Docker helper to provision AWS token from AWS credentials stored in 1Password Connect.

docker-credentials-1password-helper.clj

#!/usr/bin/env bb
;; 0. run using 1Password CLI "op inject -i docker-credentials-1password -o docker-credentials-1password" to replace 
;; reference to op://Personal/1P token/credential with real 1Password Connect token.
;; http://onepasswordconnect.local/v1/vaults/vault_uuid/items/item_uuid should point to your 1Password Connect, vault and item with AWS credentials.
;; 1. save to /usr/local/bin/docker-credentials-1password;
;; 2. install babashka from http://babashka.org
;; 3. create /etc/docker/config.json
;; { "credsStore": "1password" }
;; 4. install docker-credentials-ecr-login from https://github.com/awslabs/amazon-ecr-credential-helper
;; 5. docker pull xxxxxxxxxxxxx.dkr.ecr.eu-central-1.amazonaws.com/my-great-repo should just work now!

(require '[babashka.curl :as curl])
(require '[cheshire.core :as json])
(require '[clojure.java.shell :refer [sh]])
(def token "op://Personal/1P token/credential")
(def json-output
  (->
   (curl/get
    "http://onepasswordconnect.local/v1/vaults/vault_uuid/items/item_uuid"
    { :headers
     { "Accept" "application/json"
      "Authorization" (format "Bearer %s" token)}})
   :body
   (json/parse-string true)))

(print (let [[username secret] (->> json-output :fields
     (filter #(-> % :id #{"username" "credential"}))
     (mapv :value))]
  (-> (sh  "docker-credential-ecr-login" (apply str *command-line-args*)
           :in *in*
      :env {"AWS_ACCESS_KEY_ID" username
            "AWS_SECRET_ACCESS_KEY" secret
            "PATH" "/usr/bin:/usr/local/sbin" })
      :out)))