Unable to use biometrics without a hardlink

Options
illegalhex
illegalhex
Community Member
in CLI

I've had to create a hardlink between /usr/local/bin/op and /opt/local/bin/ in order to use biometric unlock from the CLI. While this works, it seems like very awkward solution to use biometrics unlock, so what is the official AgileBits answer to how to make the CLI and GUI play nice with each other long term? Steps to reproduce are below:

Expected outcome: After enabling biometrics login in the macOS app and installing 1password-cli previously installed through and updated from MacPorts I should be able to call op and preform CRUD operations through the CLI.

Actual outcome: Calling op fails with an error state of "connecting to desktop app: You'll need to move the CLI to /usr/local/bin/op for biometric unlock to work. If you can't move it, you'll need to turn off biometric unlock in the 1Password app."

Temporary Remediation Steps: In order to allow the cli tool to communicate with the macOS application a hardlink must be created between /usr/local/bin/op and where the package manager installs the application at /opt/local/bin/op.

1Password Version: 8.7.1
Extension Version: 2.4.0
OS Version: macOS 12.4

Comments

  • Justin.Yoon_1P
    Justin.Yoon_1P
    Options

    Hey there @illegalhex ,

    We've allowed a sandbox exception for the Mac 1Password desktop app to communicate with op for biometric auth at the /usr/local/bin/op location for security reasons. For more info on the interprocess-communication, please refer to this doc!

    Having said that, we have received a numerous amount of complaints that this is restrictive to which package managers are used, and we have an open issue investigating improvements, although it has not been prioritized there yet. I will record your sentiments to that issue as well.

    For the time being, does keeping the hardlink pose any concerns for you?

This discussion has been closed.