secure method to create a new item

ehuss
ehuss
Community Member

Is there a secure method to create an item with a password that does not involve including the password on the command-line? From my understanding, it is insecure to include secrets on the command-line since other processes can see that information. op create item does not appear to have any other option, though.

Using op version 1.8.0.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Hey @ehuss! If you just need to create a random password, op has a built-in password generator you can use when creating an item. By default, it will create a password that's 32 characters long, containing letters, digits and symbols.

    $ op create item Login username=[username] --generate-password --title=<title>
    

    You can also specify the password recipe. You can choose the length (between 1 and 64), and whether to include letters/digits/symbols. Specify these options after --generate-password, separating each one with a comma as shown below.

    $ op create item Login username=[username] --generate-password="letters,digits,20" --title=[title]
    

    Would that work for your situation?

  • ehuss
    ehuss
    Community Member

    Unfortunately, no. My use case involves saving a secret token which is generated by a separate system.

  • ag_yaron
    ag_yaron
    1Password Alumni
    edited November 2020

    Hey @ehuss ,

    If you need to create an item with a specific password (that was generated outside of the CLI), then there's no way (that I can think of) to pass that password into the CLI in a non-visible manner. You have to input that password into the CLI and therefor it will be visible when you pass it into the CLI.

This discussion has been closed.