1Password command-line tool 0.2: Tim’s new toys

Some of you may know Tim, our Beardless Keeper of Keys and Grounds here at AgileBits. Tim and his team keep everything running smoothly. The servers are serving happily and the networks are flowing gracefully. Tim is also the administrator of our company team on 1Password.com.

Tim can script and automate with the best of them, and from the moment he got a preview of op, the DevOps team began bombarding us with feedback. One of the first things he asked for was the ability to create vaults, so we added that right away. But we knew we could still do more for Tim – after all he was on the nice list this year – so we got him some new toys to play with. If you’re too excited to read more, you can just start playing with op 0.2 now. To find out more, read on.

Vault into the new year

Our first gift to Tim was more control over vault access. He can now use op to add users to vaults, remove users from vaults, and even delete vaults.

So when Dave told Tim about a new project (codenamed Honey Badger), it was easy to set things up.

Dave needed two developers, Chris and Betty, as well as one of our designers, Matt, involved in the project. With the command-line tool, Tim can switch to his terminal and do this right away. After he signs in, he can create the vault needed for the project:

op create vault "Honey Badger"

But this is old news! He’s been creating vaults for months now. What’s new is that he can now give everyone involved access to that vault:

op add "Chris Meek" "Honey Badger"
op add "Betty Da" "Honey Badger"
op add "Matt Davey" "Honey Badger"

Tim can even create a script to take a list of email addresses and add everyone to the vault at once:

#!/bin/bash
# Usage: add-everyone.sh "Honey Badger" < emailaddresses.txt
while read p; do
    op add $p $1
done

After Matt is done designing project Honey Badger, it’s just as simple to remove him from the vault:

op remove "Matt Davey" "Honey Badger"

When everyone is done with the project, Tim can use op delete vault "Honey Badger" and move on to his next gift.

New year, new groups

The next gift we gave Tim was control over group membership. He can now use op to create and delete groups and choose who belongs to them.

When Dave told Tim that Wendy was moving from the support team to the design team, Tim just casually sipped his cocoa. He knew this would be trivial. We already have groups set up for both teams, so he just ran two commands:

op remove "Wendy Appleseed" "Support"
op add "Wendy Appleseed" "Design"

Tim can also create and remove groups with op create group and op delete group if ever he needs to.

Resolve to level up your skills

The holidays may be over, but we have a feeling Tim will be playing with his new toys for many days to come. If you want to level up your own skills, head over to download this latest release and read the full documentation on our support site.

Level up with op 0.2!

Then pop in to the 1Password Support forum to let us know what you think. You’re all on our nice list, and we love hearing from you. Your feedback after the initial public beta was instrumental in shaping this release.

We’re incredibly excited to continue work on this tool, as it gives you access and control over your 1Password data in a way that’s never been possible before.

7 replies
    • Connor Hicks
      Connor Hicks says:

      Jake,

      Thanks for letting us know what you’d like to see in the tool! I’d like to explain why we didn’t add opvault support to the CLI: there are plenty of open source tools to do this already. The opvault spec is widely available and there have been several tools published on GitHub that allow you to work with them. This tool, on the other hand, is focused on giving 1Password membership users full administration and automation power over their accounts. This is very important, especially in a teams scenario where corporations like to automate as much as they can. It’s also due to the fact that the 1Password.com spec is much more complex, as it is much more powerful, so we didn’t think it would be feasible for third parties to implement a CLI based on the API easily.

      I hope you can understand, please let me know if there’s anything else I can answer for you!

  1. Frank
    Frank says:

    You better quote your variables properly and use “–” to signify the end of the options.

    The command should be like:
    op add — “$p” “$1”

    Otherwise input like “foo bar” (w/o quotes) or “-i am evil” (w/o “–“) would cause issues.

    Reply
    • Frank
      Frank says:

      Your blog system seems to convert two dashes (“- -” without space) to a en em dash (“–”). Replace any occurrence of “—” with “- -” (without the space), please.

    • Kate Sebald
      Kate Sebald says:

      Hey Lars! You can have Groups and Vaults with the same name if you’d like. The tool will offer suggestions if you use a name that belongs to both and share the UUIDs for each so you can run the proper command. That said, it would be likely be easier to avoid overlap, if you’re able, but the overlap won’t cause fatal trouble if it’s necessary. 🙂

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *