Service accounts supporting more CLI commands

jutley
jutley
Community Member

Currently, the new Service accounts feature supports limited commands via the CLI:
https://developer.1password.com/docs/service-accounts/get-started/#supported-commands

Are there any plans to support more CLI commands? Specifically we would like to have access to the "op item share" command. Our use case is simple - we have a number of users who use fixed AWS access keys with third party programs that do not support temporary credentials. We would like to implement forced rotation of these credentials, and use the 1Password share option to provide the new keys to those users.

Currently we use the 1Password Connect container - but it can not write to a user's private vault, so we have to have separate vaults for each user - and with the connect API being priced according to how many vaults it has access to, the cost gets high rather quick. If we could use the secure sharing tool in an automated manner to do this, it would be so much better!

Thanks for your consideration!


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided

Comments

  • Hi there,

    It is possible to share an item using a service account, but there's a caveat - the service account needs 'Full access' on the vault. The way that it's currently implemented, service accounts only get 'Full access' on a vaults that they have created, so the service account would first need to create the vault, then add the items and generate the share link.

    Let me know if this will work for your use case.

    Thanks,
    Mike

  • francismh
    francismh
    Community Member

    Hi,

    "The way that it's currently implemented, service accounts only get 'Full access' on a vaults that they have created" - any plans to fix this?

    Requiring the service account to create the vaults is impractical for various reasons.

    I inquired with the business support, but did not get a definitive answer.

    Please advice.

    Thank you

  • michael.c_1P
    edited March 5

    Hey there,

    I wanted to let you know that we recently added the share permission when creating a new service account. You should see this permission now in your account.

    Let me know if you have any questions.

This discussion has been closed.