Are there docs for .config/op/config?

Question

In particular, could a malicious actor abuse this information?  I'm trying very hard not to have any plaintext secrets on the filesystem anywhere.

{
    "latest_signin": "",
    "device": "",
    "accounts": [
        {
            "shorthand": "",
            "accountUUID": "",
            "url": "",
            "email": "",
            "accountKey": "",
            "userUUID": "",
            "dsecret": ""
        }
    ],
    "system_auth_latest_signin": ""
}

Like some of these fields are self explanatory like email and url, but what about accountKey or dsecret?

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided

greenrectangle · Answer

okay, it looks like accountKey is "secretKey" when logging into 1password. They really should rename that since accountKey seems much less important.

It's unfortunate the cli can't take advantage of mac's keychain to store the sensitive bits here.

Forum Discussion

Are there docs for .config/op/config?

1 Reply

Recent discussions

1PW extension bug: autofill theme detection fails when using oklch color scheme

Connection reset when `podman login` runs `op`

request: remember application approval for SSH agent

SSH Bookmarks don't support Port Numbers

Feature Request - Access vault from inside docker container