1Password Configuration
A Log Shipper Designed for 1Password Events
Install Integration
Set up an Events Reporting integration
To get started, sign in to your 1Password account, click Integrations in the sidebar, and choose Elastic.
Then follow these steps to add an the integration to your 1Password account and create a bearer JSON web token:
- Enter a name for the integration, then click Add Integration.
- Enter a name for the bearer token and choose when it will expire. Select the event types the token has access to, then click Issue Token.
- Click Save in 1Password and choose which vault to save your token to. Then click View Integration Details.
- You can now use your bearer token to authenticate the 1Password Events API Beat with Elasticsearch.
You can issue or revoke bearer tokens at any time.
Install 1Password Events API Beat
Download and install the 1Password Events API Elastic Beat from the 1Password GitHub repository (opens in a new tab).
The 1Password Events API Beat returns information from 1Password through requests to the Events API and sends that data securely to your Logit.io Stack via Logstash.
Configure 1Password Events API Beat
In the directory you installed the Beat rename the eventsapibeat-sample.yml
configuration file to eventsapibeat.yaml
.
Below is an example of the configuration file. If you are logged into your Logit.io account this configuration file
is pre-configured to send data to your Logit.io Stack via Logstash and is set up to monitor three different types
of events from 1Password:
signin attempts
, item usages
, and audit events
.
Add your 1Password bearer token to the auth_token fields for each event type you want to monitor and
update the starting_cursor
limit and date / time as appropriate.
###################### Logit.io eventsapibeat Configuration ########################
# ============================== eventsapibeat inputs ==============================
eventsapibeat:
insecure_skip_verify: false
signin_attempts:
enabled: true
auth_token: "<YOUR_BEARER_TOKEN>"
sample_frequency: "10s"
cursor_state_file: "signinattempts.eventsapibeatstate"
starting_cursor: >
{ "limit": 1000, "start_time": "2024-10-30T00:00:00Z" }
item_usages:
enabled: true
auth_token: "<YOUR_BEARER_TOKEN>"
sample_frequency: "10s"
cursor_state_file: "itemusages.eventsapibeatstate"
starting_cursor: >
{ "limit": 1000, "start_time": "2024-10-30T00:00:00Z" }
audit_events:
enabled: true
auth_token: "<YOUR_BEARER_TOKEN>"
sample_frequency: "10s"
cursor_state_file: "auditevents.eventsapibeatstate"
starting_cursor: >
{ "limit": 1000, "start_time": "2024-10-30T00:00:00Z" }
# ================================== Outputs ===================================
# ------------------------------ Logstash Output -------------------------------
output.logstash:
hosts: ["@logstash.host:@logstash.sslPort"]
loadbalance: true
ssl.enabled: true
Run 1Password Events API Beat
Run the following command in the directory where you installed the 1Password Events API Beat to start the Beat and begin monitoring events from your 1Password account:
./eventsapibeat -c eventsapibeat.yml -e
You can now monitor events from your 1Password account in your Logit.io Stack. The returned data will follow the Elastic Common Schema specifications.
Launch Logs to View Data
Launch LogsHow to diagnose no data in your stack
If you don't see data appearing in your stack after following this integration, take a look at the troubleshooting guide for steps to diagnose and resolve the problem or contact our support team and we'll be happy to assist.