Is there a faster way to empty a vault using CLI2?

agrpcaliagrpcali
Community Member

Hi, I have a requirement to empty certain vaults periodically and then refill them. I'd rather not delete the vault and recreate it and all the permissions if possible.
For a vault with 500 items in it is taking about 20 mins to do this using CLI 2.7 like this:

for item_name in $(op item list --vault $VAULT_NAME --format=json | jq -r '.[].id')
do
op item delete $item_name --vault $VAULT_NAME
done

I also tried the below but it caused a runtime out of memory error when performed on a vault with 500 items:

op item list --vault $VAULT_NAME –format json | op item delete - --vault $VAULT_NAME

I also tried the below but the syntax isn't valid:
op item list --vault $VAULT_NAME --format=json | jq -r '.[].id' | op item delete - --vault $VAULT_NAME

I wonder what the best/most efficient/quickest way is to do this via CLI? Otherwise I have to do manually via the 1Password windows app.

Thankyou, Andrew


1Password Version: CLI 2.7.1
Extension Version: Not Provided
OS Version: Oracle Linux 7
Browser:_ Not Provided

Comments

  • zcutlipzcutlip Junior Member
    Community Member

    If doing this in python is an option for you, you could use pyonepassword for this. Tried it out just now, and have the (relatively minor) changes required implemented in a local branch. If useful. I could cut a release supporting this.

    Example:

    from pyonepassword import OP
    
    vault = "Test Vault"
    op = OP()
    item_list = op.item_list(vault=vault)
    for item in item_list:
        op.item_delete(item.unique_id, vault=vault)
    

    Worth noting, we're deleting one item at a time, so it's about ~1 sec./item, so not super fast. Also I don't know if you'll hit any throttling issues from 1Password; each item_delete() operation is actually two operations: a get (to resolve the unique ID) followed by a delete.

    With moderately more effort, I could implement batch deletion where you could, say, delete 25 (or whatever number ends up working) items at a time.

    So, similar to above, but maybe (this isn't implemented yet):

    from pyonepassword import OP
    
    vault = "Test Vault"
    op = OP()
    item_list = op.item_list(vault=vault)
    
    # probably have a default batch size, but override with a kwarg? 
    op.item_delete_batch(item_list, vault=vault)
    

    Let me know if either of those sounds useful.

    The first option I could probably get out as soon as tonight. The second, wouldn't be too bad, but might take a week or so.

    Zach

  • zcutlipzcutlip Junior Member
    Community Member

    Here's a screenshot of it actually working for me (I had far fewer items than you of course).

    Screenshot of multiple item delete in python

  • agrpcaliagrpcali
    Community Member

    Zach, thankyou for your post. Your first script is probably deleting about the same speed as my for loop if it's around 1 per second. Mine's perhaps a bit over 1 per sec which is quite a long time for a large vault of 500 items. We wouldn't be allowed to use your API for security reasons but I will still have a look to see how you've done it.

    I wonder how the 1Password windows app does a bulk deletion under the hood because I can highlight all 500 items in my vault, click delete and they're gone in seconds or at least appear to be. If they could implement this in CLI it would be very useful to me.

  • zcutlipzcutlip Junior Member
    Community Member

    We wouldn't be allowed to use your API for security reasons

    That's unfortunate as pyonepassword completely open source and can be inspected & verified. But I know how these things go sometimes

    I'll still probably push the update. I think I can speed it up a fair bit as well.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file