Tables: 1Password Vault Access API #163
Description
Overview
We need to deploy a Node.js REST API to the HFLA Incubator that automates 1Password vault access management. This API is used by our Google Apps Script onboarding system to automatically grant/revoke vault access when members join or leave projects.
Related Issue: https://github.com/hackforla/tables/issues/137
Application Stack
| Component | Details |
|---|---|
| Runtime | Node.js 18 |
| Framework | Express.js |
| Dependencies | 1Password CLI v2 (must be installed in container) |
| Port | 3000 |
| Health Check | GET /health |
Resource Requirements
| Resource | Value | Notes |
|---|---|---|
| CPU | 256 (0.25 vCPU) | Minimal, mostly I/O bound |
| Memory | 512 MB | Should be sufficient |
| Instances | 1 | No scaling needed |
| Storage | None | Stateless |
Secrets Required
We need to store these secrets in AWS Secrets Manager:
| Secret Name | Description |
|---|---|
API_KEY |
API authentication key |
OP_BOT_PASSWORD |
1Password bot account password |
OP_BOT_SECRET_KEY |
1Password secret key (A3-XXXXX format) |
Questions
1.What's the deployment workflow? Do we need to create a separate repo?
2.Is there a standard pattern for API-only deployments in the Incubator?