Protect what matters – even after you're gone. Make a plan for your digital legacy today.
op CLI hangs on macOS Tahoe
macOS: 26.3.1 (a) (25D771280a) op version: 2.33.1 A few days ago, I upgraded the CLI from Homebrew, and all my Terminal sessions started to hang randomly from time to time. So I can no longer use it in the scripts anymore. I tested across multiple Terminals (Warp, macOS Terminal, iTerm) to make sure it wasn't isolated to a given terminal. I tried to research online, and I found https://github.com/openclaw/openclaw/issues/55459 which solved my problem, at least for now. I had to add that `export OP_CACHE=false`, so it seems that it wasn't related to my computer per se (to be clear, it is NOT about openclaw in my case) I can't find any thread in the forum, but ideally, `op` fixes the situation.
Linux 1password CLI annot connect to the desktop app
The server is running Ubuntu 22.04 and I get the following error: op vault list [ERROR] 2024/04/05 09:54:38 connecting to desktop app: cannot connect to 1Password app, make sure it is running I followed the directions on the 1Password developer site. I have tried uninstalling and reinstalling both 1password and 1passord cli. 1Password Version: 8.10.24 Extension Version: Not Provided OS Version: Ubuntu 22.04 Browser: Not ProvidedI would like EPM with my SOC workflow for Oauth. Looking forward to SCIM improvements for SecOps.
Didn't understand half of what the blog post went over b/c i had to remember so many acronymns. https://1password.com/blog/automating-soc-workflows-with-1password-enterprise-password-manager Look at what is happening in society. People are live streaming implementations of openclaw and exposing their tokens. OPENCLAW DEMO THAT YOU NEED TO WATCH. I TIMESTAMPED IT SO U GO TO GOOD PART
op.exe considered harmful?
I’d like to raise a point about the current security model of op.exe, and how it affects protection against supply-chain or similar attacks. Consider a scenario where an attacker manages to execute malicious code locally, for example, via a compromised Python package. While this is often considered “game over,” in practice we still want to avoid being the easiest target in such situations. A common behavior of malicious payloads is to harvest local secrets. While 1Password provides some protection against direct file access, an attacker can simply invoke op.exe, which actually centralizes access to clear-text secrets in a very convenient way. Although op.exe prompts the user for permission, my understanding is that this permission applies broadly (e.g., to the entire account for a period such as 10 minutes). As a user, I can see which application is requesting access, but not which vaults or items are being queried. In practice, the application name (e.g., WindowsTerminal) is not very helpful in determining whether the request is legitimate. I’d be interested in others’ perspectives on this. Some potential improvements that seem valuable to me: When requesting permission, op.exe should provide more context (e.g., which vaults and items are being accessed). Users should be able to grant permissions at a finer granularity: not just account-wide, but limited to specific vaults or even individual items. Another useful feature would be the ability to mark certain items or vaults as excluded from programmatic access (via op.exe, and possibly browser extensions). Even better, this could be the default behavior, requiring explicit opt-in at the item level. I understand that such restrictions would be enforced client-side and therefore not fully robust. However, they would still meaningfully increase the effort required for a malicious local process to enumerate and exfiltrate secrets, and thus provide practical security benefits. Finally, it might be worth considering stronger protections at the vault level—for example, requiring explicit user authentication (master password, or even a separate password) before allowing access to secrets. This could apply not only to op.exe, but also to the interactive 1Password client.
Is there a way to list all vaults?
I'm an admin/owner and I'm looking for a way to list all vaults created in an org. "op vault list" only lists vaults my account has access to? Is there a way to print all of the vaults in an org/account? 1Password Version: Not Provided Extension Version: Not Provided OS Version: Not Provided Browser: Not ProvidedFR: Allow Environments to reference Vault Items
Description: Currently, 1Password Environments and Vault Items are two completely separate systems with no connection between them. This creates a fundamental problem for professional workflows: Environments provide fast, secure secret delivery via Named Pipes – great for local development Vault Items provide rotation, audit trails, access control, and CLI management – great for operations But you have to choose one or maintain both in parallel, which means either giving up rotation or giving up fast secret delivery. Proposed Solution: Allow an Environment variable to be linked to a Vault Item. The Environment would act as a structured view over Vault Items, not a separate data store. Benefits: Single source of truth – secrets live in Vault Items, Environments just expose them Rotation works automatically – rotate the Vault Item, the Environment reflects the change immediately Audit trail remains intact – all access and changes tracked in Vault Items Named Pipe delivery stays fast – no change to the developer experience
