Any document with security details?

Is there a document that describes the security details of the CLI?

In particular I was curious how the Secret Key was stored. I found that it's stored in plain text in the file ~/.op/config. That doesn't seem super secure.

If I want to erase all traces of the signin with the CLI, is it enough to delete the entire ~/.op folder? Is there a better way? Perhaps a CLI command?

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided


  • Another security related issue is that the Security Key will "leak" into the shell history because it's in the op signin command.

  • cohixcohix

    Team Member

    @pervel No document just yet. We store the Secret Key in a similar way as the other apps, it's just in a more "visible" location. If you delete the config directory and the auth directory in /tmp/, you will have erased the CLI's "existence" on your machine.

    As for the secret key in the shell, this is something we circumvented for the Master Password with secure input and the session token with environment variables. The config directory has permissions for the current user only. It's important to note that there's not much we can do to prevent a superuser or someone who's gained shell access to your machine from getting your config file. This is part of the reason that the Master Password and Secret Key work together to create your master key, since one is useless without the other.

    Hope that helps, please let me know if you have any other questions!

  • @cohix:

    If you delete the config directory and the auth directory in /tmp/, you will have erased the CLI's "existence" on your machine.

    I'm not seeing that auth directory in /tmp/. What is the exact name?

  • cohixcohix

    Team Member

    @pervel That would be /tmp/com.agilebits.op/ (on *NIX machines). It stores encrypted files with your session information.

  • I should have said I'm on Mac. Is it in a different location on a Mac?

  • Thanks, I found it. I do think it would be good with a CLI command to remove a specific named account as well as one to remove all at once.

  • cohixcohix

    Team Member

    That's a great suggestion, something like a --purge flag on op signout perhaps?

  • That could work. Though maybe it's a bit inconsistent using op signout even if you're not actually signed in. So perhaps an entirely new command would be better.

  • cohixcohix

    Team Member

    Alright thanks for the ideas. We'll look into some options.

This discussion has been closed.