Add support for remote development

[PhoenixmitX]

Summary

Add support for remote development

Use cases

Well support for everyone who codes in a remote environment like

• docker
• wsl
• ssh
• github codespaces
• vscode server
• ...

Proposed solution

The extension need to be loaded on the remote development container and at the client.
The remove container sends throw the client the request to the op cli

for vscode instances running on the browser at the client some other solution may be required.
A solution may be to use the browser extensions instead

Is there a workaround to accomplish this today?

Sadly i don't know a workaround

References & Prior Work

¯\_(ツ)_/¯

[jodyheavener]

Hey @PhoenixmitX! Thanks for the request. This is indeed an interesting feature request. It's a little tricky because the extension relies on the CLI, which (in our case) relies on 1Password Desktop itself to perform biometric authentication. In the future we may support Connect server or Service Accounts which may solve this as well.

[DanielHabenicht]

I would love this feature! Currently testing different Password managers and this would definitely be sensational.
The idea with just proxying any requests to the local instance seems reasonable and should be straightforward to implement.

[clayton-bridge]

I would also love to see this feature! Thanks for your hard work, @jodyheavener!

[alexandergoya]

+1 for this feature. Thank you

[andrewhharmon]

I'd like to add that service accounts aren't ideal bc you now have long lived credentials on developer machines. Ideally a developer can connect to 1Password from inside a container but auth via the desktop app on the host. Such as biometrics.

[DavidS-ovm]

It's a little tricky because the extension relies on the CLI, which (in our case) relies on 1Password Desktop itself to perform biometric authentication. In the future we may support Connect server or Service Accounts which may solve this as well.

It would be really nice to have access/proxy through the 1Password-BrowserSupport.sock into the remote container to allow running op without any workarounds but linked to the host's biometrics.

On Linux I can easily add a mount to pull it in, but that does not work for my colleagues on other operating systems.

[SimonRelu]

It would be really nice to have access/proxy through the 1Password-BrowserSupport.sock into the remote container to allow running op without any workarounds but linked to the host's biometrics.

On Linux I can easily add a mount to pull it in, but that does not work for my colleagues on other operating systems.

@DavidS-ovm That's interesting. We have a similar worklfow where we often work on a remote docker container. I was wondering how you acchieved this access/proxy. Did you use a reverse ssh tunnel?

[DavidS-ovm]

It would be really nice to have access/proxy through the 1Password-BrowserSupport.sock into the remote container to allow running op without any workarounds but linked to the host's biometrics.

On Linux I can easily add a mount to pull it in, but that does not work for my colleagues on other operating systems.

@DavidS-ovm That's interesting. We have a similar worklfow where we often work on a remote docker container. I was wondering how you acchieved this access/proxy. Did you use a reverse ssh tunnel?

No, I'm now using a service account token inside the container that I inject through op run code at startup time, which is protected by the actual user's identity. It's not great, but it works for now.

[TekExplorer]

It would be great to have requests provided through ex vscode tunnels.

Currently running windows machines, so my options are ultimately limited.

It kinda sucks to have to TeamViewer into my desktop to allow my code to be committed...

[alexanderilyin]

It partially works if you force to run extension on host ("ui"):

{
	"customizations": {
		"vscode": {
			"settings": {
				"remote.extensionKind": {
					"1Password.op-vscode": [
					  "ui"
					]
				  }
			},
			"extensions": [
				"1Password.op-vscode"
			]
		}
	}
}

Make sure that op is working in Terminal: Create New Integrated Terminal (Local), you may have to restart VS Code if op was recently installed and PATH was updated.

Sad part is that 1Password: Preview with secrets does not work for current version of CLU (I'm on 2.29.0)

Error executing CLI command: Inject is not supported on Windows for version >=2.6.2 of the CLI.

Maybe it will work if op is downgraded but I'm not going to go that route. Other solution is to have a launched for VS code which will inject env var and then you can access them in VS Code (and in devcontainer.json) to configure Terraform and such, but it's sketchy.

P. S. This works (in Terminal: Create New Integrated Terminal (Local)) so problem is somewhere in extension code.

echo 'op://Private/GITHUB_TOKEN/FINE_GRAINED' | op inject

[alexanderilyin]

Create .env file:

TF_VAR_github_token = op://VAULT_NAME/GITHUB_TOKEN/FINE_GRAINED

Create launcher of your choice, for example with PowerShell:

# Define the path to your .env file
$envFilePath = "./.env"

# Define the command to execute
$command = "op run --env-file='$envFilePath' -- code ."

# Execute the command
Invoke-Expression $command

Update devcontainer.json to proxy TF_VAR_github_token to container:

{
  "remoteEnv": {
    "TF_VAR_github_token": "${localEnv:TF_VAR_github_token}"
  }
}

Run PowerShell as Administrator and execute this:

Set-ExecutionPolicy RemoteSigned

Start VS Code:

.\op.ps1

Wipe tears of joy:

printenv TF_VAR_github_token
github_pat_...