From 70cce735355812bc417e379e2fad04c6af6ee646 Mon Sep 17 00:00:00 2001 From: Adam Pike Date: Wed, 21 Dec 2022 19:23:17 -0330 Subject: [PATCH 01/10] Deprecate current App Platform deployment example Signed-off-by: Adam Pike --- .../digitalocean-app-platform}/.do/deploy.template.yaml | 0 .../digitalocean-app-platform}/Dockerfile | 0 .../digitalocean-app-platform}/README.md | 0 3 files changed, 0 insertions(+), 0 deletions(-) rename {digitalocean-app-platform => deprecated/digitalocean-app-platform}/.do/deploy.template.yaml (100%) rename {digitalocean-app-platform => deprecated/digitalocean-app-platform}/Dockerfile (100%) rename {digitalocean-app-platform => deprecated/digitalocean-app-platform}/README.md (100%) diff --git a/digitalocean-app-platform/.do/deploy.template.yaml b/deprecated/digitalocean-app-platform/.do/deploy.template.yaml similarity index 100% rename from digitalocean-app-platform/.do/deploy.template.yaml rename to deprecated/digitalocean-app-platform/.do/deploy.template.yaml diff --git a/digitalocean-app-platform/Dockerfile b/deprecated/digitalocean-app-platform/Dockerfile similarity index 100% rename from digitalocean-app-platform/Dockerfile rename to deprecated/digitalocean-app-platform/Dockerfile diff --git a/digitalocean-app-platform/README.md b/deprecated/digitalocean-app-platform/README.md similarity index 100% rename from digitalocean-app-platform/README.md rename to deprecated/digitalocean-app-platform/README.md From b9bc1a9a08645d82b924262e1c23a8099f258059 Mon Sep 17 00:00:00 2001 From: Adam Pike Date: Wed, 21 Dec 2022 19:25:42 -0330 Subject: [PATCH 02/10] Introduce DO shell plugin deployment example Signed-off-by: Adam Pike --- beta/do-app-platform-op-cli/README.md | 150 ++++++++++++++++++ .../op-scim-bridge.yaml | 40 +++++ 2 files changed, 190 insertions(+) create mode 100644 beta/do-app-platform-op-cli/README.md create mode 100644 beta/do-app-platform-op-cli/op-scim-bridge.yaml diff --git a/beta/do-app-platform-op-cli/README.md b/beta/do-app-platform-op-cli/README.md new file mode 100644 index 00000000..69f5b695 --- /dev/null +++ b/beta/do-app-platform-op-cli/README.md @@ -0,0 +1,150 @@ +# [Beta] Deploy 1Password SCIM bridge on DigitalOcean App Platform with 1Password CLI + +This deployment example describes how to deploy 1Password SCIM bridge as an app on DigitalOcean's [App Platform](https://docs.digitalocean.com/products/app-platform/) service using [1Password CLI](https://developer.1password.com/docs/cli), [`doctl`](https://docs.digitalocean.com/reference/doctl/), and the DigitalOcean [1Password Shell Plugin](https://developer.1password.com/docs/cli/shell-plugins/). + +The app consists of two [resources](https://docs.digitalocean.com/glossary/resource/): a [service](https://docs.digitalocean.com/glossary/service/) for the SCIM bridge container and an [internal service](https://docs.digitalocean.com/glossary/service/#internal-services) for Redis. + +## In this folder + +- [`README.md`](./README.md): the document that you are reading. πŸ‘‹πŸ˜ƒ +- [`op-scim-bridge.yaml`](./op-scim-bridge.yaml): an App Platform [app spec](https://docs.digitalocean.com/glossary/app-spec/) for 1Password SCIM bridge [templated with secret references](https://developer.1password.com/docs/cli/secrets-template-syntax) to load secrets from your 1Password account. + +## Overview + +Deploying 1Password SCIM bridge on App Platform comes with a few benefits: + +- For standard deployments, App Platform will host your SCIM bridge for a predictable cost of $10 USD/month (at the time of last review). +- You will not need to set up a DNS record. DigitalOcean automatically provides a URL for your SCIM bridge. +- You will deploy 1Password SCIM bridge directly to DigitalOcean from your local terminal. There is no requirement to clone this repository for this deployment. + +## Prerequisites + +- A 1Password account with an active 1Password Business subscription or trial + > **Note** + > + > Try 1Password Business free for 14 days: +- A DigitalOcean account with available quota for two droplets + > **Note** + > + > If you don't have a DigitalOcean account, you can sign up for a free trial with starting credit: +- A Mac or Linux terminal with Bash, Zsh, or Fish + + +## Getting started + +### Step 1: Install 1Password and DigitalOcean tools + +Install the following on your Mac or Linux machine: + +- 1Password 8 for [Mac](https://1password.com/downloads/mac/) or [Linux](https://1password.com/downloads/linux/) +- [1Password CLI 2.9.0](https://app-updates.agilebits.com/product_history/CLI2) or later +- [`doctl`](https://docs.digitalocean.com/reference/doctl/how-to/install/#step-1-install-doctl) + > **Note** + > + > **Only** [Step 1: Install doctl](https://docs.digitalocean.com/reference/doctl/how-to/install/#step-1-install-doctl) in the `doctl` installation guide is required for this step. + +### Step 2: Add your 1Password account and configure the DigitalOcean shell plugin + +If you haven't already done so, add your 1Password account and connect 1Password CLI to your desktop app, then configure the DigitalOcean shell plugin: + +1. [Add your 1Password account](https://support.1password.com/add-account/) to 1Password 8 for Mac or Linux. +2. [Connect 1Password CLI to the 1Password app](https://developer.1password.com/docs/cli/about-biometric-unlock#step-1-connect-1password-cli-with-the-1password-app). +3. [Create a DigitalOcean personal access token](https://docs.digitalocean.com/reference/api/create-personal-access-token/) with both read and write scopes. +4. [Configure the DigitalOcean shell plugin](https://developer.1password.com/docs/cli/shell-plugins/digitalocean#step-1-configure-your-default-credentials). Choose `Import into 1Password…` to save your DigitalOcean personal access token in your 1Password account and authenticate `doctl`. + +Your terminal should now authenticate `doctl` using the access token stored in your 1Password account (you do _not_ need to run `doctl auth init`). You can confirm by [retrieving your account details](https://docs.digitalocean.com/reference/doctl/reference/account/get/): + +```sh +doctl account get +``` + +### Step 3: Generate credentials for automated user provisioning to 1Password + +1. [Sign in](https://start.1password.com) to your account on 1Password.com. +2. [Create a vault](https://support.1password.com/create-share-vaults-teams/#create-a-vault) to store your 1Password SCIM bridge credentials. This guide assumes the vault is named `op-scim` by default, but you can change it to something else if you like. + > **Note** + > + > πŸ‘€ You have to sign in at 1Password.com to set up automated provisioning, but you can create a vault from any 1Password app, including [1Password CLI](https://developer.1password.com/docs/cli/reference/management-commands/vault#vault-create), for example: + > + > ```sh + > op vault create op-scim --description "1Password SCIM bridge credentials" --icon id-card + > ``` + > +3. Click [Integrations](https://start.1password.com/integrations/directory) in the sidebar. +4. Choose your identity provider from the User Provisioning section. +5. Choose Custom deployment. +6. Use the "Save in 1Password" buttons for both the `scimsession` file and bearer token to save them as items in your 1Password account. Save each in the `op-scim` vault (or the chosen name for the vault created above). Use the supplied name for these items (or make a note of their names if you choose your own). + +### Step 4: Configure the `scimession` credentials for passing to App Platform + +The `scimsession` credentials will be saved as an environment variable in App Platform that DigitalOcean automatically encrypts on your behalf. These credentials have to be Base64-encoded to pass them into the environment, but they're saved as a file in your 1Password item. + +Use 1Password CLI to [read the file using its secret reference](https://developer.1password.com/docs/cli/reference/commands/read), encode the credentials, and store them as a new field in the "scimession file" item saved in your 1Password account: + +```sh +op item edit "scimsession file" --vault "op-scim" base64_encoded=$(op read "op://op-scim/scimsession file/scimsession" | base64) +``` + +> **Note** +> +> If you used a different vault or item name for your SCIM bridge credentials, replace `op-scim` and `scimsession file` with the respective name(s) you chose. + +## Deploy 1Password SCIM bridge to App Platform + +Stream the app spec template from this repository, use [`op inject`](https://developer.1password.com/docs/cli/reference/commands/inject) to load in the Base64-encoded `scimesssion` credentials from your 1Password account, then pipe the output into `doctl` to deploy 1Password SCIM bridge: + +For example, with `curl`: + + +```sh +curl -s https://raw.githubusercontent.com/1Password/scim-examples/pike/do-app-platform-refresh/digitalocean-app-platform/op-scim-bridge.yaml | op inject | doctl apps create --spec - --wait +``` + +1Password SCIM bridge deploys with a live URL output to the terminal (found under the `Default Ingress` column). Use this with your bearer token to [connect to 1Password SCIM bridge from your supported identity provider](https://support.1password.com/scim/#step-3-connect-your-identity-provider). + + + +## Appendix + + + +### Supply custom vault and item names + +If you chose your own name for the vault and items where you saved your SCIM bridge credentials, you can override the defaults using the `VAULT` and `ITEM` variables in the template's secret reference with `op inject`: + + +```sh +curl -s https://raw.githubusercontent.com/1Password/scim-examples/pike/do-app-platform-refresh/digitalocean-app-platform/op-scim-bridge.yaml | VAULT="vault name" ITEM="item name" op inject | doctl apps create --spec - --wait +``` + +### Propose the app spec + +Without loading any secrets from your 1Password account, you can optionally propose the raw app spec template to verify the cost before deploying to DigitalOcean: + + +```sh +curl -s https://raw.githubusercontent.com/1Password/scim-examples/pike/do-app-platform-refresh/digitalocean-app-platform/op-scim-bridge.yaml | doctl apps propose --spec - +``` + + + + diff --git a/beta/do-app-platform-op-cli/op-scim-bridge.yaml b/beta/do-app-platform-op-cli/op-scim-bridge.yaml new file mode 100644 index 00000000..2ae5f14a --- /dev/null +++ b/beta/do-app-platform-op-cli/op-scim-bridge.yaml @@ -0,0 +1,40 @@ +name: op-scim-bridge +services: +- envs: + - key: ALLOW_EMPTY_PASSWORD + scope: RUN_AND_BUILD_TIME + value: "yes" + - key: REDIS_ARGS + scope: RUN_AND_BUILD_TIME + value: "--maxmemory 256mb --maxmemory-policy volatile-lru" + image: + registry: bitnami + registry_type: DOCKER_HUB + repository: redis + tag: latest + instance_count: 1 + instance_size_slug: basic-xxs + internal_ports: + - 6379 + name: op-scim-redis +- envs: + - key: OP_REDIS_URL + scope: RUN_AND_BUILD_TIME + value: redis://${op-scim-redis.PRIVATE_DOMAIN}:${op-scim-redis.PRIVATE_PORT} + - key: OP_SESSION + scope: RUN_AND_BUILD_TIME + type: SECRET + value: op://${VAULT:-op-scim}/${ITEM:-"scimsession file"}/base64_encoded + health_check: + http_path: /ping + http_port: 3002 + image: + registry: 1password + registry_type: DOCKER_HUB + repository: scim + tag: v2.7.1 + instance_count: 1 + instance_size_slug: basic-xxs + name: op-scim-bridge + routes: + - path: / \ No newline at end of file From 9250e6e9188a98805305aa4c97b98024b1b19aa3 Mon Sep 17 00:00:00 2001 From: Adam Pike Date: Wed, 21 Dec 2022 19:33:28 -0330 Subject: [PATCH 03/10] Document beta & deprecated examples in /README.md --- README.md | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index bc1150e4..1aead8c8 100644 --- a/README.md +++ b/README.md @@ -18,10 +18,24 @@ The easiest way to deploy the SCIM bridge is with our one-click installations cu Advanced deployment are recommended when you have particular requirements for your environment. They are easily customizable and adaptable to your situation. - [Kubernetes](/kubernetes) - [Docker Compose & Docker Swarm](/docker) -- [AWS EC2 with terraform](/aws-terraform) [deprecated] - [AWS ECS Fargate with Terraform](/aws-ecsfargate-terraform) - [Azure Kubernetes Service](https://support.1password.com/cs/scim-deploy-azure/) +## Beta deployments + +These are beta versions of 1Password SCIM bridge deployments and components. These deployments *should* work, but come with no guarantees, and will change in the future. + +- **NEW** [DigitalOcean App Platform with 1Password CLI](/beta/do-app-platform-op-cli/) +- [Google Workspace settings](/beta/workspace-settings.json) +- [Google Workspace module for Terraform](/beta/aws-terraform-gw/) + +## Deprecated deployments + +These are deprecated 1Password SCIM bridge deployments. At the time of deprecation, these deployments were still fully functional, but may no longer be updated and will eventually be removed: + +- [AWS EC2 with terraform](/deprecated/aws-terraform/) +- [DigitalOcean App Platform](/deprecated/digitalocean-app-platform/) + ## Support If you require additional deployment examples, encounter any issues, or have any questions about your SCIM bridge deployment, do not hesitate to email support+business@agilebits.com and open an issue with us. We are happy to help in any way we can. From 6edd72c51d96660b3a2f3034e973f8f217f236fd Mon Sep 17 00:00:00 2001 From: Adam Pike Date: Wed, 21 Dec 2022 20:13:17 -0330 Subject: [PATCH 04/10] Update GH links --- beta/do-app-platform-op-cli/README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/beta/do-app-platform-op-cli/README.md b/beta/do-app-platform-op-cli/README.md index 69f5b695..c66aae23 100644 --- a/beta/do-app-platform-op-cli/README.md +++ b/beta/do-app-platform-op-cli/README.md @@ -99,7 +99,7 @@ For example, with `curl`: ```sh -curl -s https://raw.githubusercontent.com/1Password/scim-examples/pike/do-app-platform-refresh/digitalocean-app-platform/op-scim-bridge.yaml | op inject | doctl apps create --spec - --wait +curl -s https://raw.githubusercontent.com/1Password/scim-examples/pike/do-app-platform-op-cli/beta/do-app-platform-op-cli/op-scim-bridge.yaml | op inject | doctl apps create --spec - --wait ``` 1Password SCIM bridge deploys with a live URL output to the terminal (found under the `Default Ingress` column). Use this with your bearer token to [connect to 1Password SCIM bridge from your supported identity provider](https://support.1password.com/scim/#step-3-connect-your-identity-provider). @@ -114,7 +114,7 @@ curl -s https://raw.githubusercontent.com/1Password/scim-examples/pike/do-app-pl TODO: Add instructions for updating to latest release UPSERT FTW ```sh -curl -s https://raw.githubusercontent.com/1Password/scim-examples/pike/do-app-platform-refresh/digitalocean-app-platform/op-scim-bridge.yaml | op inject | doctl apps create --spec - --wait --upsert +curl -s https://raw.githubusercontent.com/1Password/scim-examples/pike/do-app-platform-op-cli/beta/do-app-platform-op-cli/op-scim-bridge.yaml | op inject | doctl apps create --spec - --wait --upsert ``` --> @@ -125,7 +125,7 @@ If you chose your own name for the vault and items where you saved your SCIM bri ```sh -curl -s https://raw.githubusercontent.com/1Password/scim-examples/pike/do-app-platform-refresh/digitalocean-app-platform/op-scim-bridge.yaml | VAULT="vault name" ITEM="item name" op inject | doctl apps create --spec - --wait +curl -s https://raw.githubusercontent.com/1Password/scim-examples/pike/do-app-platform-op-cli/beta/do-app-platform-op-cli/op-scim-bridge.yaml | VAULT="vault name" ITEM="item name" op inject | doctl apps create --spec - --wait ``` ### Propose the app spec @@ -134,7 +134,7 @@ Without loading any secrets from your 1Password account, you can optionally prop ```sh -curl -s https://raw.githubusercontent.com/1Password/scim-examples/pike/do-app-platform-refresh/digitalocean-app-platform/op-scim-bridge.yaml | doctl apps propose --spec - +curl -s https://raw.githubusercontent.com/1Password/scim-examples/pike/do-app-platform-op-cli/beta/do-app-platform-op-cli/op-scim-bridge.yaml | doctl apps propose --spec - ``` ```sh -curl -s https://raw.githubusercontent.com/1Password/scim-examples/pike/do-app-platform-op-cli/beta/do-app-platform-op-cli/op-scim-bridge.yaml | op inject | doctl apps create --spec - --wait +curl -s https://raw.githubusercontent.com/1Password/scim-examples/beta/do-app-platform-op-cli/op-scim-bridge.yaml | op inject | doctl apps create --spec - --wait ``` -1Password SCIM bridge deploys with a live URL output to the terminal (found under the `Default Ingress` column). Use this with your bearer token to [connect to 1Password SCIM bridge from your supported identity provider](https://support.1password.com/scim/#step-3-connect-your-identity-provider). +1Password SCIM bridge deploys with a live URL output to the terminal (found under the `Default Ingress` column). Use your bearer token with the URL to test the connection to 1Password. For example: - +```sh +curl --header "Authorization: Bearer $(op read op://${VAULT:-op-scim}/${ITEM:-"bearer token"}/credential)" https://op-scim-bridge-example.ondigitalocean.app/Users +``` + +You can also access your SCIM bridge by visting the URL in your web browser. Sign in with the bearer token saved in your 1Password account. ## Appendix - +### Update 1Password SCIM bridge -### Supply custom vault and item names +The latest version of 1Password SCIM bridge is posted on our [Release Notes](https://app-updates.agilebits.com/product_history/SCIM) website, where you can find details about the latest changes. The most recent version should also be pinned in [`op-scim-bridge.yaml`](./op-scim-bridge.yaml), so you can update using the same command as above with the `--upsert` parameter: -If you chose your own name for the vault and items where you saved your SCIM bridge credentials, you can override the defaults using the `VAULT` and `ITEM` variables in the template's secret reference with `op inject`: - - ```sh -curl -s https://raw.githubusercontent.com/1Password/scim-examples/pike/do-app-platform-op-cli/beta/do-app-platform-op-cli/op-scim-bridge.yaml | VAULT="vault name" ITEM="item name" op inject | doctl apps create --spec - --wait +curl -s https://raw.githubusercontent.com/1Password/scim-examples/beta/do-app-platform-op-cli/op-scim-bridge.yaml | op inject | doctl apps create --spec - --wait --upsert ``` ### Propose the app spec -Without loading any secrets from your 1Password account, you can optionally propose the raw app spec template to verify the cost before deploying to DigitalOcean: +You can optionally propose the raw app spec template to verify the cost before deploying to DigitalOcean: - ```sh -curl -s https://raw.githubusercontent.com/1Password/scim-examples/pike/do-app-platform-op-cli/beta/do-app-platform-op-cli/op-scim-bridge.yaml | doctl apps propose --spec - +curl -s https://raw.githubusercontent.com/1Password/scim-examples/beta/do-app-platform-op-cli/op-scim-bridge.yaml | doctl apps propose --spec - ``` From 88c4f7d0e1dc94de848e9e73e7fc6522c7f0670e Mon Sep 17 00:00:00 2001 From: Adam Pike Date: Fri, 6 Jan 2023 15:12:52 -0330 Subject: [PATCH 06/10] Bump to 2.7.2 Signed-off-by: Adam Pike --- beta/do-app-platform-op-cli/op-scim-bridge.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/beta/do-app-platform-op-cli/op-scim-bridge.yaml b/beta/do-app-platform-op-cli/op-scim-bridge.yaml index 2ae5f14a..d4978884 100644 --- a/beta/do-app-platform-op-cli/op-scim-bridge.yaml +++ b/beta/do-app-platform-op-cli/op-scim-bridge.yaml @@ -32,7 +32,7 @@ services: registry: 1password registry_type: DOCKER_HUB repository: scim - tag: v2.7.1 + tag: v2.7.2 instance_count: 1 instance_size_slug: basic-xxs name: op-scim-bridge From 2e13ee0be47261572c0d350a3fcbc256523edb1a Mon Sep 17 00:00:00 2001 From: Adam Pike Date: Tue, 10 Jan 2023 16:19:13 -0330 Subject: [PATCH 07/10] Update CLI install link Link to developer docs rather than release notes. Signed-off-by: Adam Pike --- beta/do-app-platform-op-cli/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/beta/do-app-platform-op-cli/README.md b/beta/do-app-platform-op-cli/README.md index 21d707bf..f65e6e62 100644 --- a/beta/do-app-platform-op-cli/README.md +++ b/beta/do-app-platform-op-cli/README.md @@ -39,7 +39,7 @@ TODO: Investigate Windows Terminal, Powershell, WSL Install the following on your Mac or Linux machine: - 1Password 8 for [Mac](https://1password.com/downloads/mac/) or [Linux](https://1password.com/downloads/linux/) -- [1Password CLI 2.9.0](https://app-updates.agilebits.com/product_history/CLI2) or later +- [1Password CLI 2.9.0](https://developer.1password.com/docs/cli/get-started/#install) or later - [`doctl`](https://docs.digitalocean.com/reference/doctl/how-to/install/#step-1-install-doctl) > **Note** > From d7fb420c3cfc07cdc9a8672343ef2529f65bfc49 Mon Sep 17 00:00:00 2001 From: Adam Pike Date: Tue, 10 Jan 2023 19:51:29 -0330 Subject: [PATCH 08/10] Trim new lines from `base64` output Signed-off-by: Adam Pike --- beta/do-app-platform-op-cli/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/beta/do-app-platform-op-cli/README.md b/beta/do-app-platform-op-cli/README.md index f65e6e62..c06c01ea 100644 --- a/beta/do-app-platform-op-cli/README.md +++ b/beta/do-app-platform-op-cli/README.md @@ -84,7 +84,7 @@ The `scimsession` credentials will be saved as an environment variable in App Pl Use 1Password CLI to [read the file using its secret reference](https://developer.1password.com/docs/cli/reference/commands/read), encode the credentials, and store them as a new field in the "scimession file" item saved in your 1Password account: ```sh -op item edit "scimsession file" --vault "op-scim" base64_encoded=$(op read "op://op-scim/scimsession file/scimsession" | base64) +op item edit "scimsession file" --vault "op-scim" base64_encoded=$(op read "op://op-scim/scimsession file/scimsession" | base64 | tr -d "\n") ``` > **Note** From 68d9ace62adb2368dea00a5e4fe593748c5e5398 Mon Sep 17 00:00:00 2001 From: Adam Pike Date: Wed, 11 Jan 2023 16:45:57 -0330 Subject: [PATCH 09/10] Improve README Add note regarding TLS certificate management. Signed-off-by: Adam Pike --- beta/do-app-platform-op-cli/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/beta/do-app-platform-op-cli/README.md b/beta/do-app-platform-op-cli/README.md index c06c01ea..bee63c98 100644 --- a/beta/do-app-platform-op-cli/README.md +++ b/beta/do-app-platform-op-cli/README.md @@ -15,6 +15,7 @@ Deploying 1Password SCIM bridge on App Platform comes with a few benefits: - For standard deployments, App Platform will host your SCIM bridge for a predictable cost of $10 USD/month (at the time of last review). - You do not need to manage a DNS record. DigitalOcean automatically provides a unique URL for your SCIM bridge. +- App Platform automatically handles TLS certificate management on your behalf to ensure a secure connection from your identity provider. - You will deploy 1Password SCIM bridge directly to DigitalOcean from your local terminal. There is no requirement to clone this repository for this deployment. ## Prerequisites From 68c4980f982b46c46bc215a42aff226251f18092 Mon Sep 17 00:00:00 2001 From: Adam Pike Date: Wed, 11 Jan 2023 18:14:17 -0330 Subject: [PATCH 10/10] Add to-do list to README Signed-off-by: Adam Pike --- beta/do-app-platform-op-cli/README.md | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/beta/do-app-platform-op-cli/README.md b/beta/do-app-platform-op-cli/README.md index bee63c98..3c92597a 100644 --- a/beta/do-app-platform-op-cli/README.md +++ b/beta/do-app-platform-op-cli/README.md @@ -29,9 +29,6 @@ Deploying 1Password SCIM bridge on App Platform comes with a few benefits: > > If you don't have a DigitalOcean account, you can sign up for a free trial with starting credit: - A Mac or Linux terminal with Bash, Zsh, or Fish - ## Getting started @@ -136,11 +133,10 @@ You can optionally propose the raw app spec template to verify the cost before d curl -s https://raw.githubusercontent.com/1Password/scim-examples/beta/do-app-platform-op-cli/op-scim-bridge.yaml | doctl apps propose --spec - ``` - - - +- [ ] Add instructions for vertically scaling SCIM bridge for large-scale deployments +- [ ] Enable Google Workspace credentials to be automatically injected with deployment +- [ ] Document workaround for deploying from a Windows terminal