CLI always requires authentication code

I am using the op CLI and I also have two-factor authentication enabled. Every time I authenticate to op, it asks for the authentication code. This gets annoying quickly and does not help in my quest to automate CLI signin.

$ op signin YYY
Enter the password for XXX at
Enter your six-digit authentication code: 

Is there a way to convince op that it is running on the same host similar to the way the 1password application and browser extensions do?

$ op --version

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: OSX 10.13.6
Sync Type: Not Provided


  • cohixcohix

    Team Member

    @razorsedge unfortunately the CLI has something of an "incomplete" implementation of 2FA, only in that it does not persist the 2FA secret after the first authentication. All the other apps persist this secret, allowing them to do 2FA "silently" in the background, but that has not yet been implemented on the CLI. It's something we look to do in the future, but I can't give a timeline on when it will be available.

  • Hi, any update about this feature?

  • cohixcohix

    Team Member

    @woakas Yes, this is something I've written the code for, but it has been put on hold due to some other more pressing matters. Rest assured it will come :)

  • Haha, I know, let me know when you can release this feature, thanks.

  • cohixcohix

    Team Member

    @woakas Keep an eye on this forum :)

  • I had blinked once or twice since but haven't noticed any news on this yet. ;-)

  • mickaelmickael
    edited May 2019

    @Moritz_ I agree this is annoying.

    I have written some little shell scripts to access the 2FA more quickly, they are designed for MacOs but could be easily ported to any system I guess. I have assigned them on a button of my MBP TouchBar but you can use them with a shortcut or what you want:

    $HOME/bin/ $(gpg --quiet --decrypt encrypted_file_with_2FA_key ) | pbcopy

    If you are confident of keeping your 2FA key decrypted and/or don't want to bother with gpg, you can simply:

    $HOME/bin/ PUT_YOU_2FA_KEY_HERE | pbcopy

    and the is as simple as

    import pyotp
    import sys
    totp = pyotp.TOTP(sys.argv[1])

    Be sure to have installed the pyotp library globally with something like PIP_REQUIRE_VIRTUALENV="" pip install pyotp

  • rickfillionrickfillion Junior Member

    Team Member

    Hah. That's a pretty awesome workaround, mikael.

    This is an issue that we still want to see fixed on our side. Hopefully soon we start rolling out CLI releases again.


  • If a moderator can delete this message and edit my previous message and remove "especially due to the fact that the sessions are closed every 30 minutes when using multiple accounts." as this is not true ;) thx

  • graham_1Pgraham_1P

    Team Member

    Edited per your request Mickael.

  • This is an issue that we still want to see fixed on our side. Hopefully soon we start rolling out CLI releases again.

    Yeah I get that the CLI is the most niche 1P product in terms of install base by customers. Though for folks like me who work primarily on Linux based systems + on a Shell most of the times this really would be something nice to get fixed.
    So I do understand it can take some time but I just wanted to make sure that there is some visibility on it.
    Have a good week y'all.

  • brentybrenty

    Team Member

    Totally. Thanks for your feedback! While our current focus is getting the CLI app out of beta, there are still a lot of features and enhancements we're anxious to add in future updates. :)

  • I'm interested in this as well (0.5.7 still prompts every signin).

  • cohixcohix

    Team Member

    The CLI is going to be more of a focus for my team fairly soon, so keep your eyes out :)

This discussion has been closed.