Skip to main content
February 12, 2024
Question

Are there docs for .config/op/config?

  • February 12, 2024
  • 1 reply
  • 103 views

In particular, could a malicious actor abuse this information? I'm trying very hard not to have any plaintext secrets on the filesystem anywhere.


{
"latest_signin": "",
"device": "",
"accounts": [
{
"shorthand": "",
"accountUUID": "",
"url": "",
"email": "",
"accountKey": "",
"userUUID": "",
"dsecret": ""
}
],
"system_auth_latest_signin": ""
}

Like some of these fields are self explanatory like email and url, but what about accountKey or dsecret?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided

1 reply

February 12, 2024

okay, it looks like accountKey is "secretKey" when logging into 1password. They really should rename that since accountKey seems much less important.

It's unfortunate the cli can't take advantage of mac's keychain to store the sensitive bits here.