op slowness and 1password.com vs .eu
Hi,
I currently own a 1password.com family account.
I use heavily the op cli and 1passwordX under Linux. But op is pretty slow so I rely on a wrapper, 1pass which caches gpg encrypted 1password items locally.
I have installed the last version of op: 0.5.4
My question:
Will op response times get better if I move my 1password account from the USA server to the Europe server?
Thanks
Spacehog
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: ArchLinux
Sync Type: Not Provided
Comments
-
Great news!
Thanks. 👍🏻
0 -
Keep an eye out for the next version!
0 -
We are currently investigating 1Password as a replacement of LastPass. It seems to have everything but the performance of the CLI is currently a dealbreaker for us as we plan to use our vault integrated with our DevOps scripts. We need to grab hundreds of passwords efficiently by calling the CLI.
Currently, the retrieval of a password takes around 4-5s, this is really huge. We need a tool that answer around 100ms.
Any news or ETA on the next op release ? or is there a CLI beta we could test ?
Thanks for your answers,
0 -
@cohix thanks for your quick answer, sadly this is how I query.
Some benchmarks:
op --version 0.5.5 time (for i in {1..20}; do time op get item xydqygltsk6evp6aircxygh3ka --session=... > /dev/null; done) 4.13 real 1.37 user 1.86 sys 3.79 real 1.35 user 1.81 sys 4.50 real 1.38 user 1.89 sys 4.03 real 1.37 user 1.85 sys 3.93 real 1.38 user 1.88 sys 4.14 real 1.37 user 1.86 sys 3.95 real 1.37 user 1.88 sys 3.97 real 1.45 user 2.07 sys 4.41 real 1.40 user 1.93 sys 3.91 real 1.39 user 1.95 sys 3.78 real 1.38 user 1.92 sys 4.20 real 1.40 user 1.90 sys 4.28 real 1.35 user 1.87 sys 3.85 real 1.36 user 1.87 sys 3.84 real 1.35 user 1.83 sys 4.45 real 1.37 user 1.90 sys 4.10 real 1.40 user 1.96 sys 4.00 real 1.41 user 1.97 sys 3.98 real 1.36 user 1.87 sys [LOG] 2019/04/22 15:51:33 (ERROR) Get https://team-dkod.1password.eu/api/v1/account/keysets: net/http: TLS handshake timeout 10.03 real 1.32 user 1.86 sys ( for i in {1..20}; do; time op get item xydqygltsk6evp6aircxygh3ka > ; done) 27,65s user 38,11s system 75% cpu 1:27,44 totalMy computer is a MBP 2018 i9 2.9GHz 32Gb runnin Mojave 10.14.4
Running the benchmarks have spotted the TLS handshake timeout also.
0 -
We intend to subscribe to Business plan, and have some other questions, maybe you could help as they are more or less all related to CLI:
- is the CLI officially supported ?
- is there a limit capacity of the system ? a limit where things starts to slow down drastically ?
- is it possible to sync the vaults locally while still using the cloud base syncing ?
- is it possible to write a custom cli that use the local storagefor query purposes ?
- is there a documentation of the API and the encryption/decryption process ?0 -
@mickael I'd be happy to answer all of this here, but I strongly suggest you contact business@1password.com so that we can get you set up with someone from the business team, and then we can schedule a call to go over all of these things. I would be happy to be on that call so we can go through the details.
0 -
@mickael we made some improvements in 0.5.5, but we will have additional improvements in the upcoming 0.6 (no exact timeline on that just yet), but I can share some timings on the upcoming changes:
time op get item jjr2czjf4zztx4qbqonx7dkt3e [...] 0.12s user 0.04s system 15% cpu 1.039 total
So about a 3-4x speedup from what you're seeing.
0 -
@cohix thanks, that's a great performance gain, however four our usage that will be still insufficient. We need to get answers in around 100ms mainly due to our usage with Ansible.
Our Ansible playbooks have hundred of secrets, each secrets is retrieven with a separate CLI request. So say you have 300 secrets in your playbook, your need to wait 5 minutes each time the playbook needs access to the credentials file, this could multiple times depending on how the ansible playbook is structured.
That's why I have all that other questions.
We tested Bitwarden also a few weeks ago. The official CLI was able to retrieve secrets in 0.85s that was still insufficient for our usage. So I wrote a simple python CLI focused on query secrets to match our expected performance results by etudying the opensource nodeJS CLI.
I was simply wondering if something like this was eventually possible with 1Password.
0 -
@mickael we will indeed continue to make performance gains wherever we can, but for now I can't promise that we'll get down to 100ms. We don't currently have any official tool that can query the local databases of the desktop apps, and we don't have any official tool to query AgileKeychain/OPVault files either. The CLI tool is still in beta, but we are actively working on it.
0 -
@cohix thanks a lot for your answers.
1Password looks like a great product, if you success in making a great CLI that will make it the only Password Manager which provides sexy desktop/app UI, effective team sharing and effective usage in DevOps scripts.
Keep the good job, I will follow performance gains upon releases.
0 -
@cohix Just to share with you, that I succeed in developing my local 1password query tool.
Performance is good, I can grab results in around 0.13s.
If you're curious, code is here: https://github.com/mickaelperrin/onepassword-local-search
That may encourage you to implement a
syncoption with the cli and use it locally for querying ;)0 -
Well now that is very cool. I'll need to look over the code later to see what's going on.
0 -
@cohix My setup is composed of :
- 2 accounts: team and personal
- team account with: 537 items in 41 vaults (we create a separate vault for each customer)
- a personal account with: 1422 entries and 5 vaults
Indeed adding the
--vaultdrastically increase the performance, this is good to know (15s -> 5s, according to this morning benchmarks)0 -
Honestly, I don't remember. I currently avoid doing "get" requests on the native
op(that gets me crazy ;)), I switch to myop-localalternative.So I currently use
oponly to create new entries. The performance is around 4-5s. Not incredible, but as I create only a few entries per day, this is largely acceptable.0 -
I hear you. I suspect cohix can help track down the cause when he gets back. Thanks for your patience and willingness to work with us on this! :)
0 -
I've also noticed that
opis extremely slow. What are your plans on improving this? I mean some specific date range, as "this is a high priority in our backlog" often ends up not being done at all :smiley:0 -
We do not offer any release windows for future updates, features, or improvements. That's just not practical or helpful, as anything I could potentially tell you is subject to change. Right now our focus is on the beta. :)
0 -
I update this post to warn users that the performance of the
opcli (as àf 0.6.1) is directly imlpacted by the number of certificates you have in your keychain on mac os x.The performance of the
opCLI decreased over the time due to the augmentation of the number of self signed certificates I used on my machine. I reach the point of 600 certificates and the performance of theopCLI was so bad that it started to timout on TLS handshake.I did a cleanup of all custom certificates and things started to fly and work as expected...
Hope it helps future users.
0 -
Thanks for the update Michael.
More information on the cerificate discussion can be found here: https://discussions.agilebits.com/discussion/106383/cli-calls-reliability
and https://discussions.agilebits.com/discussion/99219/error-net-http-tls-handshake-timeout0
