Programmatically get TOTP code from 1Password for a specific entry
For work I use a VPN that requires a TOTP code, which I store in 1Password. I need to pull out this code several times per day and paste it into the VPN window. Right now this means when I see the window I hit the hotkey to bring up 1Password, type "VPN", hit ⇧⌃⌘C to copy the TOTP code, then click back in the VPN window (since 1Password stole its focus) and paste it. This is getting rather tedious.
Is there any way for me to programmatically copy this TOTP code? If I can do that, then hopefully I can write a script that uses the accessibility APIs to paste it into the VPN window. My inclination is to say 1Password doesn't expose a way to do this, but I'd love to be proven wrong about that.
1Password Version: 7
Extension Version: Not Provided
OS Version: 10.13.6
Sync Type: Family
Comments
-
Hi @kballard,
We do offer a CLI which may be helpful if you’re looking to script 1Password:
Beyond that I’d say that we do hope to make integration into workflows with 3rd party apps easier. Would you mind sharing what the VPN client in question is here?
Ben
0 -
Doesn't the CLI require me to re-enter my master password after 30 minutes? That means I'd be re-entering my master password pretty much every time I need to log back into the VPN. This would be acceptable if I could use Touch ID to authenticate it, but since it's a CLI tool I'm guessing I can't. I mean, I suppose I could stuff my master password into the Keychain and use the Keychain APIs to pull that back out in order to authenticate the 1Password CLI, but that seems a bit iffy.
The VPN client in question is Viscosity.
0 -
@kballard You are correct in that you'll need to re-enter your password every 30 minutes. We would love to include Touch ID integration, but we haven't found a good way to do that yet. The keychain is a good option, or you could use a GPG key and use a GPG suite of some sort.
Feel free to ask any specific questions you have about it over in the CLI forum: https://discussions.agilebits.com/categories/cli
0 -
I ended up writing my Alfred Workflow using a custom tool built in Swift that looks up my account key and master password in my local keychain, uses the CLI tool to log into 1Password and fetch the TOTP code, and then uses AppleScript to fill that into the Viscosity window.
It take a few seconds to look all this up because of the whole "log into 1Password and fetch the item info" steps, it sure would be nice if there was some way I could authorize a tool to fetch this info from the 1Password app I already have running, but at least it works. A benefit of the "authorize some tool to fetch info from the running 1Password app" approach is 1Password could then prompt for TouchID to confirm (along with telling me precisely what info is being requested).
0 -
it sure would be nice if there was some way I could authorize a tool to fetch this info from the 1Password app I already have running, but at least it works
Yes, that would be very cool.
Rick
0 -
This works well for me:
function 1pass-signin() { eval $(op signin my) } function okta-username() { op get item Okta | jq -r '.details.fields[] | select(.designation == "username").value' } function okta-password() { op get item Okta | jq -r '.details.fields[] | select(.designation == "password").value' } function okta-secret() { op get item Okta | jq '.details.sections[1].fields[0].v' | awk -F'[=&]' '{print $2}' } 1pass-signin echo "$(okta-username)" echo "$(okta-password)" echo "$(okta-secret)"0
