CLI in Terraform provider


I'm using the CLI within a Terraform provider as part of our automation. This is then run from a Docker container.

I was advised to set the OP_DEVICE env property to use a fixed UUID and prevent all the sign in email notifications.
I've tried to do so by:

  • setting it in the the golang exec.Command.Env
    cmd := exec.Command(o.PathToOp, "signin", o.Subdomain, o.Email, o.SecretKey, "--output=raw") cmd.Env = append(cmd.Env, "OP_DEVICE=" + o.Uuid)

  • setting it in the os.Environ() in the provider code
    os.Setenv("OP_DEVICE", uuid)

  • setting it in the container environment.
    export OP_DEVICE=uuid

None of the above gave the desired result.
I keep getting:
No saved device ID. Set the OP_DEVICE environment variable and try again:export OP_DEVICE=xxxx``

Alternatively I was told that I could used a fixed config file, but I haven't been able to find any documentation/tutorial on the format of the config file.
I've tried different things in .op/config to no avail.

Could you give me some guidance?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided


  • Matthew_1PMatthew_1P

    Team Member

    Hey @r2ronoha, are you generating the UUID yourself, or using one provided by op? If you're currently generating it yourself, the CLI tool needs to use a UUID generated by 1Password — you can use the one given at the end of the No saved device ID. Set the OP_DEVICE environment variable and try again line.

  • That was helpful. Thanks.
    I was generating my own ID to make it more descriptive to our purpose.

    Are there any plans to allow for custom UUIDs?

  • felix_1pfelix_1p

    Team Member

    Are there any plans to allow for custom UUIDs?

    Not at the moment.

  • @r2ronoha I happened to spot this while building my own post. Are you using the anasinnyk Terraform provider? In my experience I do not receive signin emails using that provider although admittedly I am not running it from within a Docker container.

    If this is because of the ephemeral Docker environment, have you considered performing a sign-in once outside of the container or with a one-off "docker run", then passing the OP_SESSION environment variable it gives you into subsequent container runs? That should recycle your session so that you only see one login event for the entire procedure.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file