzm
|
|
|
|
### Item to Create
|
|
- **Item Name:** firecrawl
|
|
- **Item Type:** Server / API Credential
|
|
|
|
### Fields to Add
|
|
|
|
#### 1. postgres-password
|
|
- **Label:** postgres-password
|
|
- **Type:** Password (concealed)
|
|
- **Value:** `ll1fTJSer8h0Bwq7PBmkTcRbAlFKGzbV`
|
|
- **Purpose:** PostgreSQL database authentication
|
|
|
|
#### 2. bull-auth-key
|
|
- **Label:** bull-auth-key
|
|
- **Type:** Password (concealed)
|
|
- **Value:** `fCHhkTNeplAwI2scqGo0C4cwJGA33FBpmyIVxlbzkodRbFKy5WlroxJeezjYg1UQ`
|
|
- **Purpose:** Redis Bull queue admin UI authentication
|
|
|
|
## Instructions
|
|
|
|
1. Open 1Password desktop app or web interface
|
|
2. Navigate to the "mk-labs" vault
|
|
3. Create a new item:
|
|
- Name: `firecrawl`
|
|
- Type: `Server` or `Password`
|
|
4. Add custom fields:
|
|
- Field 1: Label = `postgres-password`, Value = (32-char password above)
|
|
- Field 2: Label = `bull-auth-key`, Value = (64-char key above)
|
|
5. Save the item
|
|
|
|
## Verification
|
|
|
|
After creating the item in 1Password, verify it's accessible:
|
|
|
|
```bash
|
|
# Port-forward to 1Password Connect (if not already running)
|
|
kubectl port-forward -n onepassword-connect svc/onepassword-connect 8080:8080 &
|
|
|
|
# Test retrieval (read-only access should work)
|
|
curl -s -H "Authorization: Bearer *** kubectl get secret -n onepassword-connect connect-token -o jsonpath='{.data.token}' | base64 -d)" \
|
|
"http://localhost:8080/v1/vaults/mnefk7klz35qqvv2eucygh4pzm/items" | \
|
|
jq -r '.[] | select(.title == "firecrawl") | .title'
|
|
```
|
|
|
|
Expected output: `firecrawl`
|
|
|
|
## Next Steps
|
|
|
|
Once the item is created in 1Password, the ExternalSecret manifest will automatically sync these values to Kubernetes.
|