1Password

Root credential store for all BlumeOps secrets, synced to Kubernetes via External Secrets Operator.

Architecture

1Password Cloud
      |
      v
1Password Connect (namespace: 1password)
      |
      v
External Secrets Operator (namespace: external-secrets)
      |
      v
Native Kubernetes Secrets

Vault

The blumeops vault contains all infrastructure credentials.

Kubernetes Integration

ClusterSecretStore: onepassword-blumeops

Services reference 1Password items via ExternalSecret manifests.

Disaster Recovery Backup

The mise run op-backup task encrypts a .1pux vault export and transfers it to indri for inclusion in borgmatic backups. See run-1password-backup for the step-by-step procedure and restore-1password-backup for disaster recovery.

argocd - Uses secrets for git access
postgresql - Database credentials
run-1password-backup - Periodic backup procedure
restore-1password-backup - Recovery from backup
borgmatic - Backup system

BlumeOps Docs

Explorer

1Password

1Password

Architecture

Vault

Kubernetes Integration

Disaster Recovery Backup

Graph View

Table of Contents

Backlinks

BlumeOps Docs

Explorer

1Password

1Password

Architecture

Vault

Kubernetes Integration

Disaster Recovery Backup

Related

Graph View

Table of Contents

Backlinks