Introducing 1Password Integration in JDisc Discovery

Dear JDisc users, we’re excited to announce a new customer-requested feature: JDisc Discovery now integrates with 1Password as a secure external password manager.

Password managers are a vital part of modern IT security. They allow organizations to maintain unique, strong credentials for every system without the risk of storing passwords in plain text or relying on shared knowledge among administrators. As infrastructures grow more complex, securely managing credentials becomes essential—especially during automated discovery tasks.

With our new integration, credentials no longer need to be stored inside the JDisc Discovery database. Instead, they remain securely in the password manager’s encrypted vaults, and JDisc retrieves them only when needed through the Connect Server REST API.

This makes your discovery process more secure, easier to maintain, and fully automated.

---

1Password Integration Overview

1Password is a secure and widely adopted password manager that allows organizations to centrally manage and retrieve secrets—such as passwords, certificates, and API tokens.
Using the Connect Server, JDisc Discovery can securely access these secrets during device scans, ensuring credentials are retrieved on demand, directly from your encrypted vaults.

This integration enables:

• No plain text credentials stored in JDisc Discovery

• Automated credential retrieval during device scans

• Scalable and secure secret management for enterprise environments

---

1. Setting Up a 1Password Connect Server

The Connect Server is the API bridge between 1Password vaults and JDisc Discovery.

1.1 Prerequisites

Before creating your Connect Server, ensure you have:

• A valid account

• A dedicated vault for Connect Server access
  (Connect Servers cannot access built-in vaults like Personal, Private, Employee, or the default Shared vault)

• Membership in a group with Secrets Automation permissions

• A deployment environment (Docker or Kubernetes)

---

1.2 Step 1: Create a Secrets Automation Workflow & Access Token

You can create the Connect Server via the 1Password web app or using the CLI.

Steps (Web UI):

1. Sign in at 1Password.com

2. Navigate to Developer → Directory

3. Under Infrastructure Secrets Management, choose Other

4. Click Create a Connect server

5. Follow the setup wizard to:

   • Create a Secrets Automation environment

   • Generate an access token

   • Download the 1password-credentials.json file

You will now have:

• A credentials file required for deployment

• An access token used by JDisc Discovery to authenticate

Important:
Store both securely inside the password manager. You can later view or manage Connect Servers under Developer → Connect servers.

Tip:
Export the access token as an environment variable (e.g., OP_API_TOKEN) when integrating with Kubernetes or other systems.

---

1.3 Step 2: Deploy the 1Password Connect Server

You can deploy the Connect Server using Docker or Kubernetes.

---

1.3.1 Deployment via Docker

Requirements:

• Docker installed

• Docker Compose installed

• Your 1password-credentials.json stored securely

Create a docker-compose.yaml

Place the credentials file and the docker-compose.yaml in the same directory.

The Connect Server requires two containers:

• 1password/connect-api – REST API

• 1password/connect-sync – Syncs secrets from the password manager to the local cache

You can optionally define environment variables such as log level or custom paths.

Manage the deployment

Start:

Stop:

---

1.3.2 Deployment via Kubernetes

Follow the password manager’s Kubernetes deployment guide to:

• Store secrets as Kubernetes Secrets

• Deploy the connect-api and connect-sync pods

• Expose the REST API over HTTPS inside your cluster

Important: Kubernetes best practices strongly recommend storing tokens as Kubernetes Secrets, not environment variables.

---

1.4 Sample Docker Compose Configuration for HTTPS

JDisc Discovery requires HTTPS when communicating with external APIs.
Below is a ready-to-use example enabling TLS on port 8443:

Important Notes

• Create server.crt and server.key manually and store them in a certs directory.

• Ensure Docker can read the certificates (mounted as read-only).

• HTTPS on port 8443 is mandatory for compatibility with JDisc Discovery.

• HTTP port 8080 may be kept temporarily for testing, but cannot be used by JDisc Discovery.

---

2. Configuring the 1Password Integration in JDisc Discovery

Once your Connect Server is running, open JDisc Discovery and navigate to:

Settings → Password Manager

A dialog will list all configured connections.
Click Add and provide:

• Server address (HTTPS URL of your Connect Server)

• Access token from your automation setup

---

3. Selecting Passwords for Device Scans

When the connection is configured, you can select secrets directly during scan configuration.

1. Go to Manage Passwords

2. Click on the password selection link

3. A dialog opens with all available password manager integrations

4. Choose the password manager

5. Browse the vaults and items available to your Connect Server

6. Select the secret to use for this scan profile

During every device scan, JDisc Discovery retrieves the latest credential directly from the password manager—no manual updates required.

---

Conclusion

We hope this new integration makes your infrastructure discovery workflows:

• More secure

• Easier to maintain

• Fully automated

Thank you for your continued feedback and support.
Stay tuned for more enhancements coming soon!

Cheers,
Raphael Nikou