anyone have examples of editing existing Vault entries from CLI?

I have several vaults within our company's division where we would like to add more entries for all.
I am looking for a path that I can follow to automate this.
I understand the limitation, but are there any proven solutions?

I was expecting to be able to op get item(s) and pull the data in json format, modify this data to include the new entries that I wanted to add, and then import this in as a new item.

What would be the correct commands to accomplish this?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

Comments

  • keith.craigkeith.craig

    Team Member

    Hey @adrianbj,

    Just for clarification, do you mean adding new entries to a vault, or editing the information of existing entries?

    For the former, you can add new items to a vault with json using op encode < file.json with op create item as shown in the documentation.

    For the latter, op edit item doesn't take json templates, but uses key-value assignment pairs like section.field=value. There are also unfortunately some limitations here, namely that you can't add a new field this way.

  • Thanks for your response @keith.craig

    Basically, I have a Vault Login entry, entry1 with
    username = usernameValue
    password = passwordValue

    OTHER FIELDS
    Description = Detailed Description.....
    Account = accountValue
    Date expiration = dateValue

    I would like to add more fields under OTHER FIELDS
    Other Field1 = OtherFieldValue1
    Other Field2 = OtherFieldValue2
    Other Field3 = OtherFieldValue3
    Other Field4 = OtherFieldValue4

    Is there a scenario of taking the existing entry "entry1" and using that as a template to build out a new entry, "entry2"? If so, I could delete the old "entry1" after I confirm "entry2" is valid.

    If I can't add a new field with op edit item, I guess that is just not an option.

  • I have a process that works manually, from the 1password Client:

    From 1Password Client AND With target Vault selected, click File > Export > Selected Items… or All Items…
    Enter File name, select .1pif, and click save

    Open the data.1pif file in the newly created folder
    Make changes - create new field(s)
    Save Change(s)

    From 1Password Client AND With target Vault selected, click File > Import…
    On “Where if your data coming from?” Import screen, select Other > select Import a 1PIF File > Confirm Vault > select modified .1pif

    In the target vault, I can see the new vault entries.

    Is there a way to accomplish this from CLI?

  • Michael_1PMichael_1P

    Team Member

    Hello @adrianbj,

    Thanks for writing in! My name is Michael, and I'm one of the developers on the team responsible for the command-line tool.

    As @keith.craig mentioned, there are currently some limitations in how editing of an item works using the command-line tool. We are definitely aware of these limitations and are looking to address them in an upcoming release. The state of the "edit item" command is nowhere near where we want it to be.

    In the meantime, the workaround that you mentioned on August 24th should be suitable for your use case. You'll need to:

    1. Use op get item and save that as a JSON file.
    2. Make the edits needed in that JSON file.
    3. Use op create item and upload that JSON file. Note that the create item command expects the title and the URL field to be passed as flags, instead of in the JSON.
    4. Verify that the newly-created item looks as you’d expect.
    5. Delete the original item.
    6. Clean up the temporary, unencrypted JSON files.

    We highly recommend using the utility jq to help manipulate your JSON content in these steps.

    Here are sample commands (that you might need to tweak for your use-case):

    # 0. Set up your vault name and item name here:
    export VAULT_NAME='your-vault-of-choice'
    export ITEM_NAME='the-item-to-duplicate'
    
    # 1. Get the item and fields-as-flags, storing each in their own file.
    op get item --cache --vault "$VAULT_NAME" "$ITEM_NAME" > item.json
    jq '.details' item.json > details.json
    jq -r '.overview.title' item.json > title.txt
    jq -r '.overview.url' item.json > url.txt
    jq -r '.uuid' item.json > uuid.txt
    
    # 2. Make the edits you need
    
    # 3. Upload the edited item
    #        I am assuming that these are Login items, based on your sample data, 
    #        but you can specify the category as needed.
    #        Unfortunately, `create item` only supports setting one URL.
    op create item Login \
        --vault "$VAULT_NAME" \
        --title "$(< title.txt)" \
        --url "$(< url.txt)" \
        "$(op encode < details.json)"
    
    # 4. Verify that the newly-created item looks as you'd expect.
    
    # 5. Delete the original item
    #       In case you did not modify the title, we refer to the original’s UUID.
    op delete item --vault "$VAULT_NAME" "$(< uuid.txt)"
    
    # 6. Clean up the temporary storage files
    rm item.json details.json title.txt url.txt uuid.txt
    

    You might need to adapt some of these commands for your specific use case, but I hope that this is a useful jumping off point.

    Since you also asked about 1pif files, I should mention that the command-line tool does not work with 1pif files.

    I hope that these workarounds are enough to help you proceed with making the changes you want within your division’s vaults. Again, we know that this is less than ideal, so keep an eye out for a future release where we improve this workflow.

    Please feel free to write back with any additional questions you may have.

  • Thanks @Michael_1P !! This is exactly what I was looking for. Thanks for explaining each step and providing the sample. One follow-up question....What exactly is the URL field? It appears that this is actually optional, as I didn't used it in my POC for this.

  • Also, my second follow-up question....When building out the json to include my additional fields, what exactly is
    N the (internal) field name?
    Is this required? can I used any value? can it be duplicated across x amount of Vault entries?

  • Michael_1PMichael_1P

    Team Member

    @adrianbj

    You're welcome! I'm glad that it helped. As to your follow-up questions:

    1. What exactly is the URL field? Is it optional?

    The URL field is definitely optional. Most of the time, a Login item would be used with a website. The URL field is where you would store that particular website. If you look at the saved item.json file, you might notice that we use both overview.url and overview.URLs. The plural key is an array of each of the URLs stored in that particular Login item. The singular key is a string for the "primary" URL. It might be easier to follow with a picture or two:

    You can see that I’ve added two URLs to this Login item, and how they are represented in the JSON. That said, they are definitely optional.

    1. What is the N / internal field name?

    Those are actually UUIDs for each field that we have compressed down to an alpha-numeric format. You can copy over the existing ones or leave them blank. The CLI will take care of them. They can be duplicated across any number of vault items, just not within a single vault item.

    I hope that these answers are what you're looking for. If you have any additional follow-up questions, feel free to ask them here!

  • Thanks!

  • ag_yaronag_yaron

    Team Member

    On behalf of Michael, you are most welcome :chuffed:

  • @ag_yaron or @Michael_1P As a follow up question, do either of you know of a way to use jq or any other tool to get the length for a specific array? And is there a way to narrow down a particular index of my array, so that I can append my new fields?

    For example, while following the approach above, I have a scenario where my .details json has 4 different members under sections. I was trying to use "sections[].fields" to filter the length so that I could append the new entries to the section. In the screenshot below, you can see 2 of the 4 members under "sections":

    This works for me in scenarios where there is one section: jq '.sections[].fields | length' details.json
    This returns a single result.
    However, in the problematic scenario, I am seeing 4 results, ex:
    0
    12
    0
    1

    So, looking for a way to get one result, like jq '.sections[1].fields | length' details.json
    However, I would like to automate this, so the problem is that the vaults are unique in that some have several sections and some don't.

    To modify the json, I am using the following example: _ jq '.sections[].fields['\${arrayLength}'] += {"k":"string","n":"04D8B865E7B04AC0A102E85C2F3A723D","t":"Purpose of the credential","v":"enter text"}' ./Login/\${item_uuid}/details.json > "\$tmp" && mv "\$tmp" ./Login/\${item_uuid}/details.json_
    So, I would need a valid array path and length.

  • Michael_1PMichael_1P

    Team Member

    Hello @adrianbj,

    It sounds like you are trying to add in these new fields into one of the sections and that you're running into difficulty when a Login item has multiple sections.

    You have a few different options to be able to add these new fields programmatically using jq.

    1. Add the new fields into the first section of the Login item,
    2. Add the new fields into the last section of the Login item,
    3. Create a new section that only contains your new fields.

    Personally, I feel like Option 3 is the best aesthetically for the user, so I'll show you how to use jq to achieve that first.

    Option 3: Create a new section that only contains your new fields

    The += operator in jq allows you to merge one array into another array, like so:

    jq '.sections += [{"title": "Section added by administrator", "fields": [{"k": "string", "t": "Purpose of the credential", "v": "enter text"}]}]' details.json
    

    You'll note that the second half of the += operator is an array that contains an entire section object.

    And here's a screenshot of how that will appear in 1Password.

    We've created a brand new section called Section added by administrator that contains the one field we added in the array.

    Option 2: Add the new fields into the last section of the Login item

    If your goal is to combine these fields into an already-existing section, then here are those steps.

    Similar to above, we are using the += operator to merge two arrays together. The source array is going to be the final section’s fields. In this case, we are merging in an array of field objects, rather than an array that contains a section object. Note that negative indices are allowed, with -1 referring to the last element, -2 referring to the next to last element, and so on.

    jq '.sections[-1].fields += [{"k": "string", "t": "Purpose of the credential", "v": "enter text"}]'
    

    And here's what that looks like:

    You can see that our new Purpose of the credential field has been added into the Already existing section section.

    I hope that this helps. Please feel free to write back with any additional questions you may have.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file