Feature Request: Generate random passwords with CLI via dedicated command (e.g. `op generate`)

Options
Nezteb
Nezteb
Community Member
in CLI

There are a few past threads about this:

They never seemed to go anywhere. One suggestion was to use:

op item create --title='retrievable generated password' --category=password --generate-password=20,letters,digits | op read op://Private/'retrievable generated password'/password

I find that overly verbose and complex just to get a short-lived password. There are many situations where you wouldn't want to save a password in 1P from a shell script. In my case, I'm spinning up containers to test with, after which I destroy the container and never need the password again.

There are plenty of other ways to do this with bash/zsh:

  • date +%s | sha256sum | base64 | head -c 32 ; echo
  • openssl rand -base64 32

I'd much prefer a way to do this with the 1Password CLI if at all possible. Something like op generate [options], though the command can be anything.

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided

Comments

  • ubcpittet
    ubcpittet
    Community Member
    Options

    +1, FTR ChatGPT lied and said it existed already :)
    op generate password 20 --require-uppercase --require-lowercase --require-digits --require-symbols

  • ubcpittet
    ubcpittet
    Community Member
    edited April 2023
    Options

    More temporary but if you are familiar with jq https://stedolan.github.io/jq/manual/

    op item create \
    --dry-run \
    --category Password \
    --generate-password='letters,digits,symbols,32' \
    --format json \
    | jq -r '.fields[] | select(.id == "password").value'
  • ubcpittet
    ubcpittet
    Community Member
    edited April 2023
    Options

    Example use case:
    Take the temporary generated password and use it to override a database (non password/login item) password

    PASS=$(op item create \
    --dry-run \
    --category Password \
    --generate-password='letters,digits,symbols,32' \
    --format json \
    | jq -r '.fields[] | select(.id == "password").value');
op item get "EXISTING DATABASE ITEM" --format json \
    | op item create \
    --vault "VAULT" \
    --title "NEW NAME" \
    - 'username=USER' 'database=DB' "password=${PASS}"
  • Nezteb
    Nezteb
    Community Member
    Options

    Ah TIL about the --dry-run flag, thanks for that tip!

    Using your snippet as a base, I came up with a bash alias for this:

    genpass() {
  CHARS=${1:-32}

  ITEM=$(op item create \
    --dry-run \
    --category Password \
    --generate-password="letters,digits,symbols,$CHARS" \
    --format json)

  PASS=$(echo "$ITEM" | jq -r '.fields[] | select(.id == "password").value')

  echo "$PASS"
}

    That could all be one or two lines but I split it up for ease-of-use. 😅

    Usage:

    ❯ genpass
7FwhRY.Zp.BVWxUrqUxKPEQQx-u!PKa.

❯ genpass 5
n3F-L

❯ genpass 64
ngtstGwJ3KmJQ2fJ-MkVkCPNNCqHXt_k-j3szo4KvVeFHVi*J*P*b2xVxpdRWRA8
  • ubcpittet
    ubcpittet
    Community Member
    Options

    Much easier to read like that, thanks for riffing off it 😀

  • andi.t_1P
    andi.t_1P
    Options

    Hey all, we do have ongoing work for making this feature possible. Here is what it could like:

    op item edit --generate "My Field"
op item edit --generate "My Field=20,letters,numbers"
op item edit --generate "My Field[text]=20,letters,numbers"

    No ETA for when this will be available though, but in the meantime, let us know what feedback you have about the design.

  • ubcpittet
    ubcpittet
    Community Member
    Options

    @andi.t_1P that could help a bit for my use case, yeah! Although having a dedicated generate command could also have some nice use-cases. Thanks for sharing what you're up to.

  • 1P_Amanda
    1P_Amanda
    Options

    If you have any specific use cases that this really doesn't solve, please feel free to let us know :)

    Amanda

  • ubcpittet
    ubcpittet
    Community Member
    Options

    I think the other use case is to create a temporary password, maybe for a hash salt or something where we don't store it in 1Password after it's generated

  • 1P_Amanda
    1P_Amanda
    Options

    Hi @ubcpittet,

    That's currently possible, actually! op item create --category password --generate-password --dry-run --format json | jq -r '.fields[0].value'

    Cheers!
    Amanda

  • ubcpittet
    ubcpittet
    Community Member
    Options

    @1P_Amanda , that's what we're doing above already in this thread, see the original post for context.

  • 1P_Amanda
    1P_Amanda
    Options

    Oops, I feel dumb now - that'll teach me to reply before coffee on a Monday morning. I'll make a note, thank you!

    Amanda

  • ubcpittet
    ubcpittet
    Community Member
    Options

    Totally fine, I do that all the time too! Coffee is essential ☕️! Doesn't change the outcome in my case ;)

  • 1P_Amanda
    1P_Amanda
    Options

    I'm not confident it would have in mine either, shhhh.

This discussion has been closed.