op slowness and 1password.com vs .eu

Hi,
I currently own a 1password.com family account.

I use heavily the op cli and 1passwordX under Linux. But op is pretty slow so I rely on a wrapper, 1pass which caches gpg encrypted 1password items locally.
I have installed the last version of op: 0.5.4

My question:
Will op response times get better if I move my 1password account from the USA server to the Europe server?

Thanks
Spacehog


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: ArchLinux
Sync Type: Not Provided

Comments

  • cohixcohix

    Team Member

    @spacehog thanks for writing in.

    We are currently working on a round of improvements that should drastically improve the performance of op. Switching to the eu servers would not make much of a difference.

  • Great news!

    Thanks. 👍🏻

  • cohixcohix

    Team Member

    Keep an eye out for the next version!

  • We are currently investigating 1Password as a replacement of LastPass. It seems to have everything but the performance of the CLI is currently a dealbreaker for us as we plan to use our vault integrated with our DevOps scripts. We need to grab hundreds of passwords efficiently by calling the CLI.

    Currently, the retrieval of a password takes around 4-5s, this is really huge. We need a tool that answer around 100ms.

    Any news or ETA on the next op release ? or is there a CLI beta we could test ?

    Thanks for your answers,

  • cohixcohix

    Team Member

    @mickael how are you querying the items? Using op get item with a UUID should be very fast.

  • @cohix thanks for your quick answer, sadly this is how I query.

    Some benchmarks:

    op --version
    0.5.5
    
    time (for i in {1..20}; do time op get item xydqygltsk6evp6aircxygh3ka --session=... > /dev/null; done)
            4.13 real         1.37 user         1.86 sys
            3.79 real         1.35 user         1.81 sys
            4.50 real         1.38 user         1.89 sys
            4.03 real         1.37 user         1.85 sys
            3.93 real         1.38 user         1.88 sys
            4.14 real         1.37 user         1.86 sys
            3.95 real         1.37 user         1.88 sys
            3.97 real         1.45 user         2.07 sys
            4.41 real         1.40 user         1.93 sys
            3.91 real         1.39 user         1.95 sys
            3.78 real         1.38 user         1.92 sys
            4.20 real         1.40 user         1.90 sys
            4.28 real         1.35 user         1.87 sys
            3.85 real         1.36 user         1.87 sys
            3.84 real         1.35 user         1.83 sys
            4.45 real         1.37 user         1.90 sys
            4.10 real         1.40 user         1.96 sys
            4.00 real         1.41 user         1.97 sys
            3.98 real         1.36 user         1.87 sys
    [LOG] 2019/04/22 15:51:33 (ERROR) Get https://team-dkod.1password.eu/api/v1/account/keysets: net/http: TLS handshake timeout
           10.03 real         1.32 user         1.86 sys
    ( for i in {1..20}; do; time op get item xydqygltsk6evp6aircxygh3ka  > ; done)  27,65s user 38,11s system 75% cpu 1:27,44 total
    

    My computer is a MBP 2018 i9 2.9GHz 32Gb runnin Mojave 10.14.4

    Running the benchmarks have spotted the TLS handshake timeout also.

  • We intend to subscribe to Business plan, and have some other questions, maybe you could help as they are more or less all related to CLI:
    - is the CLI officially supported ?
    - is there a limit capacity of the system ? a limit where things starts to slow down drastically ?
    - is it possible to sync the vaults locally while still using the cloud base syncing ?
    - is it possible to write a custom cli that use the local storagefor query purposes ?
    - is there a documentation of the API and the encryption/decryption process ?

  • cohixcohix

    Team Member

    @mickael I'd be happy to answer all of this here, but I strongly suggest you contact [email protected] so that we can get you set up with someone from the business team, and then we can schedule a call to go over all of these things. I would be happy to be on that call so we can go through the details.

  • @cohix I understand I will forward this by email, but what do you think of the performance of my queries ?

    Could you share what it is "a very fast" query on your side ?

  • cohixcohix

    Team Member

    @mickael we made some improvements in 0.5.5, but we will have additional improvements in the upcoming 0.6 (no exact timeline on that just yet), but I can share some timings on the upcoming changes:

    time op get item jjr2czjf4zztx4qbqonx7dkt3e
    [...]
    0.12s user 0.04s system 15% cpu 1.039 total
    

    So about a 3-4x speedup from what you're seeing.

  • @cohix thanks, that's a great performance gain, however four our usage that will be still insufficient. We need to get answers in around 100ms mainly due to our usage with Ansible.

    Our Ansible playbooks have hundred of secrets, each secrets is retrieven with a separate CLI request. So say you have 300 secrets in your playbook, your need to wait 5 minutes each time the playbook needs access to the credentials file, this could multiple times depending on how the ansible playbook is structured.

    That's why I have all that other questions.

    We tested Bitwarden also a few weeks ago. The official CLI was able to retrieve secrets in 0.85s that was still insufficient for our usage. So I wrote a simple python CLI focused on query secrets to match our expected performance results by etudying the opensource nodeJS CLI.

    I was simply wondering if something like this was eventually possible with 1Password.

  • cohixcohix

    Team Member

    @mickael we will indeed continue to make performance gains wherever we can, but for now I can't promise that we'll get down to 100ms. We don't currently have any official tool that can query the local databases of the desktop apps, and we don't have any official tool to query AgileKeychain/OPVault files either. The CLI tool is still in beta, but we are actively working on it.

  • @cohix thanks a lot for your answers.

    1Password looks like a great product, if you success in making a great CLI that will make it the only Password Manager which provides sexy desktop/app UI, effective team sharing and effective usage in DevOps scripts.

    Keep the good job, I will follow performance gains upon releases.

  • cohixcohix

    Team Member

    @mickael absolutely, and really appreciate the feedback. We know there's work to be done here, and there has been quite a lot of "maintainance" being done to move us towards the goal of a more performant, usable CLI.

  • @cohix Just to share with you, that I succeed in developing my local 1password query tool.

    Performance is good, I can grab results in around 0.13s.

    If you're curious, code is here: https://github.com/mickaelperrin/onepassword-local-search

    That may encourage you to implement a sync option with the cli and use it locally for querying ;)

  • cohixcohix

    Team Member

    Well now that is very cool. I'll need to look over the code later to see what's going on.

  • Hey @cohix,

    Just to inform you that things are getting desperately worse :

    op get item UUID --account=XXX 1,91s user 2,56s system 17% cpu 25,233 total
    

    :( :'(

  • cohixcohix

    Team Member

    @mickael how many items total are in the account? Have you tried adding the --vault flag as well?

  • mickaelmickael
    edited May 10

    @cohix My setup is composed of :

    • 2 accounts: team and personal
    • team account with: 537 items in 41 vaults (we create a separate vault for each customer)
    • a personal account with: 1422 entries and 5 vaults

    Indeed adding the --vault drastically increase the performance, this is good to know (15s -> 5s, according to this morning benchmarks)

  • cohixcohix

    Team Member

    @mickael the instance above of 25s, was that on the personal account?

  • Honestly, I don't remember. I currently avoid doing "get" requests on the native op (that gets me crazy ;)), I switch to my op-local alternative.

    So I currently use op only to create new entries. The performance is around 4-5s. Not incredible, but as I create only a few entries per day, this is largely acceptable.

  • brentybrenty

    Team Member

    I hear you. I suspect cohix can help track down the cause when he gets back. Thanks for your patience and willingness to work with us on this! :)

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file