Copy secret reference (using ID values)

jsejcksn
jsejcksn
Community Member
edited April 2023 in CLI

This applies to all platforms (not just Mac), but I didn't see a community category for "all platforms", so I'm choosing Mac because it seems to have the highest user activity

Perhaps I've missed some documentation, but I don't find a way to copy a secret reference using the desktop app. This seems like a basic and essential task during development.

What I want is this format:

op://vault_id/item_id/section_id/field_id

or if the value isn't in a section:

op://vault_id/item_id/field_id

How can I do that easily — and get a secret reference defined by ID values (which should be immutable — vs. name values which can be modified)?


More context:

I find some ways to construct the URL manually (but this is not ideal):

A URL can be copied which includes the vault and item ID among other query parameters:

I get one in a format like this:

https://start.1password.com/open/i?v={VAULT_ID}&i={ITEM_ID}

However, that's not enough as it doesn't include the section/field, and would need to be manually edited or processed by other tooling as an additional step to get the required output.

I can also use "Copy item UUID" and then paste that as an argument to a manually-typed CLI command to get much more than what's needed:

% op --format=json item get x5k2wndiih6cmw2rugl7ol442i
{
  "id": "x5k2wndiih6cmw2rugl7ol442i",
  // --- snip ---
  "vault": {
    "id": "{REDACTED_VAULT_ID}",
    // --- snip ---
  },
  // --- snip ---
  "fields": [
    // --- snip ---
    {
      "id": "credential",
      "type": "CONCEALED",
      "label": "credential",
      "value": "abc123",
      "reference": "op://{REDACTED_VAULT_NAME}/API Credential/credential"
    },
    // --- snip ---
  ]
}

However, this still involves either manually copying+pasting IDs or using other tooling to parse and create the required output.

The JSON does include a reference value for the target field, but the reference is built using names, which isn't satisfactory for the reasons described previously.

For the example above, what I want to copy to the clipboard is the following (where {VAULT_ID} is replaced by the actual vault ID):

op://{VAULT_ID}/x5k2wndiih6cmw2rugl7ol442i/credential

I think that if the boolean option is enabled at Settings > Advanced > Show debugging tools:

then there should be an option to copy a complete ID-based secret reference for every field in its contextual menu:


1Password Version: 8.10.4 (81004032)
Extension Version: Not Provided
OS Version: macOS 13.3.1 (22E261)
Browser:_ Not Provided

Comments

  • jsejcksn
    jsejcksn
    Community Member

    It looks like this was somehow posted to the CLI category, even though I created it here: https://1password.community/post/discussion/1password-for-mac — Will a moderator please move it to the Mac category? Thanks.

  • btkostner
    btkostner
    Community Member

    This also applies to the Linux desktop app. It would be very useful for developers working with automation.

  • Hey @jsejcksn ! Thank you for bringing this up with us!

    The beta version of 1Password 8 already has the dropdown option to copy the secret reference, and this will soon get to the stable builds too!

    However, I'm afraid that at this point, the only way to generate fully ID-based secret references is by hand - the CLI and 1Password 8 suggest the reference based on your current item structure - e.g. they use IDs only if there are duplicate field names.

    You should have all the information necessary for generating these references in the output of op item get --format json. I hope this helps, as a stopgap.

    I'll file this as a feature request internally, thank you once again for the suggestion!

    Best,
    Horia

  • jsejcksn
    jsejcksn
    Community Member
    edited May 2023

    Thanks for the response @Horia.Culea_1P

    However, I'm afraid that at this point, the only way to generate fully ID-based secret references is by hand - the CLI and 1Password 8 suggest the reference based on your current item structure - e.g. they use IDs only if there are duplicate field names.

    That's a shame — not exclusively using IDs makes the generated values much less reliable.

    I'll file this as a feature request internally, thank you once again for the suggestion!

    Glad it's in the backlog!

  • No worries, let us know if we can help with anything else!

    Best,
    Horia

  • jsejcksn
    jsejcksn
    Community Member

    @Horia.Culea_1P What's the status of this backlog item?