Are there docs for .config/op/config?

Question

In particular, could a malicious actor abuse this information?  I'm trying very hard not to have any plaintext secrets on the filesystem anywhere.

{
    "latest_signin": "",
    "device": "",
    "accounts": [
        {
            "shorthand": "",
            "accountUUID": "",
            "url": "",
            "email": "",
            "accountKey": "",
            "userUUID": "",
            "dsecret": ""
        }
    ],
    "system_auth_latest_signin": ""
}

Like some of these fields are self explanatory like email and url, but what about accountKey or dsecret?

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided

greenrectangle · Answer

okay, it looks like accountKey is "secretKey" when logging into 1password. They really should rename that since accountKey seems much less important.

It's unfortunate the cli can't take advantage of mac's keychain to store the sensitive bits here.

Forum Discussion

Are there docs for .config/op/config?

Recent Discussions

1Password fails to prompt for approval when using Hyprland

Trouble getting document items in Kubernetes with 1P Connect Operator

CLI hangs when requesting items

Is it possible to select the SSH Client I want to use for ssh:// entries?

Visual Studio Code remote development server and 1Password ssh config