CLI on Linux signin secret visible

I am trying to use op utility on Linux, but what bothers me from the start is that when I try to sign in, the characters of the secret I enter are visible on the terminal. This doesn't look secure to me. Is there a way to hide them or do I miss something in the CLI concept?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • felix_1pfelix_1p

    Team Member

    I assume you mean that the Secret Key is visible? Because the Master Password shouldn't be (and isn't for me). If it is then op doesn't work properly on your system for some reason and we would need more information to find out what's going on.

    As for the Secret Key: You usually type it only once the first time you log into an account. It's then stored in op's configuration file. Because it is long, random and infrequently used, making it visible seems to be better from a UX perspective.

  • It is the secret key, yes. The password indeed is not visible. But it bothers me that its name contains "secret" and in the profile it is treated as a secret - it requires an extra step to become completely visible and on the terminal it is displayed completely and it can be read from the terminal or the session history. I would kindly suggest for the future version of op to hide it when entered and show it only an extra flag is used, something like --showsecret

  • felix_1pfelix_1p

    Team Member

    I'll pass this along to the team, thank you!

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file