Are there docs for .config/op/config?

GreenRectangle · February 12

In particular, could a malicious actor abuse this information? I'm trying very hard not to have any plaintext secrets on the filesystem anywhere.

{
    "latest_signin": "",
    "device": "",
    "accounts": [
        {
            "shorthand": "",
            "accountUUID": "",
            "url": "",
            "email": "",
            "accountKey": "",
            "userUUID": "",
            "dsecret": ""
        }
    ],
    "system_auth_latest_signin": ""
}

Like some of these fields are self explanatory like email and url, but what about accountKey or dsecret?

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided

GreenRectangle · February 12

okay, it looks like accountKey is "secretKey" when logging into 1password. They really should rename that since accountKey seems much less important.

It's unfortunate the cli can't take advantage of mac's keychain to store the sensitive bits here.

Are there docs for .config/op/config?

Comments