How to specify 'password' that is not in section

xophermcxophermc
Community Member
in CLI

I have an entry which when i do

op read op://quaechen8IolacaeBah0ae4doob4/someimportantthing/password

I get the reply

[ERROR] 2022/07/01 10:20:57 could not read secret op://quaechen8IolacaeBah0ae4doob4/someimportantthing/password: cannot get 'password' field of 'quaechen8IolacaeBah0ae4doob4/someimportantthing': The item has more than one "password" field. Include the section name to specify which to use: <section>.<field>

What is the section name for the entries not in a section, I can refrence the password in the sections but not those not in a section?

❯ op --version
2.5.0

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: L
Browser:_ Not Provided

Comments

  • Horia.Culea_1PHoria.Culea_1P

    Team Member

    Hey @xophermc, thank you for reaching out to us!

    In order to reference a field that is not in a section, the secret reference should have the format op://vault/item/field, completely excluding the section token. However, I was not able to reproduce the error that you have attached to your message. Would it be possible for you to show us what your item looks like, in terms of structure? (with the sensitive fields editted out, of course).

    In the meantime, if you want to exclude the section token even in the case of fields within sections, you can use a reference such as op://vault/item/field-id. The field id's can be retrieved using op item get <item> --format json. Let me know if this helps. Looking forward to hearing from you!

    Best,
    Horia

  • xophermcxophermc
    Community Member

    Hey Horia,

    thanks for the answer, unfortunately this does not work.

    santized json

    {
      "id": "rj672ku4epqzjuokkre3pnxlcu",
      "title": "demo.company.com",
      "favorite": true,
      "version": 20,
      "vault": {
        "id": "3xfy2ylmwshb5jwyurn3yiv274",
        "name": "Hetzner (blah)"
      },
      "category": "SERVER",
      "last_edited_by": "5NS4KBVKRZCKTOVO4X6XQOWDCY",
      "created_at": "2019-07-17T20:27:14Z",
      "updated_at": "2022-06-30T16:20:20Z",
      "sections": [
        {
          "id": "Section_j4v3i34ye7eb2hjtz67je33t7u",
          "label": "MySQL (percona 5.7)"
        },
        {
          "id": "Section_tpijcsulqxiw7gjdlqjam6ukrq",
          "label": "Repository postgres"
        },
        {
          "id": "Section_wc4xb2zclzdlh7hr6kh2xorfam",
          "label": "Typo3Demo"
        },
        {
          "id": "Section_ifiyalenf622y7n77bvuz437iy",
          "label": "bfusa"
        },
        {
          "id": "Section_z6eweqrafbdjlnfd6gclqwikza",
          "label": "dbdemo Datenbank"
        }
      ],
      "fields": [
        {
          "id": "notesPlain",
          "type": "STRING",
          "purpose": "NOTES",
          "label": "notesPlain",
          "reference": "op://3xfy2ylmwshb5jwyurn3yiv274/demo.company.com/notesPlain"
        },
        {
          "id": "url",
          "type": "STRING",
          "label": "User",
          "reference": "op://3xfy2ylmwshb5jwyurn3yiv274/demo.company.com/User"
        },
        {
          "id": "username",
          "type": "CONCEALED",
          "label": "password",
          "reference": "op://3xfy2ylmwshb5jwyurn3yiv274/demo.company.com/password"
        },
        {
          "id": "password",
          "type": "STRING",
          "label": "tsm-linux username",
          "reference": "op://3xfy2ylmwshb5jwyurn3yiv274/demo.company.com/tsm-linux username"
        },
        {
          "id": "t574czrxg3w45iu6qa5kfydapi",
          "type": "CONCEALED",
          "label": "tsm-linux password",
          "reference": "op://3xfy2ylmwshb5jwyurn3yiv274/demo.company.com/tsm-linux password"
        },
        {
          "id": "pnkxytqaxn33hvkavaxz6ae6wu",
          "type": "STRING",
          "label": "URL",
          "reference": "op://3xfy2ylmwshb5jwyurn3yiv274/demo.company.com/URL"
        },
        {
          "id": "xxue6c4nydbqjsccjgbxy5i434",
          "section": {
            "id": "Section_j4v3i34ye7eb2hjtz67je33t7u",
            "label": "MySQL (percona 5.7)"
          },
          "type": "CONCEALED",
          "label": "root (from local)",
          "reference": "op://3xfy2ylmwshb5jwyurn3yiv274/demo.company.com/Section_j4v3i34ye7eb2hjtz67je33t7u/xxue6c4nydbqjsccjgbxy5i434"
        },
        {
          "id": "abe3lmttesro2xdf7sfmeu2g4e",
          "section": {
            "id": "Section_j4v3i34ye7eb2hjtz67je33t7u",
            "label": "MySQL (percona 5.7)"
          },
          "type": "CONCEALED",
          "label": "writeback",
          "reference": "op://3xfy2ylmwshb5jwyurn3yiv274/demo.company.com/Section_j4v3i34ye7eb2hjtz67je33t7u/writeback"
        },
        {
          "id": "r5k5hsvk3agxrssrwkea3ah6w4",
          "section": {
            "id": "Section_z6eweqrafbdjlnfd6gclqwikza",
            "label": "dbdemo Datenbank"
          },
          "type": "STRING",
          "label": "fbdemo (connection only from toolbox-IP)",
          "reference": "op://3xfy2ylmwshb5jwyurn3yiv274/demo.company.com/dbdemo Datenbank/r5k5hsvk3agxrssrwkea3ah6w4"
        },
        {
          "id": "mc77ac64zplitpllirpqge5bwa",
          "section": {
            "id": "Section_z6eweqrafbdjlnfd6gclqwikza",
            "label": "dbdemo Datenbank"
          },
          "type": "CONCEALED",
          "label": "nadia",
          "reference": "op://3xfy2ylmwshb5jwyurn3yiv274/demo.company.com/dbdemo Datenbank/nadia"
        },
        {
          "id": "6xvvsxvpvty2ybz7b46g4ybici",
          "section": {
            "id": "Section_tpijcsulqxiw7gjdlqjam6ukrq",
            "label": "Repository postgres"
          },
          "type": "STRING",
          "label": "port",
          "reference": "op://3xfy2ylmwshb5jwyurn3yiv274/demo.company.com/Repository postgres/port"
        },
        {
          "id": "4em6jdrdwmld4mqa4cbqyts2ke",
          "section": {
            "id": "Section_tpijcsulqxiw7gjdlqjam6ukrq",
            "label": "Repository postgres"
          },
          "type": "STRING",
          "label": "user",
          "reference": "op://3xfy2ylmwshb5jwyurn3yiv274/demo.company.com/Repository postgres/user"
        },
        {
          "id": "5rslyjkilj72ohaqvrn4cppgne",
          "section": {
            "id": "Section_tpijcsulqxiw7gjdlqjam6ukrq",
            "label": "Repository postgres"
          },
          "type": "CONCEALED",
          "label": "pw",
          "reference": "op://3xfy2ylmwshb5jwyurn3yiv274/demo.company.com/Repository postgres/pw"
        },
        {
          "id": "6ro5ztxuzaffxl7xuch7yv6az4",
          "section": {
            "id": "Section_wc4xb2zclzdlh7hr6kh2xorfam",
            "label": "Typo3Demo"
          },
          "type": "STRING",
          "label": "User",
          "reference": "op://3xfy2ylmwshb5jwyurn3yiv274/demo.company.com/Typo3Demo/User"
        },
        {
          "id": "nveopfwbl2fou6nlhfbyu43twm",
          "section": {
            "id": "Section_wc4xb2zclzdlh7hr6kh2xorfam",
            "label": "Typo3Demo"
          },
          "type": "CONCEALED",
          "label": "pw",
          "reference": "op://3xfy2ylmwshb5jwyurn3yiv274/demo.company.com/Typo3Demo/pw"
        },
        {
          "id": "p4vkq7lkoxgheouh75hzhb7el4",
          "section": {
            "id": "Section_ifiyalenf622y7n77bvuz437iy",
            "label": "bfusa"
          },
          "type": "STRING",
          "label": "mysqluser",
          "reference": "op://3xfy2ylmwshb5jwyurn3yiv274/demo.company.com/bfusa/mysqluser"
        },
        {
          "id": "6a6yqannup4q2c7rftntvkhe2u",
          "section": {
            "id": "Section_ifiyalenf622y7n77bvuz437iy",
            "label": "bfusa"
          },
          "type": "CONCEALED",
          "label": "mysqlpw",
          "reference": "op://3xfy2ylmwshb5jwyurn3yiv274/demo.company.com/bfusa/mysqlpw"
        }
      ]
    }
    
  • andi.t_1Pandi.t_1P

    Team Member

    Hi @xophermc ,

    it looks that in the example you have provided there are 2 valid candidates for the query op read op://3xfy2ylmwshb5jwyurn3yiv274/demo.company.com/password. Those are:

    {
      "id": "username",
      "type": "CONCEALED",
      "label": "password",
      "reference": "op://3xfy2ylmwshb5jwyurn3yiv274/demo.company.com/password"
    }
    

    and

    {
      "id": "password",
      "type": "STRING",
      "label": "tsm-linux username",
      "reference": "op://3xfy2ylmwshb5jwyurn3yiv274/demo.company.com/tsm-linux username"
    }.
    

    For the first one, its label="password" causes it to match the query and for the second one, it's the ID="password" that causes the field to match the query. I realise this is confusing because the json object clearly shows that the secret reference is op read op://3xfy2ylmwshb5jwyurn3yiv274/demo.company.com/password only for one field that matches the query. In practice however, a secret can have multiple secret references other than the ones displayed in the json representation of an item. That is because op read tries to match both labels and ids when provided with a query.

    In your case, I would suggest using "op://3xfy2ylmwshb5jwyurn3yiv274/demo.company.com/username" for finding the first field above and "op://3xfy2ylmwshb5jwyurn3yiv274/demo.company.com/tsm-linux username" for finding the second. Otherwise, you could consider changing the label of the field with id "username" to something else than "password".

    I hope this was helpful. Please let us know your thoughts!
    Cheers,
    Andi

  • xophermcxophermc
    Community Member
    edited July 6

    Great thanks !

    Now I get that the 'default' section has two valid 'password' entries!

  • Horia.Culea_1PHoria.Culea_1P

    Team Member

    Glad this got sorted out!
    Let us know if you have any other questions, we're all happy to help! :D

    Best,
    Horia

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file