Filter out entries with TOTP

linh_nguyen
linh_nguyen
Community Member

I'll preface this with my jq is beginner subpar state. I'm trying to search all my passwords to see what has a TOTP entry on a Windows 10 machine and then tag them so I can easier find them later. I believe I can do the latter based on https://1password.community/discussion/comment/573170#Comment_573170

But I'm struggling a bit to find things that have OTPs. I see there's a field with "one-time password" but I can't seem to figure out the syntax. I think it'd be something along the lines of
op list items --vault Private | jq '.[] | select(.details.sections[].fields[].t == \"one-time password\") | .overview.title'
but I get a cannot iterate over null error. If I explicitly define 0 for the sections/fields, it works but no results.
Clearly, I don't understand how to structure the select with arrays :) What am I not understanding?

Thanks


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Win10
Sync Type: Not Provided

Comments

  • ag_yaron
    ag_yaron
    1Password Alumni
    edited January 2021

    Hey @linh_nguyen ,

    The op list items command does not check fields content, but just lists items without reviewing their detailed sections.
    You'll need to iterate through every item in your vault(s) and return the ones that have a TOTP field with the get command. Here's an example for listing all items, then getting each item separately and searching if it has a TOTP field:

    op list items |jq -r '.[].uuid' | op get item - | jq '. | select(.details.sections[].fields[].t == "one-time password") | .overview.title'

    I hope that will point you in the right direction :)

  • linh_nguyen
    linh_nguyen
    Community Member

    appreciate it! probably can't do what I originally planned as the effort may not be worth it. But this got what I needed!

  • ag_ana
    ag_ana
    1Password Alumni

    That's great to hear @linh_nguyen! Let us know how it goes :+1:

    And on behalf of ag_yaron, you are very welcome :)

  • bmorgenthaler
    bmorgenthaler
    Community Member

    So I'm trying the jq options that @ag_yaron mentioned but I'm getting the following error.

    op list items |jq -r '.[].uuid' | op get item - | jq '. | select(.details.sections[].fields[].t == "One-Time Password") | .overview.title' jq: error (at <stdin>:1): Cannot iterate over null (null)

    Also I see in op list items the option to specify tags to list. However that doesn't appear to work, I have tagged multiple items but when I search for the tag with op, nothing is returned.

  • Hello @bmorgenthaler.

    I'm sorry to hear that you're having trouble parsing the results using jq. I'm one of the developers on the team responsible for the command-line tool and I'll try to help.

    Because you're running multiple jq commands on the same line, the error message does not indicate precisely which command is having trying-but-failing to iterate over null. You can try to diagnose this by building up the entire line one command at a time. Whenever the error appears, you'll know that you need to dig into that spot a little deeper. For example:

    op list items
    op list items | jq -r '.'
    op list items | jq -r '.[]'
    op list items | jq -r '.[].uuid'
    op list items | jq -r '.[].uuid' | op get item - | jq '.'
    op list items | jq -r '.[].uuid' | op get item - | jq '.details'
    op list items | jq -r '.[].uuid' | op get item - | jq '.details.sections[]'
    op list items | jq -r '.[].uuid' | op get item - | jq '.details.sections[].fields[]'
    op list items | jq -r '.[].uuid' | op get item - | jq '.details.sections[].fields[].t'
    op list items | jq -r '.[].uuid' | op get item - | jq '. | select(.details.sections[].fields[].t == "One-Time Password")'
    op list items | jq -r '.[].uuid' | op get item - | jq '. | select(.details.sections[].fields[].t == "One-Time Password") | .overview'
    op list items | jq -r '.[].uuid' | op get item - | jq '. | select(.details.sections[].fields[].t == "One-Time Password") | .overview.title'
    

    You can see that I am building up the entire line, one command at a time. When you get to a spot where one of them fails, then it's time to investigate. You might be able to immediately see what went wrong, but feel free to share that particular command and output with us so that we can help further. (Note, if the output is secret or sensitive, I would encourage you to redact those portions and/or email our support team directly, rather than posting it on a public forum!)

    As far as only returning particular tagged items via the command-line tool, the syntax for that is op list items --tags "First Tag,Second Tag". If you have spaces in your tags, then those quotes around the tag values are important.

    Let us know if that helps and if you have any further questions. We’re always just a short message away.

    Michael

  • bmorgenthaler
    bmorgenthaler
    Community Member

    @Michael_1P

    Thanks for the response. The issue was with a null field in the final select so I changed the jq select like so and it all works.

    New command:
    op list itmes | jq -r '.[].uuid' | op get item - | jq '. | select(.details.sections[]?.fields[]?.t == "One-Time Password") | .overview.title'

    This has jq not displaying errors if the . is not an array or object.

    As for the list tags, that was a PEBKAC in that I didn't release op only works directly with the last account signed in and to work with the previous on you have to explicitly specify it. I have two accounts, my personal/family one and my company one. None of my items in my company account had been tagged yet and it was the second account signed in, so nothing got displayed.

    Is there a way to have op function across multiple accounts without having to manually specify which account, just like 1P Mini does?

  • ag_yaron
    ag_yaron
    1Password Alumni
    edited March 2021

    We're glad to hear things are working correctly now @bmorgenthaler .

    Is there a way to have op function across multiple accounts without having to manually specify which account, just like 1P Mini does?

    No. The CLI was designed to run commands on one account at a time. :chuffed:

  • To elaborate a little on Yaron's answer, if you are signed into two different accounts, you can specify which account to run a command against with the --account <shorthand> flag, like so:

    # Sign into both accounts.
    # I'm assuming that you are using PowerShell:
    Invoke-Expression $(op signin my_family)
    Invoke-Expression $(op signin my_company)
    # Or if you are using WSL (or macOS or Linux):
    eval $(op signin my_family)
    eval $(op signin my_company)
    
    # Then you can use those shorthands to specify which account, whichout having to sign out in between.
    
    op list items --account my_family
    # vs
    op list items --account my_company
    

    Again, I hope this helps! Let us know if you have any further questions.

This discussion has been closed.