Mike Swanson
d95251d880
- Activated 1Password skill for Claude Code (extracted from .skill ZIP) - Resolved Lonestar Electrical MDM issue: ManageEngine was configured as third-party EMM in Google Workspace, causing persistent enrollment prompts on joser's personal phone - Scoped credentials.md migration to 1Password (op:// refs + MSP vaults) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
125 lines
3.6 KiB
Bash
Executable File
125 lines
3.6 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
# store-mcp-credentials.sh — Store MCP server credentials in 1Password
|
|
#
|
|
# ⚠️ RUN THIS IN TERMINAL.APP — NOT IN CLAUDE CODE
|
|
# Claude Code can see everything typed in its terminal.
|
|
# Open Terminal.app separately, then run this script.
|
|
#
|
|
# Usage (Claude will generate a pre-filled version for you):
|
|
# bash store-mcp-credentials.sh \
|
|
# --vault Dev \
|
|
# --item "My MCP Server" \
|
|
# --set "url=https://api.example.com" \
|
|
# --set "log_level=error" \
|
|
# --secret "api_key" \
|
|
# --secret "webhook_secret"
|
|
#
|
|
# Options:
|
|
# --vault 1Password vault name (default: Dev)
|
|
# --item Item title in 1Password
|
|
# --set Non-secret field: key=value (pre-filled, visible)
|
|
# --secret Secret field: prompted with hidden input
|
|
# --update Update existing item instead of creating new
|
|
|
|
set -euo pipefail
|
|
|
|
VAULT="Dev"
|
|
ITEM=""
|
|
UPDATE=false
|
|
declare -a SET_FIELDS=()
|
|
declare -a SECRET_FIELDS=()
|
|
|
|
while [[ $# -gt 0 ]]; do
|
|
case $1 in
|
|
--vault) VAULT="$2"; shift 2 ;;
|
|
--item) ITEM="$2"; shift 2 ;;
|
|
--set) SET_FIELDS+=("$2"); shift 2 ;;
|
|
--secret) SECRET_FIELDS+=("$2"); shift 2 ;;
|
|
--update) UPDATE=true; shift ;;
|
|
*) echo "Unknown option: $1"; exit 1 ;;
|
|
esac
|
|
done
|
|
|
|
if [[ -z "$ITEM" ]]; then
|
|
read -rp "Item title in 1Password: " ITEM
|
|
fi
|
|
|
|
echo ""
|
|
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
|
|
echo " Storing: $ITEM"
|
|
echo " Vault: $VAULT"
|
|
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
|
|
echo ""
|
|
|
|
# Show pre-filled fields
|
|
if [[ ${#SET_FIELDS[@]} -gt 0 ]]; then
|
|
echo "Pre-filled fields:"
|
|
for field in "${SET_FIELDS[@]}"; do
|
|
key="${field%%=*}"
|
|
val="${field#*=}"
|
|
echo " $key = $val"
|
|
done
|
|
echo ""
|
|
fi
|
|
|
|
# Prompt for secret fields
|
|
declare -a SECRET_VALUES=()
|
|
if [[ ${#SECRET_FIELDS[@]} -gt 0 ]]; then
|
|
echo "Enter secret values (input is hidden):"
|
|
for field in "${SECRET_FIELDS[@]}"; do
|
|
read -rsp " $field: " secret_val
|
|
echo ""
|
|
SECRET_VALUES+=("${field}[password]=${secret_val}")
|
|
done
|
|
echo ""
|
|
fi
|
|
|
|
# Build op field args for non-secret fields
|
|
declare -a OP_FIELDS=()
|
|
for field in "${SET_FIELDS[@]}"; do
|
|
key="${field%%=*}"
|
|
val="${field#*=}"
|
|
OP_FIELDS+=("${key}[text]=${val}")
|
|
done
|
|
|
|
# Combine all fields
|
|
ALL_FIELDS=("${OP_FIELDS[@]+"${OP_FIELDS[@]}"}" "${SECRET_VALUES[@]+"${SECRET_VALUES[@]}"}")
|
|
|
|
echo "Saving to 1Password..."
|
|
|
|
if $UPDATE; then
|
|
op item edit "$ITEM" --vault "$VAULT" "${ALL_FIELDS[@]}"
|
|
echo ""
|
|
echo "✅ Updated '$ITEM' in vault '$VAULT'"
|
|
else
|
|
# Try create, fall back to update if already exists
|
|
if op item get "$ITEM" --vault "$VAULT" &>/dev/null 2>&1; then
|
|
echo " Item already exists — updating instead..."
|
|
op item edit "$ITEM" --vault "$VAULT" "${ALL_FIELDS[@]}"
|
|
echo ""
|
|
echo "✅ Updated '$ITEM' in vault '$VAULT'"
|
|
else
|
|
op item create \
|
|
--category API_CREDENTIAL \
|
|
--title "$ITEM" \
|
|
--vault "$VAULT" \
|
|
"${ALL_FIELDS[@]}"
|
|
echo ""
|
|
echo "✅ Created '$ITEM' in vault '$VAULT'"
|
|
fi
|
|
fi
|
|
|
|
echo ""
|
|
echo "Secret references for your config:"
|
|
for field in "${SET_FIELDS[@]}"; do
|
|
key="${field%%=*}"
|
|
echo " op://${VAULT}/${ITEM}/${key}"
|
|
done
|
|
for field in "${SECRET_FIELDS[@]}"; do
|
|
echo " op://${VAULT}/${ITEM}/${field}"
|
|
done
|
|
echo ""
|
|
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
|
|
echo " Done. You can close this terminal."
|
|
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
|