How to add multiple URLs via CLI?

EdGue

Hello there,

our test servers all require the same login credentials. In the past, I solved that problem by manually creating a login item in 1password,
export that, have a script add hundreds of IP addresses to that item, and import it back. Problem with that: the item is then too large
to be sync'ed with the server, so it only exists locally on my laptop. 1password 8 will take away that option for me, so I am looking into
a new solution:

• create a script that creates multiple login items, each one "small enough" so they can be uploaded to the 1password clouds (like: with all IP addresses for a specific /24 subnet, like 42.43.44.*)
• use the same credentials for all those login items
• have a second script that updates the password on all these items when needed

But according to some older post, multiple URLs aren't supported on the command line.

Is that still true?
If yes: are there any options to work around that programmatically?
If no: what is the easiest way of handling this?

---

1Password Version: 7.9.6
Extension Version: Not Provided
OS Version: macOs 12.5.1
Browser:_ chrome and firefox

andi.t_1P

Hi @EdGue , thanks for reaching out! First of all, it is now possible to create items with multiple fields/urls with the 1Password CLI. If the size is still a problem then you could create 1 LOGIN type item, let's call it SharedCredentials, in vault Private. Then you can go ahead and create multiple items as planned with various IP addresses (let's call one of them ip1 in vault Private), with the property that each of these items can store the reference to the SharedCredentials in a field called credentials_id & credentials_pass, like such credentials_id=op://Private/SharedCredentials/username and credentials_pass=op://Private/SharedCredentials/password. You could then retrieve the shared credentials by having a file called retrieveCreds.txt with contents username: op://Private/ip1/credentials_id, password: op://Private/ip1/credentials_pass, and then running op inject -i 'retrieveCreds.txt' two times. The first time the secret reference for the actual SharedCredentials will be written in retrieveCreds.txt, and the second time around the actual credentials will be there. This would result into not concerning yourself with updating the credentials to each individual smaller item. Because they all reference the same item, you could just update the credentials in the SharedCredentials.

Hope this helps,
Andi

EdGue

Thanks, that sounds like good approach.

I solved it differently in the meantime. My code:

• fetches the Login template as JSON
• fetches the required credentials from some existing item
• adds things such as user name and password, and most important: a field "urls" that contains an array of JSON objects { "href": "someip"}
• and then passes that via stdin to op create

This way, I can programmatically create the required login items.

Then there is another script that updates these auto-created items (they all share a specific tag).
The update is a little bit deficient, as that only works with open item edit password=.... , but that is acceptable
(albeit I might update the tooling once op item edit supports to pass arguments via STDIN, too)

andi.t_1P

Great, glad you got this figured out, and thank you for the feedback!