I have a server node which is part of a cluster that accesses 1password CLI 1.7 through python 3.6 for user management & reporting tasks. It's an AWS server running linux2.
When I was building the server connection, I ran into the problem discussed elsewhere of not having a device ID: "No saved device ID. Set the OP_DEVICE environment variable and try again" Based one discussion in other threads related to calling CLI from CI tasks in containers, I took the suggested device ID and added it to the environment python uses to call the CLI - so any call from the cluster would use the same device ID and would constitute a virtual device. This is what I understood to be the recommended best practice in this situation & worked fine immediately & keeps the logs clean. I like it
Unexpectedly, I was immediately unable to sign in to the OP CLI tool from the shell on the same server node using the same credentials that still work fine on the python server process.
[ERROR] 2020/10/11 09:17:39 401: Unauthorized
Admittedly, this is only used in rare cases to troubleshoot CLI behavior, but was convenient to know was an option. It feels like 1pass may be surprised to see requests from two device IDs on the same IP address, but I don't think this should be true.
I looked at the shell environment and I don't see OP_DEVICE set there so it's hard for me to see what may be going on.
For standard use from the shell, where is the device ID stored? should I see OP_DEVICE in the environment? Does OP store anything locally other than in the environment?
Is it reasonable to expect I can call IP CLI from the shell and python on the same host as two separate devices?
Do you have advice on how best to fix this annoyance?
1Password Version: 1.7.0
Extension Version: Not Provided
OS Version: AWS linux2
Sync Type: Not Provided