When an = sign is present in a JSON value for a secure note created with the CLI the operation fails

thofmann

Today, I noticed that I wasn't able to create a secure note anymore via the CLI. I found out that I had added a value that contains a = (equals) sign in the value (this is a secret which is base64 encoded and needs to be stored in the secure note).

This is easy to reproduce:

Works:

op create item 'secure note' '{"a":"b"}' --title=caching-secrets --tags=kubecfg --vault=cluster
{"uuid":"6j3wgprmlpx7k5xhud3jpnnom4","createdAt":"2021-01-08T11:01:49.9553272+01:00","updatedAt":"2021-01-08T11:01:49.9553273+01:00","vaultUuid":"ub2jqfvvcfcrrv4turjl7phjs4"}

Does not work:

op create item 'secure note' '{"a":"b**=**"}' --title=caching-secrets --tags=kubecfg --vault=cluster
[ERROR] 2021/01/08 11:02:28 The item doesn't have a "{\"a\":\"b" field.

Is there any workaround for this? Could you please provide a fixed version?

Thanks, Thomas

---

1Password Version: 1.8.0 CLI also on 1.6.0
Extension Version: Not Provided
OS Version: Linux (WSL)
Sync Type: Not Provided
Referrer: forum-search:I am using the CLI to create secure notes. Today, I found out that having an = sign in a JSON value

Michael_1P

Hello Thomas,

I'm sorry to hear that you're having trouble creating items when the value contains an equals sign. The error message doesn't explain well what the command-line tool is trying to do.

When you are creating an item, you can create the item either using assignment statements or using a 1Password JSON object template.

The assignment statements feature is what is causing the problem here. From op create item --help:

CREATE AN ITEM WITH ASSIGNMENT STATEMENTS
Use an assignment statement to set a field's value:
    [<section>.]<field>=<value>

So when you type:

op create item 'secure note' '{"a":"b**=**"}' --title=caching-secrets --tags=kubecfg --vault=cluster

then the command-line tool parses that out as:

field = value
{"a":"b** = **"}

which yields the error message:

The item doesn't have a "{\"a\":\"b" field.

Fortunately, we have a way around this. You can encode the secure note's contents with base64url encoding, which protects all special characters from being interpreted by the command-line tool.

 op create item "secure note" "$(echo '{"a":"b**=**"}' | op encode)"  --title=caching-secrets --tags=kubecfg --vault=cluster
                              ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

where I have underscored the part of the command that I changed. Or, if you prefer to write the contents of the secure note in a file called "secure_note.txt", you could use:

 op create item "secure note" "$(op encode < 'secure_note.txt')"  --title=caching-secrets --tags=kubecfg --vault=cluster
                              ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I hope that this helps, Thomas. Please feel free to write back with any other questions or clarifications.

thofmann

Hi Michael,

thanks for responding. I used the encoded format before but when I noticed that it works with plain JSON also I got rid of it. I wasn't sure why this would be needed.
I think I tried it with base64 encoded format too but I will have a look at your proposal and give you feedback as soon as I have tried it.

thofmann

This way all is working. Thank you very much.

ag_yaron

Hey @thofmann ,
We're glad to hear it's working for you.

On behalf of Michael, you're most welcome