CLI in Terraform provider

Community Member


I'm using the CLI within a Terraform provider as part of our automation. This is then run from a Docker container.

I was advised to set the OP_DEVICE env property to use a fixed UUID and prevent all the sign in email notifications.
I've tried to do so by:

  • setting it in the the golang exec.Command.Env
    cmd := exec.Command(o.PathToOp, "signin", o.Subdomain, o.Email, o.SecretKey, "--output=raw") cmd.Env = append(cmd.Env, "OP_DEVICE=" + o.Uuid)

  • setting it in the os.Environ() in the provider code
    os.Setenv("OP_DEVICE", uuid)

  • setting it in the container environment.
    export OP_DEVICE=uuid

None of the above gave the desired result.
I keep getting:
No saved device ID. Set the OP_DEVICE environment variable and try again:export OP_DEVICE=xxxx``

Alternatively I was told that I could used a fixed config file, but I haven't been able to find any documentation/tutorial on the format of the config file.
I've tried different things in .op/config to no avail.

Could you give me some guidance?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided


  • SvenS1P

    Hey @r2ronoha, are you generating the UUID yourself, or using one provided by op? If you're currently generating it yourself, the CLI tool needs to use a UUID generated by 1Password — you can use the one given at the end of the No saved device ID. Set the OP_DEVICE environment variable and try again line.

  • r2ronoha
    Community Member

    That was helpful. Thanks.
    I was generating my own ID to make it more descriptive to our purpose.

    Are there any plans to allow for custom UUIDs?

  • felix_1p
    1Password Alumni

    Are there any plans to allow for custom UUIDs?

    Not at the moment.

  • taiidani
    Community Member

    @r2ronoha I happened to spot this while building my own post. Are you using the anasinnyk Terraform provider? In my experience I do not receive signin emails using that provider although admittedly I am not running it from within a Docker container.

    If this is because of the ephemeral Docker environment, have you considered performing a sign-in once outside of the container or with a one-off "docker run", then passing the OP_SESSION environment variable it gives you into subsequent container runs? That should recycle your session so that you only see one login event for the entire procedure.

This discussion has been closed.