A token validity test would make op more useful for scripting

1secure
1secure
Community Member

I'd like to be able to embed "op" in shell scripts and shell aliases. One problem I ran into is that there isn't a simple way to determine whether a session token is valid. What I'd like to do is at the top of the script do something like:
if [ `op test vault` != "valid" ]; then eval $(op signin vault); fi
and use that in any script that needs op commands. The other alternatives have serious downsides: If we use the eval, then every script asks for password, which is too much friction. This is even more important when you think a out the fact that a script with an op command can fail mid-script, and if it had side-effects then cleanup is a pain. On the other hand if there can be a test up-front, then you are asked at the time the script is invoked.

Another trick might be to use bash/zsh aliases like this:
alias secureprog="if [ `op test vault` !== 'valid' ]; then eval $(op signin vault); fi; /path/to/secureprog"
That way if the current shell session needs to be refreshed, the shell is updated, and the program always gets a valid token


1Password Version: op cli 0.5.6
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:cli

Comments

  • 1secure
    1secure
    Community Member

    Update: I saw a post from @mickael that used op get account to refresh the session. That would work for test purposes. The exit code seems to be 0 if session is valid, 1 if not signed in, and 145 if signed in but expired.
    I'll use that in the interim. It would still be useful to have a test function that can determine whether the token is expired, without needing to hit your server. One simple implementation could be just appending an integer utc timestamp to the token

  • mickael
    mickael
    Community Member

    @1secure Maybe you could check that post and that gist

    To get op credentials in scripts, I then simply do:

    . "${HOME}/.bin/opsign.sh"
    eval $(get1PasswordSession)
    
  • cohix
    cohix
    1Password Alumni

    @mickael is the resident expert on optimizing the CLI for bash :)

This discussion has been closed.