(ERROR) You are not currently signed in.

I'm trying the CLI on my Mac.

$ uname -a
OS: Darwin MacBook Pro 17.6.0 Darwin Kernel Version 17.6.0: Tue May  8 15:22:16 PDT 2018; root:xnu-4570.61.1~1/RELEASE_X86_64 x86_64
$ op --version
0.5.2
$ op signin xxxxx.1password.com [email protected] A3-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX
Enter the password for [email protected] at xxxxx.1password.com:
export OP_SESSION_xxxxx="SESSXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
# This command is meant to be used with your shell's eval function.
# Run 'eval $(op signin xxxxx)' to sign into your 1Password account.
# If you wish to use the session token itself, pass the --output=raw flag value.

$ export OP_SESSION_xxxxx="SESSXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"

$ op list items
[LOG] 2018/08/17 11:11:44 (ERROR) You are not currently signed in. Please run `op signin --help` for instructions

But, when I do this, it works:

$ echo "SESSXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" | op list items
[ ...lots of JSON... ]

So, I guess that op does not know for which subdomain to get the OP_SESSION_xxxxx? And how would this work with multiple teams?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: 10.13.5
Sync Type: Not Provided

Comments

  • cohixcohix

    Team Member

    @tader hrm, I'm not able to reproduce the env var issue on my Mac. Could you run this and ensure that a file exists in the directory with ls -a:

    cd $TMPDIR$(ls $TMPDIR | grep agilebits.op)

    That should contain the session file. If nothing is there, or if the `com.agilebits.op.{UID} directory doesn't exist in $TMPDIR, then at least we have a place to start debugging this.

  • Hello! I'm experiencing the same issue:

    $ uname -a
    OS: 17.7.0 Darwin Kernel Version 17.7.0: Fri Jul  6 19:54:51 PDT 2018; root:xnu-4570.71.3~2/RELEASE_X86_64 x86_64
    
    $ op --version
    0.5.2
    

    And can repro the rest of @tader's case.

    After following @cohix's debugging instructions, I can get to a valid directory with a few dotfiles (most likely for each attempt I've made to log in with the full syntax):

    $ cd $TMPDIR$(ls $TMPDIR | grep agilebits.op)
    $ # com.agilebits.op.501 
    $ ls -la
    total 24
    drwxr-xr-x    5 myname  staff   160 Aug 19 13:31 .
    [email protected] 148 myname  staff  4736 Aug 19 13:32 ..
    -rw-------    1 myname  staff   512 Aug 19 13:26 .5JAjXXXXXXXXXXXXXXXXX
    -rw-------    1 myname  staff   512 Aug 19 13:22 .FWj5XXXXXXXXXXXXXXXXX
    -rw-------    1 myname  staff   512 Aug 19 13:31 .NYFhXXXXXXXXXXXXXXXXX
    

    It may be worth noting that the account can't be fetched when using the short syntax, even after following the first step with the full domain, email and secret key:

    $ op signin myteamsubdomain
    [LOG] 2018/08/19 13:39:50 (ERROR) Account not found: myteamsubdomain
    
    To sign in to an account above: op signin <subdomain>
    To sign in to another account:  op signin --help
    
  • Hello,

    I just joined 1pass today and experiencing the same issue.

    uname -a
    Linux my_ubuntu 4.15.0-29-generic #31-Ubuntu SMP Tue Jul 17 15:39:52 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

    op --version
    0.5.2

    My $TMPDIR was empty, but after running

    export TMPDIR=/var/tmp/

    I had some files existing:

    drwxr-xr-x 2 me me 4096 Aug 19 16:58 .
    drwxrwxrwt 10 root root 4096 Aug 19 16:52 ..
    -rw------- 1 me me 521 Aug 19 16:58 .0kHVXXXXXXXXXXXXXXXXX
    -rw------- 1 me me 522 Aug 19 16:52 .-Qm_KXXXXXXXXXXXXXXXXX

  • @cohix thank you for your response!

    I have two files in the $TEMPDIR/com.agilebits.op.$UID folder:

    $ ls -asl
    total 16
    0 drwxr-xr-x    4 tader  staff   128 Aug 17 11:24 .
    0 [email protected] 280 tader  staff  8960 Aug 20 09:45 ..
    8 -rw-------    1 tader  staff   507 Aug 17 11:26 .XXXXXXXXXXXXXXXXXXXXXXXX
    8 -rw-------    1 tader  staff   506 Aug 17 11:13 .XXXXXXXXXXXXXXXXXXXXXXXX
    
  • Same thing here.

    @cohix here's how it goes (looks like the OP_SESSION environment variable is not properly recognized, sounds like a bug):

    $ mkdir tmp
    $ export TMPDIR=tmp
    
    $ op signin myaccount [email protected]
    Enter the Secret Key for [email protected] at myaccount.1password.com: A3-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX
    Enter the password for [email protected] at myaccount.1password.com:
    export OP_SESSION_myaccount="SESSION-KEY-XXXXXX"
    # This command is meant to be used with your shell's eval function.
    # Run 'eval $(op signin myaccount)' to sign into your 1Password account.
    # If you wish to use the session token itself, pass the --output=raw flag value.
    
    $ export OP_SESSION_myaccount="SESSION-KEY-XXXXXX"
    
    $ op get account
    [LOG] 2018/08/20 12:32:20 (ERROR) You are not currently signed in. Please run `op signin --help` for instructions
    
    $ op get account --account=myaccount
    {"uuid":"...",...}
    
    $ op get account
    [LOG] 2018/08/20 12:32:31 (ERROR) You are not currently signed in. Please run `op signin --help` for instructions
    
    $ op get account --session="SESSION-KEY-XXXXXX"
    {"uuid":"...",...}
    
    $ op get account
    [LOG] 2018/08/20 12:32:48 (ERROR) You are not currently signed in. Please run `op signin --help` for instructions
    
    $ find tmp/com.agilebits.op.501
    tmp/com.agilebits.op.501
    tmp/com.agilebits.op.501/.XXXXXXXXXXXXXXXXXXXXXXXXXX
    
  • cohixcohix

    Team Member

    Thanks to all who provided info about this. We're looking into this as we speak, and we'll make sure to comment here when we have any updates.

  • cohixcohix

    Team Member

    @jplhomer @aldanor @tader @rybot

    We tracked down the issue (the config file was not being written upon first sign-in), and we've fixed it. Version 0.5.3 is out now, please give it a try and let us know how it goes. We're sorry about this, please don't hesitate to write in again with any other issues you may encounter.

  • Thanks @cohix it works!

  • rickfillionrickfillion Junior Member

    Team Member

    Good to hear. :)

    Rick

  • Hello,
    I come across the same issue. I am using mac os catalina 10.15.2 and op cli 0.8.0. Upon successful signin, I can witness the following:
    1 the op cli creates a config and .device file within the current working directory (this is the most troublesome point)
    2 the op cli does not create a ~/.op directory
    3 the $TMPDIR/com.agilebits.op.UID exists, and is not empty (contains json files named '.somehash')

    As I only want to fetch a session token, I don't really mind 2, but 1 is preventing me from working correctly, creating orphaned files everywhere I sign in.

    Would you have any pointers? Thanks

  • felix_1pfelix_1p

    Team Member

    @OlivierBki Thank you for the report! I will need some time to look into this since we haven't had any other reports about this issue. It seems certainly strange to me that the config files are created in the current directory rather than ~/.op.

    One thing you could try is create ~./op manually (with the right permission, 700) and see if that makes op create the files in that directory. Please let me know if that had any effect. Thank you!

  • Hello @felix_1p, unfortunately creating the folder with the right permissions did not solve the problem. I recently noticed my APFS filesystem was case sensitive, whereas my previous mac (which did not have issues with op) was not.

  • felix_1pfelix_1p

    Team Member

    Thank you @OlivierBki (though unfortunate).I will see if I or one of my colleagues can replicate the issue. If not I will get back to you to get more information if possible. Sorry for the inconvenience!

  • Hey there, any news on the issue? Thanks!

  • felix_1pfelix_1p

    Team Member

    Sorry @OlivierBki for not following up. We weren't able to reproduce the issue. Looking at the source code there aren't too many reasons why the folder would be created in the current working directory. In the shell you are invoking the op command is the HOME environment variable set? If yes, is it set to a value that would somehow reflect the current working directory?

  • edited February 6

    No worries, yes the HOME environment variable is set. I encountered an issue with the onepassword unofficial Terraform provider also this week on the same laptop , so I presume if the op executable is a Golang binary, there is an issue in one of the official upstream libraries used in both the op binary and the terraform provider binary.
    Is the op CLI tool opensource so I can crosscheck the libs used and debug it?

  • cohixcohix

    Team Member

    @OlivierBki It is not currently open source. Could you let me know what library you're looking to validate and I can check up on it for you?

  • Setting the environment variable doesn't seem to work unless it's copy-and-pasted on the command line. eval, source and . from a file doesn't seem to work. I've not seen a bug like this before.

    # Versions of op macos and bash
    forseti:~ $ op --version
    0.9.2
    
    forseti:~ $ uname -a
    Darwin forseti.local 19.3.0 Darwin Kernel Version 19.3.0: Thu Jan  9 20:58:23 PST 2020; root:xnu-6153.81.5~1/RELEASE_X86_64 x86_64
    
    forseti:~ $ bash --version
    GNU bash, version 5.0.16(1)-release (x86_64-apple-darwin19.3.0)
    
    # clear the env variable
    forseti:~ $ unset OP_SESSION_myaccount
    
    # ensure it's empty
    forseti:~ $ env | grep OP_SESSION_myaccount
    
    # look in our file
    forseti:~ $ cat ~/.opsession
    export OP_SESSION_myaccount="REDACTEDREDACTEDREDACTEDREDACTEDREDACTED123"
    
    # source the environment variable from a file
    forseti:~ $ . ~/.opsession
    
    # It's now set in the env
    forseti:~ $ env | grep OP_SESSION_myaccount
    OP_SESSION_myaccount=REDACTEDREDACTEDREDACTEDREDACTEDREDACTED123
    
    # Doesn't work
    forseti:~ $ op list items
    [LOG] 2020/02/21 13:13:14 (ERROR)  You are not currently signed in. Please run `op signin --help` for instructions
    Usage:
      op list items [flags]
    
    Flags:
      -h, --help            help for items
          --include-trash   Include items in the Trash
          --vault <vault>   List items in <vault>. Specify <vault> by name or UUID.
    
    Global Flags:
          --account string   account to use when multiple sessions are active
          --session string   raw session token obtained via 'op signin --raw'
    
    
    # Manually copy and paste the output of "env | grep OP_SESSION_myaccount" above into the shell
    forseti:~ $ OP_SESSION_myaccount=REDACTEDREDACTEDREDACTEDREDACTEDREDACTED123
    
    # It works
    forseti:~ $ op list items
    [{"uuid":"redacted","templateUuid":"005","trashed":"N","createdAt":"2019-11-08T16:19:30Z","updatedAt":"2019-11-08T16:20:04Z","changerUuid":"redacted","itemVersion":2,"vaultUuid":"redacted","overview":{"ainfo":"Nov 8, 2019 at 11:19:30 AM","ps":57,"title":"redacted"}},{"uuid":"redacted","templateUuid":"001","trashed":"N","createdAt":"2018-05-31T20:51:42Z","updatedAt":"2018-05-31T20:53:15Z","changerUuid":"redacted","itemVersion":2,"vaultUuid":"redacted","overview":{"URLs":[{"u":"redacted"}],"ainfo":"redacted","ps":75,"title":"redacted","url":"redacted"}}]
    
  • op doesn't seem to work when sourced from a file with . or source, only copying and pasting it into bash seems to work.

    # Versions of op macos and bash
    forseti:~ $ op --version
    0.9.2
    
    forseti:~ $ uname -a
    Darwin forseti.local 19.3.0 Darwin Kernel Version 19.3.0: Thu Jan  9 20:58:23 PST 2020; root:xnu-6153.81.5~1/RELEASE_X86_64 x86_64
    
    forseti:~ $ bash --version
    GNU bash, version 5.0.16(1)-release (x86_64-apple-darwin19.3.0)
    
    # clear the env variable
    forseti:~ $ unset OP_SESSION_myaccount
    
    # ensure it's empty
    forseti:~ $ env | grep OP_SESSION_myaccount
    
    # look in our file
    forseti:~ $ cat ~/.opsession
    export OP_SESSION_myaccount="REDACTEDREDACTEDREDACTEDREDACTEDREDACTED123"
    
    # source the environment variable from a file
    forseti:~ $ . ~/.opsession
    
    # It's now set in the env
    forseti:~ $ env | grep OP_SESSION_myaccount
    OP_SESSION_myaccount=REDACTEDREDACTEDREDACTEDREDACTEDREDACTED123
    
    # Doesn't work
    forseti:~ $ op list items
    [LOG] 2020/02/21 13:13:14 (ERROR)  You are not currently signed in. Please run `op signin --help` for instructions
    Usage:
      op list items [flags]
    
    Flags:
      -h, --help            help for items
          --include-trash   Include items in the Trash
          --vault <vault>   List items in <vault>. Specify <vault> by name or UUID.
    
    Global Flags:
          --account string   account to use when multiple sessions are active
          --session string   raw session token obtained via 'op signin --raw'
    
    
    # Manually copy and paste the output of "env | grep OP_SESSION_myaccount" above into the shell
    forseti:~ $ OP_SESSION_myaccount=REDACTEDREDACTEDREDACTEDREDACTEDREDACTED123
    
    # works
    forseti:~ $ op list items
    [{"uuid":"redacted","templateUuid":"005","trashed":"N","createdAt":"2019-11-08T16:19:30Z","updatedAt":"2019-11-08T16:20:04Z","changerUuid":"redacted","itemVersion":2,"vaultUuid":"redacted","overview":{"ainfo":"Nov 8, 2019 at 11:19:30 AM","ps":57,"title":"redacted"}},{"uuid":"redacted","templateUuid":"001","trashed":"N","createdAt":"2018-05-31T20:51:42Z","updatedAt":"2018-05-31T20:53:15Z","changerUuid":"redacted","itemVersion":2,"vaultUuid":"redacted","overview":{"URLs":[{"u":"redacted"}],"ainfo":"redacted","ps":75,"title":"redacted","url":"redacted"}}]
    
  • felix_1pfelix_1p

    Team Member

    Hi @jameswhite, I'm running Linux, so not quite the same setup, but sourcing in the OP_SESSION_* env variable works fine for me with the same version of op and bash.

    Here is how I tested it:

    1. $ op signin myaccount > ~/opsession
    2. Opened new terminal/shell
    3. $ source ~/opsession
    4. $ op list items

    op is not doing anything special regarding environment variables, so you should be able to set them in any way you want. I can't think of a reason why the variable wouldn't be visible to op.... if you create a simple script that just echos the variable, e.g.

    #!/usr/bin/env bash
    echo "$OP_SESSION_myaccount"
    

    and run that, do you get the token back?

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file