Feature Request: Generate random passwords with CLI via dedicated command (e.g. `op generate`)

Nezteb

There are a few past threads about this:

• December 2020: https://1password.community/discussion/117673/generating-passwords-with-the-cli
• March 2022: https://1password.community/discussion/127625/feature-request-add-password-generation-with-words-in-cli
• May 2022: https://1password.community/discussion/129811/generate-passwords-from-op-1p-cli

They never seemed to go anywhere. One suggestion was to use:

op item create --title='retrievable generated password' --category=password --generate-password=20,letters,digits | op read op://Private/'retrievable generated password'/password

I find that overly verbose and complex just to get a short-lived password. There are many situations where you wouldn't want to save a password in 1P from a shell script. In my case, I'm spinning up containers to test with, after which I destroy the container and never need the password again.

There are plenty of other ways to do this with bash/zsh:

• date +%s | sha256sum | base64 | head -c 32 ; echo
• openssl rand -base64 32

I'd much prefer a way to do this with the 1Password CLI if at all possible. Something like op generate [options], though the command can be anything.

---

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided

ubcpittet

+1, FTR ChatGPT lied and said it existed already :)
op generate password 20 --require-uppercase --require-lowercase --require-digits --require-symbols

ubcpittet

More temporary but if you are familiar with jq https://stedolan.github.io/jq/manual/

op item create \
    --dry-run \
    --category Password \
    --generate-password='letters,digits,symbols,32' \
    --format json \
    | jq -r '.fields[] | select(.id == "password").value'

ubcpittet

Example use case:
Take the temporary generated password and use it to override a database (non password/login item) password

PASS=$(op item create \
    --dry-run \
    --category Password \
    --generate-password='letters,digits,symbols,32' \
    --format json \
    | jq -r '.fields[] | select(.id == "password").value');
op item get "EXISTING DATABASE ITEM" --format json \
    | op item create \
    --vault "VAULT" \
    --title "NEW NAME" \
    - 'username=USER' 'database=DB' "password=${PASS}"

Nezteb

Ah TIL about the --dry-run flag, thanks for that tip!

Using your snippet as a base, I came up with a bash alias for this:

genpass() {
  CHARS=${1:-32}

  ITEM=$(op item create \
    --dry-run \
    --category Password \
    --generate-password="letters,digits,symbols,$CHARS" \
    --format json)

  PASS=$(echo "$ITEM" | jq -r '.fields[] | select(.id == "password").value')

  echo "$PASS"
}

That could all be one or two lines but I split it up for ease-of-use. 😅

Usage:

❯ genpass
7FwhRY.Zp.BVWxUrqUxKPEQQx-u!PKa.

❯ genpass 5
n3F-L

❯ genpass 64
ngtstGwJ3KmJQ2fJ-MkVkCPNNCqHXt_k-j3szo4KvVeFHVi*J*P*b2xVxpdRWRA8

ubcpittet

Much easier to read like that, thanks for riffing off it 😀

andi.t_1P

Hey all, we do have ongoing work for making this feature possible. Here is what it could like:

op item edit --generate "My Field"
op item edit --generate "My Field=20,letters,numbers"
op item edit --generate "My Field[text]=20,letters,numbers"

No ETA for when this will be available though, but in the meantime, let us know what feedback you have about the design.

ubcpittet

@andi.t_1P that could help a bit for my use case, yeah! Although having a dedicated generate command could also have some nice use-cases. Thanks for sharing what you're up to.

1P_Amanda

If you have any specific use cases that this really doesn't solve, please feel free to let us know :)

Amanda

ubcpittet

I think the other use case is to create a temporary password, maybe for a hash salt or something where we don't store it in 1Password after it's generated

1P_Amanda

Hi @ubcpittet,

That's currently possible, actually! op item create --category password --generate-password --dry-run --format json | jq -r '.fields[0].value'

Cheers!
Amanda

ubcpittet

@1P_Amanda , that's what we're doing above already in this thread, see the original post for context.

1P_Amanda

Oops, I feel dumb now - that'll teach me to reply before coffee on a Monday morning. I'll make a note, thank you!

Amanda

ubcpittet

Totally fine, I do that all the time too! Coffee is essential ☕️! Doesn't change the outcome in my case ;)

1P_Amanda

I'm not confident it would have in mine either, shhhh.