A Guide to Using the 1Password Command Line Interface (with examples)
1Password is a popular password management tool that helps you secure and organize your digital life. One of the features it offers is a Command Line Interface (CLI), which allows you to interact with your 1Password account using text commands.
In this article, we will explore various use cases of the op command, the official CLI for 1Password’s desktop app. We will provide code examples for each use case, explain their motivations, and provide detailed explanations for each argument. Additionally, we will include example outputs to demonstrate the results of each command.
Let’s get started!
Signing in to a 1Password Account
To begin using the op command, you need to sign in to your 1Password account. This step is essential to authenticate your identity and authorize access to your account data.
op signin
Motivation: By signing in to your 1Password account, you establish a secure connection between the CLI and your account, allowing you to perform various actions like retrieving item details, creating new items, and managing vaults.
Example output:
Enter your account email address: john@example.com
Enter your secret key: *********
Enter your Master Password: *********
You are now signed in to your 1Password account.
Listing All Vaults
Once signed in, you may have access to multiple vaults within your 1Password account. Listing all available vaults gives you an overview of the different storage compartments where you can store your items.
op vault list
Motivation: By listing all vaults, you can quickly see the names of the different vaults associated with your account. This can be useful when you want to perform operations specific to a certain vault.
Example output:
- Personal Vault
- Work Vault
- Health Vault
Retrieving Item Details in JSON Format
With the op command, you can retrieve detailed information about specific items stored in your 1Password vaults. By requesting the item details in JSON format, you can easily work with the data programmatically or perform further analysis.
op item get item_name --format json
Motivation: Retrieving item details in JSON format allows you to integrate 1Password with other tools and scripts that rely on JSON data. This can be useful when automating processes or extracting specific information for reporting purposes.
Example output:
{
"uuid": "abcd1234",
"title": "Login - ExampleWebsite",
"username": "john@example.com",
"password": "*********",
"url": "https://example.com/login",
"notes": "Additional notes about this login item."
}
Creating a New Item with a Category in the Default Vault
To create a new item within your 1Password account, you can use the op item create command. By specifying a category and the necessary details, you can add items like logins, secure notes, and credit cards.
op item create --category category_name
Motivation: Creating a new item allows you to securely store and organize important information in your 1Password vaults. By categorizing items, you can easily locate and manage them later.
Example output:
Created new item with UUID: abcd1234
Reading a Referenced Secret
1Password allows you to reference secrets from other items, making it easy to reuse and update shared information. The op read command allows you to read the contents of a referenced secret.
op read secret_reference
Motivation: Reading a referenced secret is useful when you need to access the shared value within your command-line environment or script. This can help you streamline operations that require sensitive information without exposing it directly in your code.
Example output:
SGVsbG8gdGhlcmUh
Passing Secret References from Exported Environment Variables to a Command
In certain cases, you may have exported secret references as environment variables. The op run command allows you to pass these references to a command, making it easy to integrate with other tools and processes.
op run -- command
Motivation: Passing secret references from exported environment variables to a command simplifies the management of sensitive data. This approach ensures that the secrets are securely retrieved and utilized without exposing them explicitly in your code or scripts.
Example output:
Command executed successfully.
Passing Secret References from an Environment File to a Command
Alternatively, you can store secret references in an environment file and pass them to a command using the op run --env-file option. This approach is useful when you have multiple secret references or want to keep your secrets separate from your regular environment variables.
op run --env-file path/to/env_file.env -- command
Motivation: Storing secret references in an environment file provides a convenient way to manage and share multiple secrets while keeping them secure. This approach allows you to define and update the necessary environment variables without modifying the actual command or script that consumes them.
Example output:
Command executed successfully.
Reading Secret References from a File and Saving Plaintext Secrets to a File
In some scenarios, you may want to retrieve secret references stored in a file and save their plaintext values to another file. The op inject command enables you to achieve this by reading the secret references from an input file and writing the plaintext secrets to an output file.
op inject --in-file path/to/input_file --out-file path/to/output_file
Motivation: Reading secret references from a file and saving plaintext secrets to another file is useful when you need to work with the secrets in a different context or share them securely with another party. This approach allows you to separate the references from the actual secret values while preserving their integrity.
Example output:
Secrets successfully injected and saved to file: path/to/output_file
Conclusion
The op command provides a powerful and versatile interface for managing your 1Password account via the command line. With its various capabilities and options, it allows you to perform essential operations like signing in, retrieving item details, creating new items, and working with secret references efficiently.
By learning and understanding the different use cases illustrated in this article, you can harness the full potential of the 1Password CLI and leverage its capabilities to enhance your password management and automation workflows.
