Couldn't connect to the sign-in address you provided

avinashdubeyse

Hi
I am trying with CLI (version 2.0.0) on GCP cloud run and getting below error
Couldn't connect to the sign-in address you provided. Check the address and your network connection, then try again
No accounts configured for use with 1Password CLI.
You can either:

• Sign in with biometric unlock; see https://developer.1password.com/docs/cli/get-started/#sign-in for details.
• • Add an account manually with op account add; see op account add --help for details.

I am trying command

eval$(echo "password" | op account add --signin --address xyz.1password.com --email myemail@xyz.com --secret-key A5T-)

This is working perfectly fine when I run it on local mac machine with OP CLI .

---

1Password Version: 2.0.0
Extension Version: 2.0.0
OS Version: GCP Cloud Run
Referrer: forum-search:Couldn't connect to the sign-in address you provided

Justin.Yoon_1P

Hey @avinashdubeyse ,

op stores account info (email, domain, and secret key) in a local (unencrypted) config file.

By default the config path is set to $HOME/.config/op/config .

It may be possible that the cloud instance does not allow writes to home dir.

We do expose the --config PATH flag to manually set the path that the config should be saved to and loaded from. Note that it must be ran on each command.

So please give the op account add command and subsequent commands with the --config flag and let us know if that works for you.

avinashdubeyse

Hi
its the same error ( I tried with config location as - /usr/src/app/utils/onepassword

Adding here the error log

2022-04-26 00:50:22.643 CESTUsing configuration at non-standard location "/usr/src/app/utils/onepassword"
Default
2022-04-26 00:50:22.643 CEST[ERROR] 2022/04/25 22:46:51 Couldn't connect to the sign-in address you provided. Check the address and your network connection, then try again.
Default
2022-04-26 00:50:22.643 CESTUsing configuration at non-standard location "/usr/src/app/utils/onepassword"
Default
2022-04-26 00:50:22.643 CEST[ERROR] 2022/04/25 22:47:05 No accounts configured for use with 1Password CLI.
Default
2022-04-26 00:50:22.643 CEST
Default
2022-04-26 00:50:22.643 CESTYou can either:
Default
2022-04-26 00:50:22.643 CEST - Sign in with biometric unlock; see https://developer.1password.com/docs/cli/get-started/#sign-in for details.
Default
2022-04-26 00:50:22.643 CEST - Add an account manually with op account add; see op account add --help for details.
Default
2022-04-26 00:50:22.643 CESTUsing configuration at non-standard location "/usr/src/app/utils/onepassword"
Default
2022-04-26 00:50:22.643 CESTNo accounts configured for use with 1Password CLI.
Default
2022-04-26 00:50:22.643 CEST
Default
2022-04-26 00:50:22.643 CESTYou can either:
Default
2022-04-26 00:50:22.643 CEST - Sign in with biometric unlock; see https://developer.1password.com/docs/cli/get-started/#sign-in for details.
Default
2022-04-26 00:50:22.643 CEST - Add an account manually with op account add; see op account add --help for details.

avinashdubeyse

I tried command as - eval $(echo $PAASWORD | op account add --signin --address $ONE_PASSWORD_ADDRESS --email $SA_EMAIL --secret-key $SA_SECRET_KEY --config /usr/src/app/utils/onepassword)

Justin.Yoon_1P

Thanks for trying that out @avinashdubeyse

The error logs in particular are very helpful.

I looked at the code that prints the Couldn't connect to the sign-in address you provided. Check the address and your network connection, then try again. message, and I believe it stems from when the signin-address cannot be reached.

Is it possible to double check the signin address?

If that is not the case, do you mind sharing what environment/OS is running in the GCP instance?

avinashdubeyse

Hi
I confirmed the signin address its correct one , mycompanyname.1password.com
Strange thing is everything works on local mac system but when I deploy this to GCP cloud run it fails when running op add account

I tried lot of times with different options but no luck.

How I am using this
I have one node js application inside I am using op CLI in docker image and creating secure note throgh 1Password API and then to share the secure note link to the person I am using op CLI and for this I am doing 3 steps like this .

Can you let me know If anything I am doing wrong here ?

eval $(echo $PAASWORD | op account add --address $ONE_PASSWORD_ADDRESS --email $SA_EMAIL --secret-key $SA_SECRET_KEY )
eval $(echo $PAASWORD | op signin )
SHARE_LINK=$(op item share $ITEM_NAME_TO_SHARE --emails=$EMAIL_TO_SHARE --expiry=$EXPIRY_TIME --config );

Justin.Yoon_1P

Hey @avinashdubeyse - I see some things that could be improved in the script you provided but nothing that is conclusive.

1. Try wrapping each env var in double quotes: eg. eval $(echo "$PAASWORD" | op account add --address "$ONE_PASSWORD_ADDRESS" --email "$SA_EMAIL" --secret-key "$SA_SECRET_KEY")
2. You can have the op account add command sign in as well by adding --signin flag, that would eliminate the signin line, less points of possible failure

I am still wondering what OS the docker image is running, we have noticed some issues in the past with some configurations of the Arch linux OS.

avinashdubeyse

Hi
Thanks a lot
I tried earlier with --signin and add together , but it was giving the same error so I separated it . will try together again.

the docker image is built with ubuntu:latest (created one image with nodejs and CLI debian together)

avinashdubeyse

FROM ubuntu:latest
RUN apt-get update

RUN apt-get -y install curl gnupg coreutils

RUN curl -sL https://deb.nodesource.com/setup_17.x | bash -
RUN apt-get -y install nodejs

Install OP CLI

RUN curl -sS https://downloads.1password.com/linux/keys/1password.asc | \
gpg --dearmor --output /usr/share/keyrings/1password-archive-keyring.gpg

RUN echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/1password-archive-keyring.gpg] https://downloads.1password.com/linux/debian/$(dpkg --print-architecture) stable main" | \
tee /etc/apt/sources.list.d/1password.list

RUN mkdir -p /etc/debsig/policies/AC2D62742012EA22/
RUN curl -sS https://downloads.1password.com/linux/debian/debsig/1password.pol | \
tee /etc/debsig/policies/AC2D62742012EA22/1password.pol
RUN mkdir -p /usr/share/debsig/keyrings/AC2D62742012EA22
RUN curl -sS https://downloads.1password.com/linux/keys/1password.asc | \
gpg --dearmor --output /usr/share/debsig/keyrings/AC2D62742012EA22/debsig.gpg

RUN apt update && apt install 1password-cli

avinashdubeyse

Above is how I am installing OP CLI together with ubuntu for cloud run

avinashdubeyse

No saved device ID. Set the OP_DEVICE environment variable and try again: `export OP_DEVICE=lpeh2gmufiw2ecfjo4k4uw35

do I need to set OP_DEVICE before running script for add or signin ?

I setted up OP_DEVICE also but still its same error

I am now clueless and tired with same error :(

Justin.Yoon_1P

do I need to set OP_DEVICE before running script for add or signin ?

I think what you have there being set is fine. Do you mind trying this command from inside the cloud instance and let me know what the response is? It should print the http response code of trying to reach the signin address page.

curl -o /dev/null --silent -Iw '%{http_code}' https://www.<1password signin address>

If that call does not return a 200, there may be some networking issues to resolve.

avinashdubeyse

thanks for the reply I tried the curl and still its same error
even-though the curl is returning 200 (pls see here).
just for info - I am running this in cloud run (which is serverless)

2022-04-28 12:37:45.727 CESTInside success script
Default
2022-04-28 12:37:45.827 CEST4 qipakwsw77hx6pjpezhqnu2rq
Default
2022-04-28 12:37:45.827 CEST
Default
2022-04-28 12:38:18.527 CESTInside success script
Default
2022-04-28 12:38:18.527 CEST 200
Default
2022-04-28 12:38:47.026 CESTInside Error
Default
2022-04-28 12:38:47.027 CEST[ERROR] 2022/04/28 10:38:46 Couldn't connect to the sign-in address you provided. Check the address and your network connection, then try again.
Default
2022-04-28 12:38:47.027 CEST
Default
2022-04-28 12:38:52.928 CESTInside Error
Default
2022-04-28 12:38:53.427 CESTNo accounts configured for use with 1Password CLI.
Default
2022-04-28 12:38:53.427 CEST
Default
2022-04-28 12:38:53.427 CESTYou can either:
Default
2022-04-28 12:38:53.427 CEST - Sign in with biometric unlock; see https://developer.1password.com/docs/cli/get-started/#sign-in for details.
Default
2022-04-28 12:38:53.427 CEST - Add an account manually with op account add; see op account add --help for details.

Justin.Yoon_1P

Thanks for the info, I am going to add this issue to the ongoing investigation we have with the CLI not working on another serverless instance (AWS Lambda).

avinashdubeyse

Thanks a lot .. please let me posted with solution or any progress with CLI on serverless instance (cloudrun or AWS Lambda). please share the link for AWS Lamba issue as well so I can track that

Horia.Culea_1P

Hey @avinashdubeyse,
My colleague, @Justin.Yoon_1P has updated the ticket with the details of this report.
Alas, our issue tracking is handled internally. Here is a link to the original AWS Lambda thread, in the meantime:
https://1password.community/discussion/123194/cli-exiting-with-error-code-133-on-aws-lambda

We'll make sure to keep you updated, as we make progress with this.
Thank you for your patience.

Best,
Horia