API to pull 1Password information?

We use 1Password to manage our 50 something Salesforce instances. It is working great, but every few months we have to reset those passwords.

I was wondering if there is 1Password API which we can use to get existing password and and API to then update that password. I am not talking about reseting Salesforce password, that script we already have. We are trying to avoid manually updates of those password in 1Password. This will save lot of time for us.

Any help is appreciated.


1Password Version: 6.8.6
Extension Version: Not Provided
OS Version: Mac
Sync Type: Not Provided
Referrer: forum-search:api


  • BenBen AWS Team

    Team Member

    Hi @mitesh_ev,

    We don’t have a public API, per se, but our command line tool may be of help in this situation:

    1Password command-line tool: Getting started

    Does that help?


  • Thank you Ben. It may. I will pass the information to the team. Thank you for quick turn around.

    Is public API in the roadmap?

  • BenBen AWS Team

    Team Member
    edited May 9


    You’re welcome. :) We haven’t announced any plans for a public API at this point, but we’d certainly appreciate hearing if there are ways in which you’d like to access 1Password programtically that the CLI tool doesn’t allow for.


  • Thank you Ben. I am trying it out but running into a roadbloack. See the error message. Any suggestions?

    Error: -bash: gpg: command not found

  • BenBen AWS Team

    Team Member
    edited May 11


    It appears you do not have GPG installed on this system? It is possible to skip this step if that is the case and you’d rather not install it. The purpose of the step is to verify the authenticity of the downloaded CLI executable. It is for peace of mind, and is not required.


  • I see, I did try $ op command , but that is throwing error message too. The "ls" command shows me the files, but when I run the command, it is giving me error message.

  • As you can tell I am still learning, I tried the command with $ sign but still got the error message:
    -bash: op: command not found

  • BenBen AWS Team

    Team Member
    edited May 11


    Please try this:

    chmod +x op
    ./op --version

    As this discussion now revolves around our CLI tool I’m going to move it over to the CLI category of the forum so that it’ll be more visible to the folks who work more directly with the CLI. :)


  • That worked like a charm. Does that mean I have to use "./op" for rest of the documentation? I will give it shot and thank for moving this to right category. Appreciate your time :)

  • mitesh_evmitesh_ev
    edited May 14

    Making some progress. I am running into authentication issue. See the screenshot, getting timeout error. Then I thought of entering bogus password and it threw 401 error (as expected)

    I can login using same information [screenshot and other sensitive account details removed by AgileBits staff — this is a public forum]

  • Never mind, I had type in the email id. I am good for next 5 mins ;)

  • brentybrenty

    Team Member

    @mitesh_ev: I've removed the screenshot since it contained some sensitive information about your account. it sounds like you were able to sign in successfully, but we're here if you have any other questions! :)

  • thanks Brenty, got too excited! I was able to follow the documentation to get password but my challenge is to automate password reset. I would appreciate if someone can hop on a call to guide us in right direction. This may be good case study for 1Password too, because many companies are struggling with password automation. Happy to be the guinea pig..

  • Hello Brenty, please take a look at attached JSON (removed sensitive information this time :) ) I would like to update"myPassword" value based on username passed to CLI.

    The documentation shows how to grab item based on UUID, but in our case we need to pull an item based on username field (which is unique).

    Also, it does not tell how to update a field (password). Appreciate your help. Thank you.

  • So after some trial and error, I configured jq command to spit out UUID based on username.

    jq '(. as $parent | .details.fields[0] | select(.value="[email protected]") | $parent).uuid'

    Then I thought I could replace "UUID" (s2wgrbj_TEST) with above command, but that is not working. Any pointers?

    ./op get item s2wgrbj_TEST --session=QeOunXGLCGTAo_TEST

  • cohixcohix

    Team Member
    edited May 14

    @mitesh_ev I just now responded to your email, I answered some of your questions there :)

    As for using the jq command to insert the UUID, you can do one of two things:

    Bash interpolation:
    op get item $(jq '(. as $parent | .details.fields[0] | select(.value="[email protected]") | $parent).uuid') [...] (note the $(...))

    Bash script:

    UUID=$(jq '(. as $parent | .details.fields[0] | select(.value="[email protected]") | $parent).uuid')
    op get item $UUID [...]

    Let me know if that helps :)

    ref: HZY-73368-261

  • mitesh_evmitesh_ev
    edited May 14

    Hello Connor,

    Thank you for your email. Making progress.. Shouldn't there be some more command before the bash script example your provided? What I mean is, how does jq know what JSON to parse?

    This is example of my bash script, it is working till "Get Item [hardcoded]" but "Get Item [dynamic]" is not. The CLI waits for input. Entering random text and then throws error message "(ERROR) Missing argument: "

    echo — Get 1Password Session ID —
    export sessionId=$(op signin evariant.1password.com [email protected] A3-XXXXXX-XXXXXX-XXXXX-XXXXX-XXXXX-XXXXX --output=raw)
    echo — 1Password Session ID —
    echo $sessionId
    echo — Get Item [hardcoded] —
    export UUID_test=(s2wgrbjesfgdhcruuvzjob5fza)
    op get item $UUID_test --session=$sessionId
    echo — Get Item [dynamic] —
    export UUID=$(jq '(. as $parent | .details.fields[0] | select(.value="[email protected]") | $parent).uuid')
    echo $UUID 
    op get item $UUID --session=$sessionId
  • Please look at my previous comment. Got one more question, how to pull custom field from a section using CLI? When I run "op list items" command, it is not pulling Token which is custom field. Please see the screenshot

  • Hi Connor,

    Did you get chance to look at my last 2 comments? There are 3 things I need help with
    1. How to get UUID based on username. The script provided does not work
    2. How to pull custom field "Token" from 1Password?
    3. How to update password using CLI?

    And lastly, I am not seeing "Generate Password" command in CLI. In order to update the password, we need to have randomly generate password like we can do on UI.

    My 2 cents, it still baffles me there is no 1Password API and the CLI is half baked solution. Do not mean mean to hurt anyone, take it as constructive criticism.

  • updates.. as 1Password does not have "generate password" command , I am using openssl and pwgen, which seems to be working.

    And I have figured #2 as well. Still need help with #1 and #3 above.. I am happy to show the end-to-end solution , might help in your case studies.

  • And I have figured out #1 too!! I am using below script to find the UUID. I am hoping this will help someone in the future.

    export UUID=$(op list items --session=$sessionId | jq --raw-output '.[] | select(.overview.ainfo=="[email protected]" and (.overview.url | contains("salesforce.com"))).uuid')

    The only thing remaining is updating password back to vault using CLI. Appreciate if someone can provide an example or update the documentation.

  • rickfillionrickfillion Junior Member

    Team Member

    The only thing remaining is updating password back to vault using CLI. Appreciate if someone can provide an example or update the documentation.

    This is not currently possible using the command line tool. It's something we're hoping to make available in a future update.


  • Thank you Rick for the updates. Please let us know once this is made available. We have about 150 orgs and updating them manually every 3-4 months is lot of work.

  • rickfillionrickfillion Junior Member

    Team Member

    We'll make sure to make a splash when we make that work. We have a few bigger ticket items on our todo list before we get to that though. I'm hopeful that we'll get to it before 1.0 though.


  • Sounds great.. is there public facing document on what those "bigger ticket items" are? Is that related to CLI?

  • rickfillionrickfillion Junior Member

    Team Member

    is there public facing document on what those "bigger ticket items" are?

    Well there's this: https://discussions.agilebits.com/discussion/88757/help-shape-the-future-of-the-1password-command-line-tool , which explains that we've been working on the 1Password SCIM bridge lately. The CLI has benefited from it a fair amount, but we're a small team so it's difficult for us to work on a bunch of things at once.

    We don't typically post our roadmap publicly as it can change at any point.


Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file