CLI on Linux signin secret visible

I am trying to use op utility on Linux, but what bothers me from the start is that when I try to sign in, the characters of the secret I enter are visible on the terminal. This doesn't look secure to me. Is there a way to hide them or do I miss something in the CLI concept?

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided


  • felix_1pfelix_1p

    Team Member

    I assume you mean that the Secret Key is visible? Because the Master Password shouldn't be (and isn't for me). If it is then op doesn't work properly on your system for some reason and we would need more information to find out what's going on.

    As for the Secret Key: You usually type it only once the first time you log into an account. It's then stored in op's configuration file. Because it is long, random and infrequently used, making it visible seems to be better from a UX perspective.

  • It is the secret key, yes. The password indeed is not visible. But it bothers me that its name contains "secret" and in the profile it is treated as a secret - it requires an extra step to become completely visible and on the terminal it is displayed completely and it can be read from the terminal or the session history. I would kindly suggest for the future version of op to hide it when entered and show it only an extra flag is used, something like --showsecret

  • felix_1pfelix_1p

    Team Member

    I'll pass this along to the team, thank you!

  • The secret key still shows when I use 1.6 of the command line tool. Now there is a new functionality that would allow me to use a session ID instead when I sign in. Is there a way to obtain the session ID from the desktop app or some other way than the command line tool?

  • felix_1pfelix_1p

    Team Member

    Is there a way to obtain the session ID from the desktop app or some other way than the command line tool?

    There isn't. The session token is something that's specific to the command line tool.

  • gkaraggkarag
    edited September 16

    Thanks. For what is worth I managed to make a workaround by creating a bash function and an alias:
    function oplogin() { test -z "$1" && echo "USAGE: opsignin <email>" && return; read -p "Enter 1Password secret: " -sre p && echo "" && eval $(op signin "$1" "$p"); }
    alias oplogout='op signout && unset OP_SESSION_mydomain'

  • ag_yaronag_yaron

    Team Member

    Thanks for sharing that @gkarag !
    Much appreciated :+1:

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file