CLI delete / update logins

Hey,

I love the CLI so far, do you have future plans for deleting / updating items (not just users).
I was trying to delete and update login items from the op file. Did I missed something?

Would be awesome to hearing from you.

Greetings


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • brentybrenty

    Team Member

    @raggy: Thanks for getting in touch! It's awesome hearing from you, and that you're enjoying the CLI. I'm sorry to say that I can't give away too much at this time, but suffice to say our goal is to make it as powerful as possible, and item management would be a huge win for a lot of us dreaming of using scripts with our 1Password data. Thanks for letting us know where you stand on this topic! ;)

  • rickfillionrickfillion Junior Member

    Team Member

    Eventually I'd like us to have the ability to update items. Right now it's not our focus as creation and reading of items is what people want to do 98% of the time. There's only so many hours in a day, and we need to pick and choose what to work on carefully. I have a very long list of features I'd love to see us add to the app, and it's very valuable to get this kind of feedback to see what others would like as well, so that we can better decide what to tackle.

    Cheers.

    Rick

  • Just chiming in to +1 the deletion capability. Seems like pretty basic missing functionality for what is basically a CRUD app.

    I decided to query for weak passwords (My definition of "weak", in this case meaning ps < 50, assuming "ps" in the json item description refers to password strength, and is a 1 - 100 scale. I couldn't find docs for what all the non-obvious json fields referred to.)

    After dumping my item list to op_item_list.json

    jq -r '.[]|select(.overview.ps < 50)|select(.overview.ps != 0) |.uuid' op_item_list.json | xargs -I {} op get item {} > weak_sauce.json (Seems items that aren't logins default to a ps of 0, hence the additional filter. I'm guessing that uuid template type probably refers to item types and I could filter by whatever corresponds to "login", but this worked well enough.)

    jq '{title: .overview.title, uuid: .uuid, url: .url, username: .details.fields[] | select(.designation == "username")|.value, password: .details.fields[] | select(.designation == "password")|.value } ' weak_sauce.json > fix_me.json

    Gives a nice tidy file of all my weak logins. I noticed many of these were old/inactive accounts which got migrated over from my previous password manager and probably should have been deleted long ago. So, w/o looking further into the documentation I proceeded to add an add'l field "action" to the json file and added "change|delete|ignore" to each entry.

    Figuring I would at least be able to delete the old entries via the cli and then I could update the others manually.

    And that's where that exercise ended, as we can't currently do something like jq -r 'select(.action == "delete").uuid' fix_me.json | xargs -I {} op delete item {}

  • brentybrenty

    Team Member

    I agree: it would be awesome to be able to do all that via the command line. :)

  • cohixcohix

    Team Member

    @trevorwalton Rest assured that ability is coming :)

  • I'm in need of delete. When I switched over from 1pwd in Dropbox to a subscription, I copied all my items into the cloud. When I first started the process, if appeared to hang (likely because of the 1000+ items). I force quit the process and started again. This time I stepped away from the computer. Turns out I created several hundred duplicates. I found your cli and started writing a script to seek and destroy dups, but then realized there wasn't a delete item cmd.

  • rickfillionrickfillion Junior Member

    Team Member

    Sorry to hear about that, @mattdeclaire. Unfortunately the delete function isn't coming soon enough to help you there.

    Do you have 1Password for Mac or another app that could be used to help with this? How many items are we talking about (if you don't count the duplicates)?

    Rick

  • I do have the app installed, and have been manually deleting items. But, it's tedious. I have 1097 unique items and 816 duplicates left.

  • brentybrenty

    Team Member
    edited January 2018

    @mattdeclaire: Ah, okay. While it's easier if you imported the duplicates into different vaults, you can still select more than one item in the app at once, and then delete them all together. It may also be easier to sort them by date/time modified, so you could delete all of the later import at once. I hope this helps. Be sure to let us know if you have any other questions! :)

  • Yeah. Any way I sort, it has originals next to their duplicates. What I need is a sort that produces all the originals at the top, and all the duplicates at the bottom. Using the with multiple items sort helps.

  • brentybrenty

    Team Member

    @mattdeclaire: I'm not sure what you mean by "originals". If you copied the same data to this vault twice, the originals aren't there. They're in the original vault. Why not just delete everything and then copy the data over again only once? It seems like that would be the simplest solution.

  • I suppose I'm considering, amongst my current data, one copy as an "original" and one as a "dup". I should have just nuked and re-copied right off the bat, but I've since been adding items into the cloud... I could probably use cli to save a list of items that don't exist in my old data, nuke the new data, reimport, and then add back my new stuff. But, I get the impression that cli is accessing my cloud data, but not local data (based on the latency). And my old data is in a file saved in Dropbox. Can I use cli to scrap that old file?

  • rickfillionrickfillion Junior Member

    Team Member

    But, I get the impression that cli is accessing my cloud data, but not local data (based on the latency). And my old data is in a file saved in Dropbox.

    Correct. The CLI tool connects directly to our 1Password.com service and doesn't deal at all with local vaults.

    Can I use cli to scrap that old file?

    No, the CLI tool we've built isn't able to read those. We made that decision because there are other command line utilities that can read AgileKeychain and OPVault files already, and they're pretty good. We figured we'd focus on the area that was less serviced.

    If you sort by date modified could you find the new items that weren't in the original set, move those aside (put them in a different/temporary vault), then clear out the vault to re-import?

    Rick

  • rickfillionrickfillion Junior Member

    Team Member
    edited February 2018

    @mattdeclaire,

    We just released version 0.3 of the CLI tool and it includes op delete item which will trash a given item (by title or UUID (recommended)). We felt terrible about your situation and pushed forward that feature in hopes that we could get it to you in time to help you.

    I hope it helps.

    Rick

  • Woo! :showers-with-dollars:

  • rickfillionrickfillion Junior Member

    Team Member

    :)

  • Any timeframe on the ability to update?

  • brentybrenty

    Team Member

    We can't share information on unreleased features, but you can bet something like that will be mentioned prominently in the release notes announcement. ;)

  • edited May 27

    What's up with the update feature? 1 year has passed since the last reply and yet no update.

    I'm trying to integrate 1Password with Terraform through this provider ( https://github.com/anasinnyk/terraform-provider-1password ) and it would make perfect sense to have an update functionality in order to store some metadata ( like URL or whatever ) out of the basic fields provided initially ( username/password ).

    Thank you in advance.

    Related: https://github.com/anasinnyk/terraform-provider-1password/issues/10#issuecomment-496208902

  • graham_1Pgraham_1P

    Team Member

    @JulianXhokaxhiu

    Currently we are working towards moving our cli tool out of beta, and after that we can return to feature work. For now, adding the cli ability to update items is on our roadmap, but we can't promise a timeline. There is a long list of features we want to add to the app, so hearing this feedback is very valuable to help us decide what to tackle next!

  • @graham_1P

    Thank you very much for your reply. I get the point of trying to add features after the product gets out of Beta, although remember that Time-to-Market is important too. And if this tool will not start to provide at least a basic set of them ( I consider the Upsert a basic one because it's what you would expect at least out of this CLI tool ), I will be forced to use competitors tooling, or workarounds that would cost time to migrate to 1P one day. In the end means being not very prone in suggesting this to other colleagues working in the same field for example.

    As i see that this reply is being said since the last two years now, I would expect at least a Timeline of when this feature may come out. With all the respect but I think that at least, as customers, we deserve to know an ETA on this. I can't believe this CLI tool is in Beta for 2 years now.

    Best regards.

  • rickfillionrickfillion Junior Member

    Team Member

    I can't believe this CLI tool is in Beta for 2 years now.

    You and me both!

    I completely agree with what you're saying. You're right, those are very basic features that the tool is still missing.

    I can't share a timeline, because that timeline is likely to be wrong. Had I shared the timeline originally I'd have been horribly wrong cause I'd have guessed a couple months. But there are things that I can say:

    The 1Password command-line tool not getting the updates and features you (and I) want is largely due to the fact that the team that builds this is also responsible for the 1Password SCIM bridge, and that's where the lion's share of the effort has been put as of late. That sucks (for the CLI tool) cause it means less active development there. But that's not quite true. Both are based on the same core code, and we've had to do a ton of improvements to the CLI to support what we've been building in the SCIM bridge. Version 0.6 of the CLI tool will be the first one that can start taking advantage of those improvements. A lot of the improvements are under the hood, but some aren't.

    The way that items are handled in the CLI tool is really not the greatest. We really don't like it. It has quite a few problems, one of which is that it's far too easy to create data that will not work correctly in our other apps. We've been working on code that can help detect errors and help you correct them before the data gets encrypted and sent to our server for sync. Another problem is that the usability of how items are created isn't what we think it should be. We're likely to change how item creation works to make it easier to create items, and I don't want us to have item updating until we have something nice and consistent there.

    I assure you, we ourselves want item updating just as much as anyone else. We're growing the team to be able to do more than one thing at a time, and will hopefully get to start working on this and other features in the not-too-distant future.

    I'm sorry that this is taking longer than it should.

    Rick

  • mickaelmickael
    edited May 28

    @JulianXhokaxhiu I would be curious to know which 1password alternative you have in mind that supports a good CLI?

    I used to use Lastpass and the CLI is not officially supported and now suffers from hundreds of unresolved issues and I personally experienced lost of passwords due to bad sync behavior and random failures while grabbing secrets making our DevOps scripts to fail.

    I tried Bitwarden and even ported their NodeJs CLI to python to improve performance of querying but the system broke when I migrated my secrets library to their platform (time out of all clients due to the amount of data to decrypt). Support wasn't able to resolve the issue. I reached the system limits with around 1200 entries and 100 SSH keys.

    There are more devops related tools but they didn't have the nice looking, easy to use and multi-platform clients of 1Password.

    I am new to 1Password and I don't need currently the basic edit feature but I can't agree more than after 2 years the edit feature is something that should have been released.

    However, I just want to warn you:

    • the migrating process of a password manager is a pain, especially if you need to keep your old secrets ID in the new system
    • the grass isn't always greener on the other side...

    1Password CLI has its drawbacks (performance and lack of edit feature mainly) but beware that competitors may be worse on otherspoints...

  • graham_1Pgraham_1P

    Team Member

    Thanks for the vote of confidence mickael!

    Rick and mickael are right, it is a pain to see op not getting the feature changes promptly. The scim bridge has been getting our focus, but our team has grown and we are all super excited to get op back to where it should be.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file