Couldn't connect to the sign-in address you provided

avinashdubeyse
avinashdubeyse
Community Member

Hi
I am trying with CLI (version 2.0.0) on GCP cloud run and getting below error
Couldn't connect to the sign-in address you provided. Check the address and your network connection, then try again
No accounts configured for use with 1Password CLI.
You can either:

I am trying command

eval$(echo "password" | op account add --signin --address xyz.1password.com --email myemail@xyz.com --secret-key A5T-)

This is working perfectly fine when I run it on local mac machine with OP CLI .


1Password Version: 2.0.0
Extension Version: 2.0.0
OS Version: GCP Cloud Run
Referrer: forum-search:Couldn't connect to the sign-in address you provided

Comments

  • Hey @avinashdubeyse ,

    op stores account info (email, domain, and secret key) in a local (unencrypted) config file.

    By default the config path is set to $HOME/.config/op/config .

    It may be possible that the cloud instance does not allow writes to home dir.

    We do expose the --config PATH flag to manually set the path that the config should be saved to and loaded from. Note that it must be ran on each command.

    So please give the op account add command and subsequent commands with the --config flag and let us know if that works for you.

  • avinashdubeyse
    avinashdubeyse
    Community Member

    Hi
    its the same error ( I tried with config location as - /usr/src/app/utils/onepassword

    Adding here the error log

    2022-04-26 00:50:22.643 CESTUsing configuration at non-standard location "/usr/src/app/utils/onepassword"
    Default
    2022-04-26 00:50:22.643 CEST[ERROR] 2022/04/25 22:46:51 Couldn't connect to the sign-in address you provided. Check the address and your network connection, then try again.
    Default
    2022-04-26 00:50:22.643 CESTUsing configuration at non-standard location "/usr/src/app/utils/onepassword"
    Default
    2022-04-26 00:50:22.643 CEST[ERROR] 2022/04/25 22:47:05 No accounts configured for use with 1Password CLI.
    Default
    2022-04-26 00:50:22.643 CEST
    Default
    2022-04-26 00:50:22.643 CESTYou can either:
    Default
    2022-04-26 00:50:22.643 CEST - Sign in with biometric unlock; see https://developer.1password.com/docs/cli/get-started/#sign-in for details.
    Default
    2022-04-26 00:50:22.643 CEST - Add an account manually with op account add; see op account add --help for details.
    Default
    2022-04-26 00:50:22.643 CESTUsing configuration at non-standard location "/usr/src/app/utils/onepassword"
    Default
    2022-04-26 00:50:22.643 CESTNo accounts configured for use with 1Password CLI.
    Default
    2022-04-26 00:50:22.643 CEST
    Default
    2022-04-26 00:50:22.643 CESTYou can either:
    Default
    2022-04-26 00:50:22.643 CEST - Sign in with biometric unlock; see https://developer.1password.com/docs/cli/get-started/#sign-in for details.
    Default
    2022-04-26 00:50:22.643 CEST - Add an account manually with op account add; see op account add --help for details.

  • avinashdubeyse
    avinashdubeyse
    Community Member

    I tried command as - eval $(echo $PAASWORD | op account add --signin --address $ONE_PASSWORD_ADDRESS --email $SA_EMAIL --secret-key $SA_SECRET_KEY --config /usr/src/app/utils/onepassword)

  • Thanks for trying that out @avinashdubeyse

    The error logs in particular are very helpful.

    I looked at the code that prints the Couldn't connect to the sign-in address you provided. Check the address and your network connection, then try again. message, and I believe it stems from when the signin-address cannot be reached.

    Is it possible to double check the signin address?

    If that is not the case, do you mind sharing what environment/OS is running in the GCP instance?

  • avinashdubeyse
    avinashdubeyse
    Community Member
    edited April 2022

    Hi
    I confirmed the signin address its correct one , mycompanyname.1password.com
    Strange thing is everything works on local mac system but when I deploy this to GCP cloud run it fails when running op add account

    I tried lot of times with different options but no luck.

    How I am using this
    I have one node js application inside I am using op CLI in docker image and creating secure note throgh 1Password API and then to share the secure note link to the person I am using op CLI and for this I am doing 3 steps like this .

    Can you let me know If anything I am doing wrong here ?

    eval $(echo $PAASWORD | op account add --address $ONE_PASSWORD_ADDRESS --email $SA_EMAIL --secret-key $SA_SECRET_KEY )
    eval $(echo $PAASWORD | op signin )
    SHARE_LINK=$(op item share $ITEM_NAME_TO_SHARE --emails=$EMAIL_TO_SHARE --expiry=$EXPIRY_TIME --config );

  • Hey @avinashdubeyse - I see some things that could be improved in the script you provided but nothing that is conclusive.

    1. Try wrapping each env var in double quotes: eg. eval $(echo "$PAASWORD" | op account add --address "$ONE_PASSWORD_ADDRESS" --email "$SA_EMAIL" --secret-key "$SA_SECRET_KEY")
    2. You can have the op account add command sign in as well by adding --signin flag, that would eliminate the signin line, less points of possible failure

    I am still wondering what OS the docker image is running, we have noticed some issues in the past with some configurations of the Arch linux OS.

  • avinashdubeyse
    avinashdubeyse
    Community Member

    Hi
    Thanks a lot
    I tried earlier with --signin and add together , but it was giving the same error so I separated it . will try together again.

    the docker image is built with ubuntu:latest (created one image with nodejs and CLI debian together)

  • avinashdubeyse
    avinashdubeyse
    Community Member

    FROM ubuntu:latest
    RUN apt-get update

    RUN apt-get -y install curl gnupg coreutils

    RUN curl -sL https://deb.nodesource.com/setup_17.x | bash -
    RUN apt-get -y install nodejs

    Install OP CLI

    RUN curl -sS https://downloads.1password.com/linux/keys/1password.asc | \
    gpg --dearmor --output /usr/share/keyrings/1password-archive-keyring.gpg

    RUN echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/1password-archive-keyring.gpg] https://downloads.1password.com/linux/debian/$(dpkg --print-architecture) stable main" | \
    tee /etc/apt/sources.list.d/1password.list

    RUN mkdir -p /etc/debsig/policies/AC2D62742012EA22/
    RUN curl -sS https://downloads.1password.com/linux/debian/debsig/1password.pol | \
    tee /etc/debsig/policies/AC2D62742012EA22/1password.pol
    RUN mkdir -p /usr/share/debsig/keyrings/AC2D62742012EA22
    RUN curl -sS https://downloads.1password.com/linux/keys/1password.asc | \
    gpg --dearmor --output /usr/share/debsig/keyrings/AC2D62742012EA22/debsig.gpg

    RUN apt update && apt install 1password-cli

  • avinashdubeyse
    avinashdubeyse
    Community Member

    Above is how I am installing OP CLI together with ubuntu for cloud run

  • avinashdubeyse
    avinashdubeyse
    Community Member
    edited April 2022

    No saved device ID. Set the OP_DEVICE environment variable and try again: `export OP_DEVICE=lpeh2gmufiw2ecfjo4k4uw35

    do I need to set OP_DEVICE before running script for add or signin ?

    I setted up OP_DEVICE also but still its same error

    I am now clueless and tired with same error :(

  • do I need to set OP_DEVICE before running script for add or signin ?

    I think what you have there being set is fine. Do you mind trying this command from inside the cloud instance and let me know what the response is? It should print the http response code of trying to reach the signin address page.

    curl -o /dev/null --silent -Iw '%{http_code}' https://www.<1password signin address>

    If that call does not return a 200, there may be some networking issues to resolve.

  • avinashdubeyse
    avinashdubeyse
    Community Member

    thanks for the reply I tried the curl and still its same error
    even-though the curl is returning 200 (pls see here).
    just for info - I am running this in cloud run (which is serverless)

    2022-04-28 12:37:45.727 CESTInside success script
    Default
    2022-04-28 12:37:45.827 CEST4 qipakwsw77hx6pjpezhqnu2rq
    Default
    2022-04-28 12:37:45.827 CEST
    Default
    2022-04-28 12:38:18.527 CESTInside success script
    Default
    2022-04-28 12:38:18.527 CEST 200
    Default
    2022-04-28 12:38:47.026 CESTInside Error
    Default
    2022-04-28 12:38:47.027 CEST[ERROR] 2022/04/28 10:38:46 Couldn't connect to the sign-in address you provided. Check the address and your network connection, then try again.
    Default
    2022-04-28 12:38:47.027 CEST
    Default
    2022-04-28 12:38:52.928 CESTInside Error
    Default
    2022-04-28 12:38:53.427 CESTNo accounts configured for use with 1Password CLI.
    Default
    2022-04-28 12:38:53.427 CEST
    Default
    2022-04-28 12:38:53.427 CESTYou can either:
    Default
    2022-04-28 12:38:53.427 CEST - Sign in with biometric unlock; see https://developer.1password.com/docs/cli/get-started/#sign-in for details.
    Default
    2022-04-28 12:38:53.427 CEST - Add an account manually with op account add; see op account add --help for details.

  • Thanks for the info, I am going to add this issue to the ongoing investigation we have with the CLI not working on another serverless instance (AWS Lambda).

  • avinashdubeyse
    avinashdubeyse
    Community Member
    edited April 2022

    Thanks a lot .. please let me posted with solution or any progress with CLI on serverless instance (cloudrun or AWS Lambda). please share the link for AWS Lamba issue as well so I can track that

  • Horia.Culea_1P
    edited May 2022

    Hey @avinashdubeyse,
    My colleague, @Justin.Yoon_1P has updated the ticket with the details of this report.
    Alas, our issue tracking is handled internally. Here is a link to the original AWS Lambda thread, in the meantime:
    https://1password.community/discussion/123194/cli-exiting-with-error-code-133-on-aws-lambda

    We'll make sure to keep you updated, as we make progress with this.
    Thank you for your patience.

    Best,
    Horia

This discussion has been closed.