Feature request: headless/non-interactive mode

zcutlip
zcutlip
Community Member

It would be nice if op had a flag that would suppress any interactive prompts. So instead of prompting for things like password, biometric auth, or adding an account, you would get a hard failure.

In pyonepassword I spend considerable effort trying to detect conditions where a console or UI prompt might happen, and giving the caller the option of avoiding them.

The idea being if using op in an automated context, and authentication fails for some reason, it's desirable to have the failure right away and handle it, rather than hang indefinitely at a password prompt.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided

Comments

  • Hi @zcutlip , just to make sure I understand your request correctly: you would like to have a way of not having to interactively respond to op signin when run in an interactive mode? For example, there is a way to avoid interactivity by running the command in a non-interactive environment (i.e. not in a terminal). In this way, the password could be passed at the time of the command execution via stdin.

    Looking forward for your answer,
    Andi

  • zcutlip
    zcutlip
    Community Member

    I'm sorry; I wasn't very clear.

    Let's take this scenario:

    • I think (or, more accurately my script thinks) I'm signed in already because I've done one of the following

      • previously run op signin
      • set OP_SESSION_<user_id> to what I believe is a valid session token
      • set OP_SERVICE_ACCOUNT_TOKEN to what I believe is a valid service account token
    • BUT I'm actually not authenticated because one of the following

      • the session has expired, or
      • the service account has been revoked, or
      • some other mistake
    • In some cases, an op item get operation (or similar) will prompt via GUI or command line to sign in before proceeding

      • This prompt for user interaction will hang forever if there's no user, so I need to avoid it, and just log an error

    What I'd like is a mode to guarantee an op item get or any other operation is a hard failure if we're not authenticated (or our authentication has expired or been revoked), rather than be prompted to re-authenticate

    Does that make more sense?

  • Hey @zcutlip, thanks so much for your reply and that clarification, it's really helpful! To confirm my understanding then, you'd like to see a flag that would tell 1Password to stop when it does not have a valid session, instead of prompting the user to authenticate - this would be most useful for scripting with the CLI, including with pyonepassword. Is that correct?

    I can't make any promises for future changes, but I'll be happy to pass this along to the Development team to look into. 😊 Let me know!

  • zcutlip
    zcutlip
    Community Member
    edited November 2022

    Yes that's right. A mode that guarantees no user interaction even of that means hard failure.

    Thanks!

  • I've gone ahead and passed your feedback along to the team. On behalf of Dayton, you're very welcome!

    Jack

    ref: IDEA-I-2319

This discussion has been closed.