Log into one password cli within python script run time

dale_courtney
dale_courtney
Community Member

@Matthew_1P,

I just read through the discussion about this over at https://1password.community/discussion/112515/log-into-one-password-cli-within-python-script-run-time

I'm having OP ask for my 1Password password every time I run the subprocess. And that breaks the entire process.

Any idea on how to not have OP request that password each time?

Thanks in advance.

Best,
Dale


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • ag_yaron
    ag_yaron
    1Password Alumni

    Hey @dale_courtney ,

    When you sign into OP, the session is valid for 30 minutes after each command you send (meaning there's an idle timer of 30 minutes).
    One way to keep the session alive is to send any OP command in that time frame to reset the idle timer.

  • dale_courtney
    dale_courtney
    Community Member

    Thanks, @ag_yaron

    I'm not even getting that far. When running the OnePassword Python wrapper, I'm getting an error, requesting the 6-digit authentication code

    from onepassword import OnePassword
    from api_keys import one_password as secret
    import json
    op = OnePassword(secret=secret)
    

    onepassword.SigninFailure: Error signing in: 'Enter your six-digit authentication code: [ERROR] 2021/04/20 06:41:51 incorrect One-Time Password length. expected 6'

  • ag_ana
    ag_ana
    1Password Alumni

    @dale_courtney:

    For confirmation: do you have 2FA enabled for your 1Password account?

    incorrect One-Time Password length. expected 6

    Are you sending the correct TOTP as part of the login process?

  • dale_courtney
    dale_courtney
    Community Member

    @ag_ana I do have 2FA enabled on my 1Password for Teams account (the account I'm trying to use the OnePassword Python wrapper with).

    For that secret, I'm using the following:

    from onepassword import OnePassword
    
    secret = {"password": "<YOUR-PASSWORD-HERE>",
              "username": "<YOUR-USERNAME-HERE>",
              "signin_address": "<YOUR-1PASSWORD-ORGNIZATION-ADDRESS>",
              "secret_key": "<YOUR-1PASSWORD-SECRET-KEY>"}
    op = OnePassword(secret=secret)
    
    documents = op.list("documents")
    pem_keys = (doc for doc in documents if doc["overview"]["title"].endswith("pem"))
    first_key = next(pem_keys)
    key_contents = op.get("document", first_key["uuid"])
    print(key_contents)
    

    These are the same credentials I use to login online. Plus I sometimes get asked for the 2FA online.
    I do not get asked for that 2FA when using OP. Except when running the Python wrapper.

  • dale_courtney
    dale_courtney
    Community Member

    OK, I turned off 2FA on my 1Password account, and now that OnePassword Python wrapper runs just fine.

    I'd rather not run around with 2FA turned off. So if anyone knows a workaround, I'd love to hear it.

    Thanks, all.

    Best,
    Dale

  • ag_yaron
    ag_yaron
    1Password Alumni

    Hey @dale_courtney ,

    You definitely shouldn't disable 2FA for the CLI.
    When you use the CLI without the wrapper, it remembers your account (after the first time you sign in) so you don't need to provide it with your Secret Key or organization address. You can also sign in using a shortname. For example: op signing personal and it will only ask for your Master Password.

    I think what happens here is that every time you run the wrapper you are starting a brand new login session (e.g. it doesn't remember your credentials like when you sign in without the wrapper) so it asks you for your 2FA code every time. If you can get it to use a shortname to signin so you won't require the Secret Key and domain, that might do the trick. Perhaps this will help: https://support.1password.com/command-line-reference/#signin

  • dale_courtney
    dale_courtney
    Community Member

    @ag_yaron I totally agree about the 2FA. I've turned it back on.
    I have emailed the writer of that Python wrapper about updating the script.

    Do you have any recommendations for a Python wrapper that works well with the CLI? I'm finding that I'm needing that functionality more every day.

    Thanks.

  • ag_yaron
    ag_yaron
    1Password Alumni

    I can't say that I do, sorry :chuffed:

    Maybe someone else here will jump in and suggest something.

This discussion has been closed.