what is ~/.op/config and how onepassword cli is going to use those details?

Just now I got to know about ~/.op/config file where user credentials are stored including shorthand.
1) What is the use of this file and how op cli is going to use?
2) If the user wants to use those details, what is the appropriate workflow?

Please attach links where I can go through along with your response.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • cohixcohix

    Team Member

    The config file essentially saves the information that the CLI needs to connect to your account, minus your master password. The CLI will use it automatically, there's no interaction needed on your part. The shorthand is generated the first time you use the CLI and is edited automatically as you use the tool.

    If you want to use the accounts in the config file, simply reference them by their shorthand: op signin [shorthand], and you will be prompted for your master password.

    There is also a latest_signin in the config file, which means that the account you signed into most recently can be used without specifying a shorthand: op signin.

    Please let me know if you have any further questions!

  • Hey If I want to disable that saving details into the file. Can I do it? I don't want to store the details in that file.

  • cohixcohix

    Team Member

    @sandeepmachiraju currently there is no way to disable use of the file. What is your use-case for having no file?

  • I am using CLI in automation. I really don't require the file to be there. Because everything will be provided runtime. I will be using the same syntax which expects every credential of op signin all the time.

    Anyways I can delete the file right? Will it be created every time?

  • cohixcohix

    Team Member

    You can indeed delete the file.

  • Is there any update on this? Do we have any standard workflow to delete the op folder? As it is storing secret keys and other information which is secure information, I would like op cli not to store it.

    Can we file a feature request? If you think it is a valid request.

  • ag_anaag_ana

    Team Member

    @sandeepmachiraju:

    We don't have an update on this, sorry. But as cohix said, you can certainly delete the file every time already if you prefer.

  • felix_1pfelix_1p

    Team Member

    There is actually one thing you could do @sandeepmachiraju : we have added the --forget flag to op signout and the op forget command (for logged out accounts). Either of these will remove the account information from the config file (but won't remove the file itself). So adding op signout --forget to the end of your script might suffice for your use case?

  • @felix_1p thanks for the response. I appreciate. That solves the problem.

    For security reasons, I don't want to store even the secret key in the file (that too as a plain text). But op signout with forget tag resolves my problem.

    Thank you.

  • felix_1pfelix_1p

    Team Member

    @sandeepmachiraju You are very welcome!

  • One more question, I am doing the following steps. In this case, op signout is not working:

    1) op signin --raw
    I am getting displayed with the session token.
    2) I am using that token in-memory in my program. (Note: I am not setting the session token as an env variable. Because I don't need it)
    3) op signout --forget (This command is not working)

    Note: I found that op signout works only if I set the session token as an env variable.

    I don't know what it was implemented like that. Why can't op signout takes the token as --token and do the logout. Let me know your thoughts.

  • felix_1pfelix_1p

    Team Member

    @sandeepmachiraju Every op command accepts the session token via the --session flag. That should work for op signout as well.

    I am using that token in-memory in my program.

    May I ask how you are doing that if you are not using the --session flag? Or am I misunderstanding something here?

  • Yes, I am using --session flag. Except for op signout and op signin every other command is accepting --session as a flag.

    I am doing the following steps in my program:
    1. op signin --raw (by providing all credential flags)
    * This prints out the session key as output, I am capturing that into a variable which is in-memory in my program
    2. I am using that session key for all other commands such as to get a document and get items and all.
    4. op signout is giving me an error saying that the user is not logged in.

    If I do the following steps, then op signout is working:
    1. op signin --raw (by providing all credential flags)
    * This prints out the session key as output.
    2. set the session key as an env variable.
    3. use that session key for all other commands
    4. op signout <= works

    As op signout is not taking sessionkey as a flag, in the first case how can I perform signout. If I set the session key as env variable then signout is working which means signout is taking session key from the env variable. Am I correct?

  • Matthew_1PMatthew_1P

    Team Member

    Hi @sandeepmachiraju, you're correct in your last statement — running op signout without --session will then pull the session token from the environment variable. But if you signed in with the --raw flag set, provided you've not set it yourself, the session token won't be in the environment variable.

    I've just tried running op signout --forget --session [session token] and it works as expected for me. Just to rule out everything here, are you running that command exactly, replacing [session token] with your actual session token? Which version of op are you running? You can find that out with op --version — the latest version is 0.9.4.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file