< Return to Blog

Publishing the 1Password Connect Rust SDK

Couple weeks back I noticed an email update from 1Password announcing their "Connect" API, which now allows anyone to programmatically use their vaults as a credential store for secrets.
Over the years I've been playing with quite a few pieces of tech from Hashicorp and one of the things I've setup in my homelab is a HA Vault and Consul cluster and a "demo" application target that rotates TLS certs every 3 minutes (just to prove a point), for mTLS PKI certificate management which was inspired by a video series on YouTube.
While it was fun and I learned a lot in getting this working, like any distributed system, at scale, there are so many moving parts that invariably one would have to rely on a HA cluster provisioned across at least 2x Cloud providers to have any reasonable resiliency. One such example would be to run a HA Consul (and separately an HA Vault) cluster within AWS and setup a peering connection with Azure or GCP and have a few extra hosts running there as well. Of course, for a smaller client (company) just spreading hosts across AWS AZ's would suffice.  However, you're looking at minimum 5x hosts for a HA Vault cluster and if you refer to the production hardening guidelines there are quite a few more steps involved.
TL;DR Vault is "unique" in the sense it can help with TLS certificate management (apart from other features), it can also be used to store and rotate API keys - which is its most simplest use-case. However, you can see that maintaining a production system is quite costly in terms of "man hours" of maintenance work, along with upgrades etc.

1Password Connect, a SaaS option

The Connect API from 1Password, however, now allows anyone to store/rotate API keys (and other basic secrets) using their API, without the need to manage such an infrastructure.  Since I've been looking to author and maintain a dependency in Rust as a side project, this was something that I could quickly create and use it to further showcase my experience in Rust, and I've done exactly that by publishing it to crates.io.
Due to work constraints, I have not had time to flesh out some remaining endpoints of the public Connect API, but the essential endpoints are there and this is something anyone can contribute to, and extend upon as an OSS effort.
I would also like to thank Dave and the 1Password team for providing a "free" account to run tests via Github CI.