Getting started with 1Password for your growing team, or refining your setup? Our Secured Success quickstart guide is for you.
Forum Discussion
"Copy secret reference" inconsistent behavior/bugs
I recently installed the CLI and I'm updating an .env with the op:// references but I'm running into some behavior inconsistencies:
1- I have an item that I created manually in 1Password desktop, it has 2 fields with tokens for an API. When I click on "Copy secret reference" I get this syntax: "op://my-vault/<<UUID>>/name-of-the-field". So far, so good.
2- On an older item that was created with the browser extension I get a different behavior, when I "Copy secret reference" I instead get op://my-vault/<<Title of the Item with Spaces>>/password.
The first problem with this particular item is I was expecting a UUID path so the title of the item is obfuscated. I was able to circumvent this by enabling debug tools and getting the UUID from there, but I feel like UUID's should be the default behavior.
The second problem is with the /password field, this particular item has multiple password versions but the CLI is pulling an older version as opposed to the most recent one.
3- Another old item that was created with the browser extension copies the secret reference as: "op://my-vault/<<Title of the Item with Spaces>>/signup_fields[password].
When I call op run ... with that secret reference I actually get an error: invalid character in secret reference: '['
It seems as it signup_fields[password] is coming from the "Auto-saved web details" because I see other signup_fields but not [password] specifically. Either way, it shouldn't be copying any of these auto-saved details if I'm copying it from the main password field.
I'll be happy to provide more details if needed.
Thanks!
1Password Version: 8.10.30
Extension Version: Not Provided
OS Version: macOS 14.3
Browser: Not Provided
1 Reply
"Copy Secret Reference" still uses the title with spaces today. (in 2025)
I believe this is not only wrong behavior, but insecure behavior. The secret reference is going to break the moment you rename the item.
Worse still, what if you're building an app and you have "DB Credentials" for your test database. You release your app, and rename the item to "Testing - DB Credentials". But, you create a NEW item, "DB Credentials" for production. Now your testing code will automatically start using the production database because you created a new item with the same title.
---
Short-term fix
In relation to:
When I call op run ... with that secret reference I actually get an error: invalid character in secret reference: '['
It seems like this bug was fixed, by forcing the UUID. Which means in 2025, this is the way to force "Copy Secret Reference" to use the UUID—put a `[` at the beginning of the title, and "Copy Secret Reference" will always use the UUID.
---
1Password for Linux 8.10.76 (81076034)
