op - Linux

Overview

The op command in Linux is used for securely accessing and managing credentials within the 1Password CLI. It allows users to interact programmatically with their 1Password vaults, enabling automated script usage and other CLI-based workflow integrations like fetching secrets for development, managing server configurations, or scripting.

Syntax

The basic syntax of the op command is:

op [global-options] <command> [command-options] [arguments]

Here are a few variants to consider:

  • Login: op signin [subdomain] [email] [secret-key] --raw
  • Get item: op get item [uuid|name]
  • Create item: op create item [type] [json] [vault-uuid]

Global Options

  • --verbose, -v: Increases the verbosity of the command.
  • --format json: Outputs the result in JSON format.

Options/Flags

  • --session: Temporarily stores a session token to authenticate commands without re-entering login details.
  • -v, --verbose: Provides detailed output for debugging.
  • --format: Specify output format (like JSON, CSV).
  • --raw: Outputs only the required data without additional text, useful for scripting.

Command-Specific Flags

  • signin

    • --shorthand: Store the session under a shorthand name for simplified future references.

  • get

    • --fields: Target specific fields within an item.

Examples

  1. Logging in and setting session variable:

    export OP_SESSION_my=<$(op signin my.1password.com myemail@example.com my-secret-key --raw)>

  2. Fetching an item:

    op get item "AWS Credentials" --session=$OP_SESSION_my

  3. Creating a new secure note:

    op create item SecureNote '{ "title": "API Keys", "notesPlain": "Keys related to project." }' --session=$OP_SESSION_my

Common Issues

  • Session Expiration: Sessions can expire. Always check your session status with op signin.
  • Permission Errors: Ensure you have the appropriate permissions to access or alter items within 1Password.

Integration

Combine op with shell scripts to securely manage secrets in automated environments.

Example bash script to use op in your deployment scripts:

#!/bin/bash

session=$(op signin my.1password.com myemail@example.com my-secret-key --raw)
aws_key=$(op get item "AWS Key" --session=$session --fields password)

export AWS_ACCESS_KEY_ID=$aws_key
# Use AWS_ACCESS_KEY_ID in deployment script
  • security: Another tool for managing credentials on MacOS.
  • kubectl for Kubernetes can integrate with secrets managed by op.

For more information, visit the official 1Password CLI documentation.