Skip to main content
XIII
March 15, 2022
Question

Can I use CLI 2.0 on external machines (like Raspberry Pi)?

  • March 15, 2022
  • 17 replies
  • 643 views

Is it already possible to use op on external machines (instead of your development Mac/PC)?

If not, do you have a roadmap for that?

I'd love to use the 1Password CLI instead of dotenv for (Node.js based) services running on my Raspberry Pi!


1Password Version: 1Password CLI 2.0.0
Extension Version: n/a
OS Version: Raspberry Pi OS

17 replies

March 16, 2022

Hey @XIII ,

Just following up with the answers to your original questions about Connect:

Should the 1password-credentials.json file be permanently saved on my Pi, because it is used in the YAML template?

1password-credentials.json with the standard docker-compose file, should always be there, because it is mounted as a volume. Alternatively, you could copy the file in the containers, instead of mounting it as a volume, and then you'd only need it when starting up Connect.

Is this safe?

I think this doc about https://developer.1password.com/docs/connect/connect-security/ can answer this one.

I'm confused about the pricing: does 1 token for 1 vault count as 1 of the 3 free credits? (I subscribe to 1Password for Families)

The credits represent the number of vaults that are accessed with Secrets Automation.
Here are a couple of examples:

  • 3 access tokens that access 1 vault -> 1 credit
  • 3 access tokens, 1 for vault A, 2 for vault B -> 2 credits
  • 3 access tokens for 3 different vaults -> 3 credits
  • 1 access token that can access 3 vaults -> 3 credits
  • 2 access tokens, 1 can access vaults A and B, 1 only vault B -> 2 credits
  • 2 access tokens, 1 can access vaults A and B, 1 vaults B and C -> 3 credits

What's the best practice for storing the Automation Access Token on the Pi?

I personally always store them as environment variables, only within the session where I make Connect requests (i.e. I never put it in my profile, to have it exported globally). However, I don't think we have ever given exact guidelines towards good practices here, and I've always only used Connect for testing purposes, so ymmv.

XIII
XIIIAuthor
March 16, 2022

Thank you! I'm going to experiment a bit more... Fun stuff!

March 22, 2022

Hey @XIII

My initial statement about Connect credits was incorrect, and I just wanted to make a correction.

I'm confused about the pricing: does 1 token for 1 vault count as 1 of the 3 free credits? (I subscribe to 1Password for Families)

This is based on the total number of vaults that all active tokens have access to.

This means that multiple tokens that access the same vault add up, which in my previous statement was not the case.
So here's my correction of the examples I provided:

  • 3 access tokens that access 1 vault -> 1 credit 3 credits
  • 3 access tokens, 1 for vault A, 2 for vault B -> 2 credits 3 credits
  • 3 access tokens for 3 different vaults -> 3 credits
  • 1 access token that can access 3 vaults -> 3 credits
  • 2 access tokens, 1 can access vaults A and B, 1 only vault B -> 2 credits 3 credits
  • 2 access tokens, 1 can access vaults A and B, 1 vaults B and C -> 3 credits 4 credits
XIII
XIIIAuthor
March 22, 2022

Luckily I only tried 2 tokens for 1 vault so far, so no charges yet.

Was hoping I could eventually use a unique token for every device (using a single vault), but that's no longer possible with this correction... 😢 (having more than 3 devices)

April 5, 2022

Glad this got sorted out! Is there anything else we can help with here, XIII?

XIII
XIIIAuthor
April 5, 2022

Not specific to this topic…

(See other posts)

May 19, 2022

I think we're (almost) all caught up, haha! Please do let us know if you require our attention on any particular topic out of those that you have opened.

Best,
Horia