Skip to main content
July 24, 2025
Question

Connection reset when `podman login` runs `op`

  • July 24, 2025
  • 5 replies
  • 206 views

I've set up a https://linuskarlsson.se/blog/podman-credential-helpers/ which runs `op read 'op://[redacted]'` internally. When I run the helper program in a terminal it works fine, prompts for the password if necessary, and prints the credentials. But when running `podman login` in the same terminal it fails with the following error:

[ERROR] 2025/07/23 16:22:20 could not read secret 'op://[redacted]': error initializing client: connecting to desktop app: read: connection reset, make sure 1Password CLI is installed correctly, then open the 1Password app, select 1Password > Settings > Developer and make sure the 'Integrate with 1Password CLI' setting is turned on. If you're still having trouble connecting, visit https://developer.1password.com/docs/cli/app-integration#troubleshooting for more help.

I've verified that the setting is turned on (running the helper program directly wouldn't work otherwise).

I'm running `op` version 2.31.0.

5 replies

July 24, 2025

Hi @l0b0 ,

Thanks for sharing this. I'm working to reproduce this. Hang in there and let me see what I can do.

Regards, Phil

l0b0Author
April 10, 2026

Any feedback? This is still happening with the latest 1Password (8.11.18)

July 24, 2025

Hi @l0b0 ,

Do you mind sharing which version of podman you are using?

Thanks,

Phil

l0b0Author
July 25, 2025

5.4.1

July 28, 2025

Hi @l0b0 ,

Thanks for sharing this. Could you also confirm that you are using the "~/.config/containers/auth.json" file from the blog post?

{
    "credHelpers": {
        "docker.io": "secretservice"
    }
}

Thanks,
Phil

September 10, 2025

I was just trying to do the same thing, a credential helper using 1password for podman. Same issue encountered. Is there any solution for this yet?

September 10, 2025

This works:

systemd-run --user --quiet --pipe --pty --collect -- op item list

Drawback is that it requires authentication every time it is run.

l0b0Author
April 10, 2026

Trivial reproduction example using GNU Parallel:

❯ seq 1 10 | parallel "op read op://some-vault/some-entry/username #"
[username omitted]
[username omitted]
[username omitted]
[username omitted]
[ERROR] 2026/04/10 09:13:57 could not read secret 'op://some-vault/some-entry/username': error initializing client: connecting to desktop app: connecting to desktop app timed out, make sure it is installed, running and CLI integration is enabled
[ERROR] 2026/04/10 09:13:57 could not read secret 'op://some-vault/some-entry/username': error initializing client: connecting to desktop app: connecting to desktop app timed out, make sure it is installed, running and CLI integration is enabled
[ERROR] 2026/04/10 09:13:57 could not read secret 'op://some-vault/some-entry/username': error initializing client: connecting to desktop app: connecting to desktop app timed out, make sure it is installed, running and CLI integration is enabled
[ERROR] 2026/04/10 09:13:57 could not read secret 'op://some-vault/some-entry/username': error initializing client: connecting to desktop app: connecting to desktop app timed out, make sure it is installed, running and CLI integration is enabled
[ERROR] 2026/04/10 09:13:57 could not read secret 'op://some-vault/some-entry/username': error initializing client: connecting to desktop app: connecting to desktop app timed out, make sure it is installed, running and CLI integration is enabled
[username omitted]

Which leads to a rather simple workaround: add `--jobs=5` to the `parallel` command:

❯ seq 1 10 | parallel --jobs=5 "op read op://some-vault/some-entry/username #"
[username omitted]
[username omitted]
[username omitted]
[username omitted]
[username omitted]
[username omitted]
[username omitted]
[username omitted]
[username omitted]
[username omitted]