Is it possible to inject a OTP into a config file?

nate886

I've set up a config file template as described here: https://developer.1password.com/docs/cli/secrets-config-files

Everything is working great, except for the OTP. The reference (op://<vault>/<item>/<section>/one-time password) appears to be addressing the "value" field which contains the otpauth://... URI, rather than addressing the "topt" field where the current calculated value (e.g. 123456) is stored.

Is there a way to merge the OTP code into a config file using the op.exe inject syntax, or must I merge it in manually using the op get totp <uuid> [flags] command and some scripting magic?

---

1Password Version: CLI 2.7.1
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided

nate886

I found a thread on Reddit asking the same question, but it looks like everyone suggested going the manual merge route.

Figured it was worth asking here to see if there was an official answer.

andi.t_1P

Hi @nate886 , the answer to your question is that, currently, there is no way in which you could retrieve the totp value of a one time password using secret references. You could only achieve that using op item get <uuid> --otp. That being said, I just filed an internal feature request for making this possible with secret references well, with op read or op inject more specifically.

All the best,
Andi

nate886

Thanks @andi.t_1P!

nate886

Just wanted to add - I know putting such an ephemeral code in a config file seems weird, so to elaborate: The Cisco AnyConnect VPN client doesn't take command line arguments for username, password, OTP, etc. Their solution is to write everything to a file and read the file in. It's janky, but it works...

andi.t_1P

Thanks for the detailed explanation of your case, it definitely helps in understanding why you need this!

Best,
Andi