Skip to main content
Nezteb
March 31, 2023
Question

Feature Request: Generate random passwords with CLI via dedicated command (e.g. `op generate`)

  • March 31, 2023
  • 16 replies
  • 1414 views

There are a few past threads about this:
- December 2020: https://1password.community/discussion/117673/generating-passwords-with-the-cli
- March 2022: https://1password.community/discussion/127625/feature-request-add-password-generation-with-words-in-cli
- May 2022: https://1password.community/discussion/129811/generate-passwords-from-op-1p-cli

They never seemed to go anywhere. One suggestion was to use:

op item create --title='retrievable generated password' --category=password --generate-password=20,letters,digits | op read op://Private/'retrievable generated password'/password

I find that overly verbose and complex just to get a short-lived password. There are many situations where you wouldn't want to save a password in 1P from a shell script. In my case, I'm spinning up containers to test with, after which I destroy the container and never need the password again.

There are plenty of other ways to do this with bash/zsh:
- date +%s | sha256sum | base64 | head -c 32 ; echo
- openssl rand -base64 32

I'd much prefer a way to do this with the 1Password CLI if at all possible. Something like op generate [options], though the command can be anything.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided

16 replies

April 27, 2023

+1, FTR ChatGPT lied and said it existed already :)
op generate password 20 --require-uppercase --require-lowercase --require-digits --require-symbols

April 27, 2023

More temporary but if you are familiar with jq https://stedolan.github.io/jq/manual/

op item create \
--dry-run \
--category Password \
--generate-password='letters,digits,symbols,32' \
--format json \
| jq -r '.fields[] | select(.id == "password").value'

April 27, 2023

Example use case:
Take the temporary generated password and use it to override a database (non password/login item) password

PASS=$(op item create \
--dry-run \
--category Password \
--generate-password='letters,digits,symbols,32' \
--format json \
| jq -r '.fields[] | select(.id == "password").value');
op item get "EXISTING DATABASE ITEM" --format json \
| op item create \
--vault "VAULT" \
--title "NEW NAME" \
- 'username=USER' 'database=DB' "password=${PASS}"

Nezteb
NeztebAuthor
April 29, 2023

Ah TIL about the --dry-run flag, thanks for that tip!

Using your snippet as a base, I came up with a bash alias for this:

```
genpass() {
CHARS=${1:-32}

ITEM=$(op item create \
--dry-run \
--category Password \
--generate-password="letters,digits,symbols,$CHARS" \
--format json)

PASS=$(echo "$ITEM" | jq -r '.fields[] | select(.id == "password").value')

echo "$PASS"
}
```

That could all be one or two lines but I split it up for ease-of-use. 😅

Usage:
```
❯ genpass
7FwhRY.Zp.BVWxUrqUxKPEQQx-u!PKa.

❯ genpass 5
n3F-L

❯ genpass 64
ngtstGwJ3KmJQ2fJ-MkVkCPNNCqHXt_k-j3szo4KvVeFHVi*J*P*b2xVxpdRWRA8
```

May 1, 2023

Much easier to read like that, thanks for riffing off it 😀

1Password Employee
May 26, 2023

Hey all, we do have ongoing work for making this feature possible. Here is what it could like:


op item edit --generate "My Field"
op item edit --generate "My Field=20,letters,numbers"
op item edit --generate "My Field[text]=20,letters,numbers"

No ETA for when this will be available though, but in the meantime, let us know what feedback you have about the design.

May 26, 2023

@andi.t_1P that could help a bit for my use case, yeah! Although having a dedicated generate command could also have some nice use-cases. Thanks for sharing what you're up to.

May 26, 2023

If you have any specific use cases that this really doesn't solve, please feel free to let us know :)

Amanda

May 26, 2023

I think the other use case is to create a temporary password, maybe for a hash salt or something where we don't store it in 1Password after it's generated

May 29, 2023

Hi @ubcpittet,

That's currently possible, actually! op item create --category password --generate-password --dry-run --format json | jq -r '.fields[0].value'

Cheers!
Amanda