OnePassword CLI over Connect
Using onepassword-cli 2.6.0
In order to use 1Password from AZDO pipelines, we've added the onepassword-cli package to our worker nodes. However it seems very limited in what it can do.
I'm setting the OP_CONNECT_HOST and OP_CONNECT_TOKEN environment variables for authentication to the onepassword-connect service, and then calling 'op read' from the build pipeline Bash task.
The problems I have are
- It seems to be read-only - no way to save a secret from the commandline?
- No way to extract file attachments from secrets
- No way to search for secrets
- It seems to be unable to retrieve secrets with ':' or '@' in their name, even if these are URL-encoded?
The last one in particular is a big issue as our naming standard requires these and we have hundreds of secrets containing these characters. I can't use the secret internal ID instead of the name, because I don't know what they are and it would be very problematic to have to work it out for every secret.
The API, though, seems to quite happily support all of these (well, no way to write file attachements, but thats a lot closer)
I don't want to have to write my own tool to call the API when the onepassword-cli is supposed to do the job. Is there a way to achieve this? Otherwise the CLI tool seems hopelessly limited and underdeveloped.
1Password Version: onepassword-cli 2.6.0
Extension Version: n/a
OS Version: Linux