Skip to main content
zcutlip
October 17, 2022
Question

Feature request: headless/non-interactive mode

  • October 17, 2022
  • 6 replies
  • 547 views

It would be nice if op had a flag that would suppress any interactive prompts. So instead of prompting for things like password, biometric auth, or adding an account, you would get a hard failure.

In pyonepassword I spend considerable effort trying to detect conditions where a console or UI prompt might happen, and giving the caller the option of avoiding them.

The idea being if using op in an automated context, and authentication fails for some reason, it's desirable to have the failure right away and handle it, rather than hang indefinitely at a password prompt.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided

6 replies

1Password Employee
November 4, 2022

Hi @zcutlip , just to make sure I understand your request correctly: you would like to have a way of not having to interactively respond to op signin when run in an interactive mode? For example, there is a way to avoid interactivity by running the command in a non-interactive environment (i.e. not in a terminal). In this way, the password could be passed at the time of the command execution via stdin.

Looking forward for your answer,
Andi

zcutlip
zcutlipAuthor
November 4, 2022

I'm sorry; I wasn't very clear.

Let's take this scenario:

  • I think (or, more accurately my script thinks) I'm signed in already because I've done one of the following
    • previously run op signin
    • set OP_SESSION_<user_id> to what I believe is a valid session token
    • set OP_SERVICE_ACCOUNT_TOKEN to what I believe is a valid service account token
  • BUT I'm actually not authenticated because one of the following
    • the session has expired, or
    • the service account has been revoked, or
    • some other mistake
  • In some cases, an op item get operation (or similar) will prompt via GUI or command line to sign in before proceeding
    • This prompt for user interaction will hang forever if there's no user, so I need to avoid it, and just log an error

What I'd like is a mode to guarantee an op item get or any other operation is a hard failure if we're not authenticated (or our authentication has expired or been revoked), rather than be prompted to re-authenticate

Does that make more sense?

Dayton_ag
1Password Employee
November 16, 2022

Hey @zcutlip, thanks so much for your reply and that clarification, it's really helpful! To confirm my understanding then, you'd like to see a flag that would tell 1Password to stop when it does not have a valid session, instead of prompting the user to authenticate - this would be most useful for scripting with the CLI, including with pyonepassword. Is that correct?

I can't make any promises for future changes, but I'll be happy to pass this along to the Development team to look into. 😊 Let me know!

zcutlip
zcutlipAuthor
November 17, 2022

Yes that's right. A mode that guarantees no user interaction even of that means hard failure.

Thanks!

Jack_P_1P
1Password Employee
November 30, 2022

I've gone ahead and passed your feedback along to the team. On behalf of Dayton, you're very welcome!

Jack

ref: IDEA-I-2319

April 22, 2025

Good Morning,

I am picking up this thread to see if this feature has been implemented.  This morning your service was unavailable while I was restarting an app, which took it down.  I'd like to add a test to my systemd script to check and see if the op tool is connecting correctly before it is used in a restart process.  Any command I execute without my 1password session key set for authentication sends the op command into an interactive mode asking if I would like to connect.  Is there a flag I can pass to the op tool that will tell it to fail with exit code 1 if it can't authenticate?

Thanks

ocd