Secrets broker for agent access to 1Password Connect. Mediates secret retrieval with deny-by-default allowlisting, per-caller auth, and rate limiting. Connect tokens never leave the cluster.
Agent (Mac Mini or K8s pod)
| Bearer token auth, GET /v1/secrets/{name}
v
Secrets Broker (this service)
| internal cluster call
v
1Password Connect (ClusterIP-only)
GET /v1/secrets/{name}— fetch a secret by allowlist name (requires bearer token)GET /healthz— liveness/readiness probe
No list/search/browse endpoints. Agents cannot discover what secrets exist.
| Env Var | Description | Default |
|---|---|---|
LISTEN_ADDR |
Listen address | :8080 |
ALLOWLIST_PATH |
Path to allowlist YAML | /etc/secrets-broker/allowlist.yaml |
CONNECT_URL |
1Password Connect URL | http://onepassword-connect.vault.svc.cluster.local:8080 |
VAULT_<ALIAS>_TOKEN |
Connect token for vault | (required) |
VAULT_<ALIAS>_ID |
Vault UUID | (required) |
TOKENS_DIR |
Directory of bearer token files (filename=caller, content=token) | (optional) |
BROKER_TOKEN_<NAME> |
Bearer token for a caller (env var alternative to TOKENS_DIR) | (optional) |
Send SIGHUP to reload the allowlist without restart.
cmd/secretref-wrapper/ is a standalone CLI for use as an exec SecretRef in OpenClaw. It reads SECRETS_BROKER_URL and SECRETS_BROKER_TOKEN from env, accepts a secret name as arg or JSON on stdin, and prints {"value": "..."} to stdout.
go build ./cmd/broker/
go build ./cmd/secretref-wrapper/
# Docker
docker build -t secrets-broker .