We run a SIEM that ingests audit log data from various apps, but are having a really tough time programmatically pulling data from out 1Password business account for a few reasons:
op
tool requires inputing a 2FA token, but that is tricky if we want to do an automated cron job that pulls the audit logs and puts them in an S3 bucket. Our infrastructure is ephemeral so we can't have a setup that requires a user to login and put in the 2FA token by hand each time we need to run the export job.op signin
command, but not the password, which means the script has to handle prompts, which is burdensome.Let's say we do get all this setup, then we run into more issues. The actual login activity of users is not available via the activity log, it is only accessible through the website UI (with no export feature) or through a Slack App.
I really enjoy 1Password and it has been great to roll it out across the organization, but I'm at a loss as to why there isn't the simple capability to get a full view of the activity in my environment via a single API endpoint? This is the only product we use that has this deficiency. I understand not wanting to expose an API endpoint, and we have encountered that with 2 other security service providers, but they at least provide an export to S3 bucket feature so we can have the logs dumped somewhere.
Lastly, the logs themselves have some issues:
provsn
and trvlback
and deolddev
also shortening whole words to single letters like completer
and cancelr
Please spend some time thinking through the philosophy of audit logs and what they are there to accomplish, because right now they feel like a weird tacked on feature when they could be a huge value add.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
Team Member
Hi @aperson! Thanks for your great feedback about your use-case for the 1Password command-line tool here. Your post deserves a proper follow-up by a member of our development team, so I've moved your post to our CLI group - I'll have someone reach out to you here as soon as possible
Happy to speak to someone on the issues further. Thanks!
Team Member
@aperson It's really great to see you putting the tool through the ringer. You've come across something fairly common that we are working on addressing internally. I would love to get 30m of your time to talk about your use-cases and talk about some things we're working on, could you email me (connor at agilebits.com) so we can schedule something?
I am interested in this topic as well. We have a need to audit access to passwords as well. How is this coming along?
Thanks,
Paul
Team Member
Hi @pwarnagi,
This is still an area that we're looking to improve but we have nothing to share at this time.
Rick