Auto-install 1Password patches on Workstations#48585
Draft
allenhouchins wants to merge 1 commit into
Draft
Conversation
Switch the 1Password patch automation on the Workstations fleet from calendar-event-driven to forced install on both macOS and Windows. Sets install_software: true, removes calendar_events_enabled, and updates the resolution text to match the other IT-managed forced-install policies.
fleet-release
approved these changes
Jul 1, 2026
fleet-release
approved these changes
Jul 1, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Related issue: N/A — dogfood GitOps configuration change
What & why
Changes the 1Password patch automation on the 💻 Workstations fleet from calendar-event-driven remediation to forced install, on both macOS and Windows.
For both
1password/darwinand1password/windowspatch policies init-and-security/:install_software: false→install_software: truecalendar_events_enabled: trueresolutiontext to drop the "scheduled maintenance window / check your calendar" language, matching the wording used by the other IT-managed forced-install policies (Okta Verify, Adobe Acrobat, etc.).When a host now fails either 1Password patch policy, Fleet automatically installs the latest Fleet-maintained 1Password with no end-user calendar interaction. The fleet's
google_calendarintegration is left in place since other policies (e.g. Firefox) still use calendar events.Checklist for submitter
Note: This is a dogfood GitOps config change only — no user-visible product change, no code, no migrations, no new settings.