what is ~/.op/config and how onepassword cli is going to use those details?

sandeepmachiraju
sandeepmachiraju
Community Member

Just now I got to know about ~/.op/config file where user credentials are stored including shorthand.
1) What is the use of this file and how op cli is going to use?
2) If the user wants to use those details, what is the appropriate workflow?

Please attach links where I can go through along with your response.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • cohix
    cohix
    1Password Alumni

    The config file essentially saves the information that the CLI needs to connect to your account, minus your master password. The CLI will use it automatically, there's no interaction needed on your part. The shorthand is generated the first time you use the CLI and is edited automatically as you use the tool.

    If you want to use the accounts in the config file, simply reference them by their shorthand: op signin [shorthand], and you will be prompted for your master password.

    There is also a latest_signin in the config file, which means that the account you signed into most recently can be used without specifying a shorthand: op signin.

    Please let me know if you have any further questions!

  • sandeepmachiraju
    sandeepmachiraju
    Community Member

    Hey If I want to disable that saving details into the file. Can I do it? I don't want to store the details in that file.

  • cohix
    cohix
    1Password Alumni

    @sandeepmachiraju currently there is no way to disable use of the file. What is your use-case for having no file?

  • sandeepmachiraju
    sandeepmachiraju
    Community Member

    I am using CLI in automation. I really don't require the file to be there. Because everything will be provided runtime. I will be using the same syntax which expects every credential of op signin all the time.

    Anyways I can delete the file right? Will it be created every time?

  • cohix
    cohix
    1Password Alumni

    You can indeed delete the file.

  • sandeepmachiraju
    sandeepmachiraju
    Community Member

    Is there any update on this? Do we have any standard workflow to delete the op folder? As it is storing secret keys and other information which is secure information, I would like op cli not to store it.

    Can we file a feature request? If you think it is a valid request.

  • ag_ana
    ag_ana
    1Password Alumni

    @sandeepmachiraju:

    We don't have an update on this, sorry. But as cohix said, you can certainly delete the file every time already if you prefer.

  • felix_1p
    felix_1p
    1Password Alumni

    There is actually one thing you could do @sandeepmachiraju : we have added the --forget flag to op signout and the op forget command (for logged out accounts). Either of these will remove the account information from the config file (but won't remove the file itself). So adding op signout --forget to the end of your script might suffice for your use case?

  • sandeepmachiraju
    sandeepmachiraju
    Community Member

    @felix_1p thanks for the response. I appreciate. That solves the problem.

    For security reasons, I don't want to store even the secret key in the file (that too as a plain text). But op signout with forget tag resolves my problem.

    Thank you.

  • felix_1p
    felix_1p
    1Password Alumni

    @sandeepmachiraju You are very welcome!

  • sandeepmachiraju
    sandeepmachiraju
    Community Member

    One more question, I am doing the following steps. In this case, op signout is not working:

    1) op signin --raw
    I am getting displayed with the session token.
    2) I am using that token in-memory in my program. (Note: I am not setting the session token as an env variable. Because I don't need it)
    3) op signout --forget (This command is not working)

    Note: I found that op signout works only if I set the session token as an env variable.

    I don't know what it was implemented like that. Why can't op signout takes the token as --token and do the logout. Let me know your thoughts.

  • felix_1p
    felix_1p
    1Password Alumni

    @sandeepmachiraju Every op command accepts the session token via the --session flag. That should work for op signout as well.

    I am using that token in-memory in my program.

    May I ask how you are doing that if you are not using the --session flag? Or am I misunderstanding something here?

  • sandeepmachiraju
    sandeepmachiraju
    Community Member

    Yes, I am using --session flag. Except for op signout and op signin every other command is accepting --session as a flag.

    I am doing the following steps in my program:
    1. op signin --raw (by providing all credential flags)
    * This prints out the session key as output, I am capturing that into a variable which is in-memory in my program
    2. I am using that session key for all other commands such as to get a document and get items and all.
    4. op signout is giving me an error saying that the user is not logged in.

    If I do the following steps, then op signout is working:
    1. op signin --raw (by providing all credential flags)
    * This prints out the session key as output.
    2. set the session key as an env variable.
    3. use that session key for all other commands
    4. op signout <= works

    As op signout is not taking sessionkey as a flag, in the first case how can I perform signout. If I set the session key as env variable then signout is working which means signout is taking session key from the env variable. Am I correct?

  • Hi @sandeepmachiraju, you're correct in your last statement — running op signout without --session will then pull the session token from the environment variable. But if you signed in with the --raw flag set, provided you've not set it yourself, the session token won't be in the environment variable.

    I've just tried running op signout --forget --session [session token] and it works as expected for me. Just to rule out everything here, are you running that command exactly, replacing [session token] with your actual session token? Which version of op are you running? You can find that out with op --version — the latest version is 0.9.4.

  • chapppie
    chapppie
    Community Member

    Hi @Matthew_1P, has this changed?

    Just had some issues with some bash scripts that assumed that the config directory would be ~/.op/config but was in fact ~/.config/op/config

    Is this a recent change? Or is this config on my mac somewhere that is dropping configurations in ~/.config

  • ag_yaron
    ag_yaron
    1Password Alumni
    edited October 2020

    Hey @chapppie ,

    There was a change in the latest version of the CLI tool (1.8.0) that affects the default path: https://app-updates.agilebits.com/product_history/CLI#v1080001

    The tool now follows the XDG standard more closely and stores your configuration files in "${XDG_CONFIG_HOME}/op/" (usually "~/.config/op/").

    You can set that variable to anything else you'd like.

  • chapppie
    chapppie
    Community Member

    Thank you!!

  • ag_ana
    ag_ana
    1Password Alumni

    On behalf of ag_yaron, you are welcome @chapppie! If you have any other questions, please feel free to reach out anytime.

    Have a wonderful day :)

This discussion has been closed.