Feature request: Integration with non-CLI 1Password app

Options
scottsb
scottsb
Community Member
in CLI

It would be fantastic if the CLI had the ability to share state with the regular desktop apps. This would greatly simplify the workflow for users who already have 1Password set up. I can see several levels of this:

  1. Account configuration: Users with the desktop app set up can simply use the CLI without having to reconfigure the account domain, private key, etc.
  2. Authentication state: Users with their vaults unlocked can simply use the CLI without having to reenter their master password.
  3. 1Password Mini integration:: If the vault is not unlocked, the password is requested via 1Password Mini for a consistent UX to how auto-complete works in browsers.

Level 1 above would be immensely helpful and seems like it shouldn't be too complex to implement since, as I understand it, this information is already stored in clear text on the filesystem anyway, so there's no interprocess communication needed.

Level 2 would be more complex I know since it would require interprocess communication. I understand that even then, there may still need to be some command run to set the environment variable, but ideally this would be able to check whether the vault is unlocked, and if it is, simply return immediately without requiring user interaction.

Level 3 would be nice, but at this point I can understand it may not even be desirable in all cases. If you implemented this I imagine it would definitely be worth making it able to be turned off or on.

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • rickfillion
    rickfillion
    Options

    That's an interesting idea. I can understand why you'd want such a thing. A lot of the use cases for the CLI tool are based on situations where it's running on a platform that doesn't have a desktop app available, so that's where we want to focus first.

    I really like the idea from an authentication perspective. If communication could be done securely, and 1Password mini could validate that the connecting app is in fact op (which would require codesigning which we've been meaning to do), then I think it'd be doable. This wouldn't work if/when we open source the op tool and others build it though. Even if "all" mini was willing to give was the master unlock key and SRP info for an account ("all" in quotes as that's basically keys to your kingdom), then it'd save you pain as a user and the CLI could continue to operate as it does today. We've been trying to avoid adding Mac-isms into the CLI tool for the time being so that we stay as cross platform as possible. For example I wanted to add Touch ID support to signing in easier, but we've decided that for now that's out of scope.

    Rick

This discussion has been closed.