Announcing the 1Password command-line tool public beta

Announcing the 1Password command-line tool public beta

Connor Hicks by Connor Hicks on

Here at AgileBits, we’ve been working hard over the last few months to bring power users, developers, and administrators more powerful ways to interact with 1Password. We’re proud to announce that we have something that fits the bill. It’s called the 1Password command-line tool, and we can’t wait to see what you build with it. Let me take this opportunity to walk you through the exciting potential.

Introducing op

The 1Password command-line tool makes your 1Password account accessible entirely from the command line.

Password apps are available on just about every platform, but they’ve always had the same dependency: a graphical interface. Now all of 1Password is available with just two characters: op.

The 1Password command-line tool makes your 1Password account accessible entirely from the command line. A simple op signin will securely authenticate you with the 1Password service and give you access to a wide range of capabilities:

Getting usernames and passwords from items:

$ op get item OpenProxy | jq '.details.fields[] | select(.designation=="password").value'

"genuine-adopt-pencil-coaster"

Creating new items and vaults:

$ op create item login $(cat aws.json | op encode) --title="AWS"

{"uuid":"5hinhvejl7wtmbeorfts7ho3di","vaultUuid":"i5imjpvdivbsxo56m2ap2n66gy"}
$ op create vault devops

{"uuid":"ny5khay7t3lmhrp4pjsxl4w34q"}

Working with documents:

$ op create document ./devops.pdf --vault=devops --tags=architecture

{"uuid":"i3rsiwjfh7aryvbu5odr4uleki","vaultUuid":"ny5khay7t3lmhrp4pjsxl4w34q"}

If you’re a team administrator, you can also manage other users and shared vaults — all without leaving your terminal:

op suspend john@acmecorp.com

One of the most frequent requests we receive from 1Password Teams customers is the ability to export the Activity Log. With the Pro plan, op list events makes it easy to ingest activity data into the application of your choosing. Be it Splunk, Kibana, Papertrail, or your own tool, op outputs JSON, so it’s simple to work with.

But we didn’t just build the tool to solve specific requests. It’s flexible enough to handle use cases we haven’t even thought of. The possibilities are endless, and we know you’ll come up with something amazing.

CLI command blocks

🎶 Rock, robot rock (solid) 🎶

The command structure is similar to tools you already use, providing easy integration with your workflow. Now automated systems can have access to secure credentials without ever storing them in plaintext. Here at AgileBits, for example, we’ve been using op for the last few months as part of our automated build systems. It’s been super useful for fetching secure keys and tokens required for building and deploying 1Password. After a secure op signin, we have a script that fetches the appropriate signing key from a shared vault and automatically signs new builds.

The tool was written from the ground up with the battle-tested Go programming language, the very same we used to build the 1Password service itself. As with every 1Password client, all encryption and decryption is done on your machine locally, ensuring the highest level of security best practices you’ve come to expect from the entire family of 1Password apps.

Get yo’ *NIX on

Our dreams of late have been filled with penguins. Two weeks ago we shared a treat with Linux users, and this week it becomes a feast. You might have already tried 1Password for Linux and Chrome OS, but we know what really makes developers salivate: a CLI. You can download op for macOS, Linux, FreeBSD, OpenBSD, and NetBSD on i386, ARM, and AMD64 architectures. Oh, and our Windows friends can play too!

Cool users

What’s next?

If you’re as excited as we are about this, here’s everything you need to get started:

We highly value the thoughts of people using the beta in the real world, so we can continue improving the tool for you. As we work toward a stable release and eventually open source, please bear in mind that there may be breaking changes down the line, but we’re more than happy to work with you to resolve any issues. We look forward to working together to create some truly useful and powerful tools, and we can’t do it without you.

Now let’s get ready to 🎶 pipe it, grep it, cat it, sed it 🎶

Technical Lead, Provisioning

Connor Hicks - Technical Lead, Provisioning Connor Hicks - Technical Lead, Provisioning

Tweet about this post