SSH format parameter not recognized in client.secrets.resolve method

[coneillpj]

Scenario & Reproduction Steps

Steps

1. generate ssh key
2. create service account token that can read vault item
3. then run the following with onepassword-sdk==0.1.7 installed

import asyncio
from onepassword import Client

async def main():
  client = await Client.authenticate(
          auth=<service_token>,
          integration_name="test",
          integration_version="v1.0.0",
      )
  
  await client.secrets.resolve('op://<vault>/<item_of_ssh_type>/private key?ssh-format=openssh')

if __name__ == '__main__':
    asyncio.run(main())

# Works fine:
# await client.secrets.resolve('op://<vault>/<item_of_ssh_type>/private key')

Actual Behavior

When specifying the ssh-format parameter, an exception is thrown:

Exception: error resolving secret reference: the secret reference could not be parsed: secret reference has invalid query parameter key

Expected Behavior

According to https://developer.1password.com/docs/cli/secret-reference-syntax/#ssh-format-parameter, I would expect to be able to resolve the secret with the ssh-format paramter

SDK version

0.1.7

Additional information

No response

[AndyTitu]

Hey @coneillpj, this is an expected limitation of the SDK so far, in that we didn't yet get to supporting this. Our docs could be slightly improved here since we state:

[ x ] SSH private keys, public keys, fingerprint and key type (partially supported: supported in resolving secret references, not yet supported in item create/get/update)

Whereas this should actually be:

[ x ] SSH private keys, public keys, fingerprint and key type (partially supported: partially supported in resolving secret references (query parameters not yet supported), not yet supported in item create/get/update)

As a small not, our developer docs portal seems to intentionally not specify anything about the ssh format query params..

For steps going forward, we can improve the consistency of our documentation. However, our team is also working on this feature you are asking about, so this will soon be available.

[coneillpj]

Hey @coneillpj, this is an expected limitation of the SDK so far, in that we didn't yet get to supporting this. Our docs could be slightly improved here since we state:

[ x ] SSH private keys, public keys, fingerprint and key type (partially supported: supported in resolving secret references, not yet supported in item create/get/update)

Whereas this should actually be:

[ x ] SSH private keys, public keys, fingerprint and key type (partially supported: partially supported in resolving secret references (query parameters not yet supported), not yet supported in item create/get/update)

As a small not, our developer docs portal seems to intentionally not specify anything about the ssh format query params..

For steps going forward, we can improve the consistency of our documentation. However, our team is also working on this feature you are asking about, so this will soon be available.

Missed that section of the docs. Thanks for the heads up!