Feature request: forward op cli socket over SSH

gclawes
gclawes
Community Member
in CLI

Running op CLI on a remote server in the absence of the desktop app requires storing the account secret on that server on the filesystem in cleartext:

$ cat ~/.config/op/config
{
        "latest_signin": "my",
        "device": "[REDACTED]",
        "accounts": [
                {
                        "shorthand": "my",
                        "accountUUID": "[REDACTED]",
                        "url": "https://my.1password.com",
                        "email": "[REDACTED]",
                        "accountKey": "[REDACTED]",
                        "userUUID": "[REDACTED]",
                        "dsecret": "[REDACTED]"
                }
        ]
}

With the right filesystem permissions this can be reasonably secure, but not as secure as the local desktop app.

It would be useful if the op tool had an agent-socket-forwarding mechanism similar to SSH agent forwarding allowing the op binary on a remote server to communicate with the local 1Password Desktop instance over an SSH connection.

This is not the same as forwarding the 1Password ssh-agent socket over SSH, this would be a separate socket for op CLI operations.

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: macOS, Windows, Linux
Browser: Not Provided

This discussion has been closed.