op run command reads non-existent item data
keiyamazaki
Community Member
in CLI
I usually use 1Password with the op command, but I encountered a strange behavior where the op run command reads data for a non-existent item.
The steps to reproduce are as follows:
1. Create an item. At this time, set the item name in Japanese (I'm a Japanese user).
2. Move that item to another vault.
3. Use the op run command to access the item with the “pre-move” item ID.
When executing step 3, despite accessing the item with the pre-move Item ID, I am still able to retrieve the item’s information.
Below is the log from when I executed the op command.
% op item list --vault Old-Vault ID TITLE VAULT EDITED ozym56n74fgvpo2z6uuyalfqvq テストアイテム Old-Vault 30 seconds ago % op --cache=false read "op://Old-Vault/ozym56n74fgvpo2z6uuyalfqvq/password" test-password-sfJddGyZZvDm!CJNJ7 % cat my2.env TEST_ITEM_PASS_BY_ID="op://Old-Vault/ozym56n74fgvpo2z6uuyalfqvq/password" % op --cache=false run --no-masking --env-file my2.env -- printenv TEST_ITEM_PASS_BY_ID test-password-sfJddGyZZvDm!CJNJ7 # Move Item % op item move ozym56n74fgvpo2z6uuyalfqvq --current-vault Old-Vault --destination-vault New-Vault ID: 4ssn5vvleky4hcvyryjumvmo7u Title: テストアイテム Vault: New-Vault (y2haqnrzxfymqvglaimhfu5wwq) Created: now Updated: now by HZJFMULD5VFFVNZQ7TTGHOCMEQ Favorite: false Version: 1 Category: LOGIN Fields: username: test-user password: [use 'op item get 4ssn5vvleky4hcvyryjumvmo7u --reveal' to reveal] % op item list --vault Old-Vault # Item ID has been changed % op item list --vault New-Vault ID TITLE VAULT EDITED 4ssn5vvleky4hcvyryjumvmo7u テストアイテム New-Vault 27 seconds ago # op read command can't read item data by old item id % op --cache=false read "op://Old-Vault/ozym56n74fgvpo2z6uuyalfqvq/password" [ERROR] 2024/10/16 15:36:37 could not read secret 'op://Old-Vault/ozym56n74fgvpo2z6uuyalfqvq/password': could not get item Old-Vault/ozym56n74fgvpo2z6uuyalfqvq: "ozym56n74fgvpo2z6uuyalfqvq" isn't an item in the "Old-Vault" vault. # But op run command reads item data by old item id % op --cache=false run --no-masking --env-file my2.env -- printenv TEST_ITEM_PASS_BY_ID test-password-sfJddGyZZvDm!CJNJ7
0