Arch: Unable to read secrets
I started by attempting to read a secret with regular secret reference format, copied out of the app and pasted into my .bashrc. However I get the following error:
[ERROR] 2023/07/24 05:23:54 could not read secret op://Lab/LabToken/credential: error initializing client: Validation: (failed to session.DecodeSACredentials), Server: (failed to DecodeSACCredentials), failed to parseToken, format is invalid
Interestingly enough I actually also get this error when attempting to run op whoami
❯ op whoami [ERROR] 2023/07/24 05:23:07 failed to DecodeSACCredentials: failed to parseToken, format is invalid
Not sure what's going on here, any help would be appreciated
1Password Version: 8.10.8
Extension Version: 2.11
OS Version: archlinux 6.4.4
Browser: Firefox
Comments
-
Hi @shahab96, that could happen if you have the environment variable OP_SERVICE_ACCOUNT set with an incorrect token.
Could you unset that environment variable, log into your account with
op signinand then trywhoamior the secret reference?There's definitely scope for us to improve this messaging, so I'll track this internally. Thank you for surfacing this!
0 -
To confirm, did you sign into your 1Password account with
op signinafter unsetting the OP_SERVICE_ACCOUNT token?0 -
Sorry, I missed that part. Running
op signindid fix it. Thank you!1 -
Glad that helped!
0 -
hi @ArunV1P i'm currently running into this while testing secrets automation. i unset that environment variable OP_SERVICE_ACCOUNT, quit terminal, reopened and logged into my account with op signin. but how can i successfully use OP_SERVICE_ACCOUNT as an env variable? thanks
0 -
Hi @click94, you can prefix the OP_SERVICE_ACCOUNT before your op CLI command like so:
OP_SERVICE_ACCOUNT=value op vault lsOr, you can
export OP_SERVICE_ACCOUNT=valueand within the same shell session, run a op CLI command and it'd use the Service Account token.I hope that helps, but feel free to followup if you have any questions! Preferably as a new forum topic if it's a long one. :)
0
