How to specify 'password' that is not in section
I have an entry which when i do
op read op://quaechen8IolacaeBah0ae4doob4/someimportantthing/password
I get the reply
[ERROR] 2022/07/01 10:20:57 could not read secret op://quaechen8IolacaeBah0ae4doob4/someimportantthing/password: cannot get 'password' field of 'quaechen8IolacaeBah0ae4doob4/someimportantthing': The item has more than one "password" field. Include the section name to specify which to use: <section>.<field>
What is the section name for the entries not in a section, I can refrence the password in the sections but not those not in a section?
❯ op --version 2.5.0
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: L
Browser:_ Not Provided
Comments
-
Hey @xophermc, thank you for reaching out to us!
In order to reference a field that is not in a section, the secret reference should have the format
op://vault/item/field
, completely excluding the section token. However, I was not able to reproduce the error that you have attached to your message. Would it be possible for you to show us what your item looks like, in terms of structure? (with the sensitive fields editted out, of course).In the meantime, if you want to exclude the section token even in the case of fields within sections, you can use a reference such as
op://vault/item/field-id
. The field id's can be retrieved usingop item get <item> --format json
. Let me know if this helps. Looking forward to hearing from you!Best,
Horia0 -
Hey Horia,
thanks for the answer, unfortunately this does not work.
santized json
{ "id": "rj672ku4epqzjuokkre3pnxlcu", "title": "demo.company.com", "favorite": true, "version": 20, "vault": { "id": "3xfy2ylmwshb5jwyurn3yiv274", "name": "Hetzner (blah)" }, "category": "SERVER", "last_edited_by": "5NS4KBVKRZCKTOVO4X6XQOWDCY", "created_at": "2019-07-17T20:27:14Z", "updated_at": "2022-06-30T16:20:20Z", "sections": [ { "id": "Section_j4v3i34ye7eb2hjtz67je33t7u", "label": "MySQL (percona 5.7)" }, { "id": "Section_tpijcsulqxiw7gjdlqjam6ukrq", "label": "Repository postgres" }, { "id": "Section_wc4xb2zclzdlh7hr6kh2xorfam", "label": "Typo3Demo" }, { "id": "Section_ifiyalenf622y7n77bvuz437iy", "label": "bfusa" }, { "id": "Section_z6eweqrafbdjlnfd6gclqwikza", "label": "dbdemo Datenbank" } ], "fields": [ { "id": "notesPlain", "type": "STRING", "purpose": "NOTES", "label": "notesPlain", "reference": "op://3xfy2ylmwshb5jwyurn3yiv274/demo.company.com/notesPlain" }, { "id": "url", "type": "STRING", "label": "User", "reference": "op://3xfy2ylmwshb5jwyurn3yiv274/demo.company.com/User" }, { "id": "username", "type": "CONCEALED", "label": "password", "reference": "op://3xfy2ylmwshb5jwyurn3yiv274/demo.company.com/password" }, { "id": "password", "type": "STRING", "label": "tsm-linux username", "reference": "op://3xfy2ylmwshb5jwyurn3yiv274/demo.company.com/tsm-linux username" }, { "id": "t574czrxg3w45iu6qa5kfydapi", "type": "CONCEALED", "label": "tsm-linux password", "reference": "op://3xfy2ylmwshb5jwyurn3yiv274/demo.company.com/tsm-linux password" }, { "id": "pnkxytqaxn33hvkavaxz6ae6wu", "type": "STRING", "label": "URL", "reference": "op://3xfy2ylmwshb5jwyurn3yiv274/demo.company.com/URL" }, { "id": "xxue6c4nydbqjsccjgbxy5i434", "section": { "id": "Section_j4v3i34ye7eb2hjtz67je33t7u", "label": "MySQL (percona 5.7)" }, "type": "CONCEALED", "label": "root (from local)", "reference": "op://3xfy2ylmwshb5jwyurn3yiv274/demo.company.com/Section_j4v3i34ye7eb2hjtz67je33t7u/xxue6c4nydbqjsccjgbxy5i434" }, { "id": "abe3lmttesro2xdf7sfmeu2g4e", "section": { "id": "Section_j4v3i34ye7eb2hjtz67je33t7u", "label": "MySQL (percona 5.7)" }, "type": "CONCEALED", "label": "writeback", "reference": "op://3xfy2ylmwshb5jwyurn3yiv274/demo.company.com/Section_j4v3i34ye7eb2hjtz67je33t7u/writeback" }, { "id": "r5k5hsvk3agxrssrwkea3ah6w4", "section": { "id": "Section_z6eweqrafbdjlnfd6gclqwikza", "label": "dbdemo Datenbank" }, "type": "STRING", "label": "fbdemo (connection only from toolbox-IP)", "reference": "op://3xfy2ylmwshb5jwyurn3yiv274/demo.company.com/dbdemo Datenbank/r5k5hsvk3agxrssrwkea3ah6w4" }, { "id": "mc77ac64zplitpllirpqge5bwa", "section": { "id": "Section_z6eweqrafbdjlnfd6gclqwikza", "label": "dbdemo Datenbank" }, "type": "CONCEALED", "label": "nadia", "reference": "op://3xfy2ylmwshb5jwyurn3yiv274/demo.company.com/dbdemo Datenbank/nadia" }, { "id": "6xvvsxvpvty2ybz7b46g4ybici", "section": { "id": "Section_tpijcsulqxiw7gjdlqjam6ukrq", "label": "Repository postgres" }, "type": "STRING", "label": "port", "reference": "op://3xfy2ylmwshb5jwyurn3yiv274/demo.company.com/Repository postgres/port" }, { "id": "4em6jdrdwmld4mqa4cbqyts2ke", "section": { "id": "Section_tpijcsulqxiw7gjdlqjam6ukrq", "label": "Repository postgres" }, "type": "STRING", "label": "user", "reference": "op://3xfy2ylmwshb5jwyurn3yiv274/demo.company.com/Repository postgres/user" }, { "id": "5rslyjkilj72ohaqvrn4cppgne", "section": { "id": "Section_tpijcsulqxiw7gjdlqjam6ukrq", "label": "Repository postgres" }, "type": "CONCEALED", "label": "pw", "reference": "op://3xfy2ylmwshb5jwyurn3yiv274/demo.company.com/Repository postgres/pw" }, { "id": "6ro5ztxuzaffxl7xuch7yv6az4", "section": { "id": "Section_wc4xb2zclzdlh7hr6kh2xorfam", "label": "Typo3Demo" }, "type": "STRING", "label": "User", "reference": "op://3xfy2ylmwshb5jwyurn3yiv274/demo.company.com/Typo3Demo/User" }, { "id": "nveopfwbl2fou6nlhfbyu43twm", "section": { "id": "Section_wc4xb2zclzdlh7hr6kh2xorfam", "label": "Typo3Demo" }, "type": "CONCEALED", "label": "pw", "reference": "op://3xfy2ylmwshb5jwyurn3yiv274/demo.company.com/Typo3Demo/pw" }, { "id": "p4vkq7lkoxgheouh75hzhb7el4", "section": { "id": "Section_ifiyalenf622y7n77bvuz437iy", "label": "bfusa" }, "type": "STRING", "label": "mysqluser", "reference": "op://3xfy2ylmwshb5jwyurn3yiv274/demo.company.com/bfusa/mysqluser" }, { "id": "6a6yqannup4q2c7rftntvkhe2u", "section": { "id": "Section_ifiyalenf622y7n77bvuz437iy", "label": "bfusa" }, "type": "CONCEALED", "label": "mysqlpw", "reference": "op://3xfy2ylmwshb5jwyurn3yiv274/demo.company.com/bfusa/mysqlpw" } ] }
0 -
Hi @xophermc ,
it looks that in the example you have provided there are 2 valid candidates for the query
op read op://3xfy2ylmwshb5jwyurn3yiv274/demo.company.com/password
. Those are:{ "id": "username", "type": "CONCEALED", "label": "password", "reference": "op://3xfy2ylmwshb5jwyurn3yiv274/demo.company.com/password" }
and
{ "id": "password", "type": "STRING", "label": "tsm-linux username", "reference": "op://3xfy2ylmwshb5jwyurn3yiv274/demo.company.com/tsm-linux username" }.
For the first one, its label="password" causes it to match the query and for the second one, it's the ID="password" that causes the field to match the query. I realise this is confusing because the json object clearly shows that the secret reference is
op read op://3xfy2ylmwshb5jwyurn3yiv274/demo.company.com/password
only for one field that matches the query. In practice however, a secret can have multiple secret references other than the ones displayed in the json representation of an item. That is becauseop read
tries to match both labels and ids when provided with a query.In your case, I would suggest using "op://3xfy2ylmwshb5jwyurn3yiv274/demo.company.com/username" for finding the first field above and "op://3xfy2ylmwshb5jwyurn3yiv274/demo.company.com/tsm-linux username" for finding the second. Otherwise, you could consider changing the label of the field with id "username" to something else than "password".
I hope this was helpful. Please let us know your thoughts!
Cheers,
Andi0 -
Great thanks !
Now I get that the 'default' section has two valid 'password' entries!
0 -
Glad this got sorted out!
Let us know if you have any other questions, we're all happy to help! :DBest,
Horia0