Examples of input for flag `--vaults` which expects arguments in the form `StringArray`

timfall
timfall
Community Member

Hi Guys!
I'm attempting to work around a bug/limitation of the webui when generating tokens for 1Password Connect Servers. The tl;dr is that it doesn't show the "Shared" or "Private" vaults as addable to a token's scope, and even when adding other vaults to a token, the generated token doesn't have those scopes. That's not the issue here though.

I'm attempting to use the op cli to get around this by creating tokens with op connect token create --server --vaults however I can't seem to find a way to do multiple entry input for --vaults that the cli will accept. I can specify one vault by name with --vaults Shared,rw, with the ,rw referring to the permissions for that vault but I can't seem to pass more than one. The --help and online docs show it expects a "StringArray" but what this is is not clear. Similarly the ,r notation is not noted in the man/help text, it's just burried in the online docs. Maybe some examples in the help text?

op version 2.0.0

Thanks!


1Password Version: 8.7.0
Extension Version: Not Provided
OS Version: macOS 12.3.1

Comments

  • Hey @timfall,

    Thank you for reaching out to us, and sorry for the confusion!

    Indeed you can only supply one vault/permissions pair per --vaults flag usage with this command, but the good news is you can use the flag multiple times. For example, this would work: op connect token create dummyToken --server ... --vaults "Demo,r" --vaults "Prod,rw". I've gone ahead and filed an internal ticket to update this documentation text.

    As for the CLI help text, I see that it (op connect token create --help) notes: "You can further limit the permissions a token has to read-only or write-only by adding a comma and r or w after the vault specification.". Could you indicate which areas are less clear? I'd love to get this updated if there's some ambiguity.

    Best,
    Jody

  • Hey @timfall ,

    We've clarified the wording around the flag by changing it from --vaults to --vault and added an example in the help text to show how to add multiple vaults by specifying the flag multiple times.

    Keep an eye out for this on the next release, and thank you for the feedback!

This discussion has been closed.