secure method to create a new item
Is there a secure method to create an item with a password that does not involve including the password on the command-line? From my understanding, it is insecure to include secrets on the command-line since other processes can see that information. op create item
does not appear to have any other option, though.
Using op
version 1.8.0.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Hey @ehuss! If you just need to create a random password, op has a built-in password generator you can use when creating an item. By default, it will create a password that's 32 characters long, containing letters, digits and symbols.
$ op create item Login username=[username] --generate-password --title=<title>
You can also specify the password recipe. You can choose the length (between 1 and 64), and whether to include letters/digits/symbols. Specify these options after
--generate-password
, separating each one with a comma as shown below.$ op create item Login username=[username] --generate-password="letters,digits,20" --title=[title]
Would that work for your situation?
0 -
Unfortunately, no. My use case involves saving a secret token which is generated by a separate system.
0 -
Hey @ehuss ,
If you need to create an item with a specific password (that was generated outside of the CLI), then there's no way (that I can think of) to pass that password into the CLI in a non-visible manner. You have to input that password into the CLI and therefor it will be visible when you pass it into the CLI.
0