op - Linux
Overview
The op
command in Linux is used for securely accessing and managing credentials within the 1Password CLI. It allows users to interact programmatically with their 1Password vaults, enabling automated script usage and other CLI-based workflow integrations like fetching secrets for development, managing server configurations, or scripting.
Syntax
The basic syntax of the op
command is:
op [global-options] <command> [command-options] [arguments]
Here are a few variants to consider:
- Login:
op signin [subdomain] [email] [secret-key] --raw
- Get item:
op get item [uuid|name]
- Create item:
op create item [type] [json] [vault-uuid]
Global Options
--verbose, -v
: Increases the verbosity of the command.--format json
: Outputs the result in JSON format.
Options/Flags
--session
: Temporarily stores a session token to authenticate commands without re-entering login details.-v, --verbose
: Provides detailed output for debugging.--format
: Specify output format (like JSON, CSV).--raw
: Outputs only the required data without additional text, useful for scripting.
Command-Specific Flags
-
signin
--shorthand
: Store the session under a shorthand name for simplified future references.
-
get
--fields
: Target specific fields within an item.
Examples
-
Logging in and setting session variable:
export OP_SESSION_my=<$(op signin my.1password.com myemail@example.com my-secret-key --raw)>
-
Fetching an item:
op get item "AWS Credentials" --session=$OP_SESSION_my
-
Creating a new secure note:
op create item SecureNote '{ "title": "API Keys", "notesPlain": "Keys related to project." }' --session=$OP_SESSION_my
Common Issues
- Session Expiration: Sessions can expire. Always check your session status with
op signin
. - Permission Errors: Ensure you have the appropriate permissions to access or alter items within 1Password.
Integration
Combine op
with shell scripts to securely manage secrets in automated environments.
Example bash script to use op
in your deployment scripts:
#!/bin/bash
session=$(op signin my.1password.com myemail@example.com my-secret-key --raw)
aws_key=$(op get item "AWS Key" --session=$session --fields password)
export AWS_ACCESS_KEY_ID=$aws_key
# Use AWS_ACCESS_KEY_ID in deployment script
Related Commands
security
: Another tool for managing credentials on MacOS.kubectl
for Kubernetes can integrate with secrets managed byop
.
For more information, visit the official 1Password CLI documentation.