1Password

1Password provides an events API to fetch audit logs. Events can be ingested directly via a cloud-to-cloud or CLI adapter.

See 1Password's official API documentation here.

1Password telemetry can be addressed via the 1password platform.

Adapter Deployment

1Password events can be collected directly from the 1Password API, via a cloud-to-cloud Adapter, or via the CLI Adapter. 1Password adapters require the following options:

• token: the API token provisioned through 1password.
• endpoint: the API endpoint to use, depending on your 1password plan, see their documentation below.

You can generate an access token from 1Password at this link.

Cloud-to-Cloud Adapter

LimaCharlie offers a 1Password guided configuration in the web UI. From your 1Password instance, you will need:

• 1Password API Access Token
• Endpoint; one of the following:
  • 1Password.com (Business)
  • 1Password.com (Enterprise)
  • 1Password.ca
  • 1Password.eu

After providing an Installation Key, provide the required values and LimaCharlie will establish a Cloud Adapter for 1Password events:

Deploying via the CLI Adapter

The LimaCharlie CLI Adapter can also be used to ingest Slack events, if you do not wish to create a cloud-to-cloud connector. The following sample configuration can be used to create a Slack CLI Adapter:

1password:
  client_options:
    hostname: 1password-audit
    identity:
      installation_key: <INSTALLATION_KEY>
      oid: <OID>
    platform: 1password
    sensor_seed_key: super-special-seed-key
  token: <1Password API TOKEN>
  endpoint: <API Endpoint>