More details on the keyring integration and API support

Hey.

Thank you for the nice and shiny Linux desktop application. There are a few features mentioned in the announcement of the stable version that got my attention but I couldn't find out any details. Please, can you shed some light on it?

I'm wondering what GNOME Keyring and KDE Wallet support means. Does it mean the 1Password data are stored in the keyring/wallet? What is the benefit? Or did I completely misunderstood?

The other features I'm interested in is DBUS API support and Command line API. Is there a documentation for these APIs? I do see that I can lock 1Password via the com.onepassword.OnePassword.Lock DBUS method or with 1password --lock but I couldn't find any other functionality exposed by these APIs. Ideally, I would like to retrieve passwords or TOTP codes from the command line.

Thank you.


1Password Version: 8.0.34
Extension Version: Not Provided
OS Version: Linux, Fedora 34
Sync Type: Not Provided

Comments

  • MitchMitch

    Team Member

    Hey @fcelda!

    Great questions! I've been waiting for someone to ask about some of these details. :chuffed:

    1Password integrates with GNOME Keyring and KDE Wallet primarily to store MFA secrets so you don't have to authenticate each time you unlock.

    The DBus API currently has two functions: Lock, which you build into your own custom lock scripts, and Unlock, which is exposed through Polkit when you use system authentication. The command-line API has a couple more commands such as --toggle to show and hide the UI.

    For direct access to data within 1Password, we also provide a command-line tool which might meet your needs.

    Now that these system hooks are in place, we're excited to do more with them as we continue to update the app. What else might you like to see in the command-line API, the DBus API, or desktop wallet integration?

  • Thank you for the answers, @Mitch.

    1Password integrates with GNOME Keyring and KDE Wallet primarily to store MFA secrets so you don't have to authenticate each time you unlock.

    If I understand it correctly, logging in on the machine will unlock the desktop keyring which allows 1Password vaults to unlock as well. Is that correct? Do you have any recommendation about the login password then? It sounds to me that the login password might become the weakest thing protecting the 1Password database.

    For direct access to data within 1Password, we also provide a command-line tool which might meet your needs.

    I'm aware of the CLI tool but it doesn't work well for my use case on desktop. The tool requires running op signin essentially in each terminal session before it can be used to retrieve content of the vault. I would really like something with the same functionality but use the 1Password desktop application as a backend.

  • Dayton_agDayton_ag

    Team Member

    Hi @fcelda

    If I understand it correctly, logging in on the machine will unlock the desktop keyring which allows 1Password vaults to unlock as well

    If you have 2FA enabled for your 1Password account, the 2FA token that proves your application has been authenticated will be stored in the keyring - this means you won't have to provide your 2FA code each time the app is unlocked. However, you will still be required to provide your Master Password each time you wish to unlock the app.

    One notable exception to this is if the System Authentication setting is enabled - after 1Password is unlocked with your Master Password, you can then use your system's available authentication methods to unlock 1Password on subsequent unlocks, including your system's login password. When your device is shut down, the keys that support this unlock method are dropped, so 1Password will require your Master Password each time your device is turned on.

    I would really like something with the same functionality but use the 1Password desktop application as a backend.

    Thanks for this feedback! I can definitely understand how this would be handy. Could you tell me a bit more about how you would envision this functioning? I'll be happy to pass along your thoughts to the Development team.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file