Interactive CLI built upon OP CLi

avoiney

Hi there,

I started to build an interactive CLI upon op with python3.
It still a WIP but I would be happy to get your feelings about it. Especially about security best practices.
For now, only the item retrieval is implemented but I will try to implement the others op features.

Feel free to give your feeling, contribution or comments! I will be really happy to read from you!

Here is the repo url: https://github.com/avoiney/oppy

Bye!

---

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

rickfillion

What an awesome idea. When we first started the CLI project one of the biggest questions we had was "should it be interactive or not?" and we decided that for starters it shouldn't be. But there's so much potential in an interactive version that I've been super tempted to add an interactive mode. I'm super glad that someone has taken on that challenge.

I'm looking at your code and I'm trying to understand how you're dealing with the user's Master Password. If I'm reading this correctly, your wrapper is never actually touching the MP and instead just invoking op signin, and then reading in its output to get the session token. Is that right? If so, then that's how I would recommend that you do it.

Rick

avoiney

Thanks for reading me out!

For now, the interactive CLI requires to have a configured and operational op. The user may have already run
op signin <signinaddress> <emailaddress> <secretkey>.

Then, oppy will require the master password to create a session, if a session do not already exist in the system keyring. Under the hood, this last part will run an op signin --raw to keep the session key to encrypt it in the system keyring.

rickfillion

I'm sorry, I'm not quite following what you're saying here. I understand the requirement that the user have already signed in once normally so that you've got a shorthand/domain to play with. But I'm looking for a confirmation that the oppy tool itself is never reading the Master Password and instead delegating that responsibility entirely to op signin.

Rick

avoiney

Hum, in fact oppy ask the MP using getpass to store it in the system keyring. I am not a security expert, so I would love to read advice from you.
This functionnality can be completely removed and only keep the op KEY_SESSION string to pass it to the subprocess calling op commands.
This way, the authentication will only rely on the op signin command.

Do you think this would be better?

(Excuse my approximate english, and do not hesitate to ask me to be clearer).

Alex.

rickfillion

Now I see how it's working.

I think you should reconsider your approach. We wouldn't want a user's Master Password to be saved anywhere on disk even if it's encrypted.

Rick

avoiney

Ok. It is not a problem. I fully understand your request. This will be quick to implement.

What about the SESSION_KEY? Can it be saved encrypted? This should be great to prevent for oppy unintentional closes. This way, if user start oppy again during the session validity, the Master Password will not be asked again.

Alex.

rickfillion

Yes, it'd be considered OK to store the session token. In your case I don't think I'd do it though. I get the appeal of being able to start the tool and not have to punch in the Master Password again... but to me that seems like a violation of expectations. Just like 1Password for Mac, if it gets terminated and relaunched the user has to unlock it again.

Rick