1password cli op run with python in Visual Studio Code using remote SSH

raymccarthy
raymccarthy
Community Member
in CLI

I am really interested in using 1password cli in Visual studio code but needing to add 'op run --' before the command is nearly impossible when using VSC python debugger. At least I have not found a sensible solution to it. I have come up with this approach which works. Does anyone else have a better solution?

VSC uses /usr/bin/env before every command it executes on linux, when debugging, and even when starting a remote ssh session.

sudo mv /usr/bin/env to /usr/bin/env_orig

vi /usr/bin/env

And paste this script

#!/bin/bash

if [[ $@ == *'code-server'* ]]; then
  /usr/bin/env_orig $@
else
  source /etc/1p.sh && op run  --env-file "~/1password.env" -- /usr/bin/env_orig $@
fi

chmod +x /usr/bin/env

The file /etc/1p.sh contains two exports

export OP_CONNECT_HOST=
export OP_CONNECT_TOKEN=

I didn't want these in the /usr/bin folder

This will ensure that op run is executed every time env is run.

The if statement is necessary to prevent this process running when VSC starts the remote ssh session. Without this, the environment variables get permanently injected into the VSC remote session.

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided

Comments

  • Jack.P_1P
    Jack.P_1P

    Thanks for sharing @raymccarthy!

    Jack

  • weslowsk
    weslowsk
    Community Member

    I wanted to start using VSC and 1Password today and ran into the same problem. Because I didn't want to make as many changes as the OP did, and I consider my VSC development environment secure, I decided to use op inject instead. I use it to inject secrets into config files that my Python script pulls in.
    https://developer.1password.com/docs/cli/secrets-config-files/

    To increase security a bit, one could remove the config files from the file system after each development session.

  • JohannesKnust
    JohannesKnust
    Community Member

    I solved it by using the following snippet

    import subprocess
    import os
    import boto3

    Retrieve API key and other credentials using the 1Password CLI ('op' command)

    url = get_op_secret('op://Test/Token/URL').decode('utf-8')

    Set environment variables for credentials

    os.environ['URL'] = URL

    • no usage of the .env file at the moment because I wasted already to much time to solve it :)
This discussion has been closed.