Getting started with 1Password for your growing team, or refining your setup? Our Secured Success quickstart guide is for you.
Forum Discussion
CLI Bug - Item edit fails from within GitHub Action
Hey,
I noticed a bug in the 1password CLI if you use it from within a GitHub Action. The issue occurs when editing an existing item in a 1password vault.
Command to call from within a GitHub Action:
op item edit existingItemName --vault vaultUuid existingValue=newValue
If you do this you will get an error message about an invalid JSON and the value in the item is not updated.
The same command runs fine on Windows and Linux in a regular shell.
Versions affected:
The issue started in 1password CLI version 2.23.0. 2.22.0 works fine. The issue is still present in the current version 2.30.0 and also the latest-beta I tried.
Possibly its due to the GitHub action bash terminal not really being interactive? Not sure.
I tried with several different ways of passing the name of the existingValue and newValue into the command but none worked. All ended up with the same error. In 2.23.0 some stuff shows up in the changelog of the CLI regarding "item edit", I think this caused the problem.
If anyone knows a different workaround than to stick with v2.22.0 for now let me know.
Regards,
Tom
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided
5 Replies
Still broken in 1Password CLI v2.31.0.
The proposed workaround doesn't work for me when attempting to edit a secure note or API credential item.
Relevant step in GitHub Actions is:
- name: Get Tailscale auth key (Client) from 1Password id: get-tailscale-authkey-1password-client run: | op item get $OP_ITEM_ID --vault $OP_VAULT_ID --format json > $OP_ITEM_ID.json jq --arg field_id "$OP_FIELD_ID" --arg new_value "$TAILSCALE_AUTHKEY_CLIENT" '.fields |= map(if .id == $field_id then .value = $new_value else . end)' $OP_ITEM_ID.json > $OP_ITEM_ID.updated.json env: OP_ITEM_ID: 'REDACTED' OP_FIELD_ID: 'credential' TAILSCALE_AUTHKEY_CLIENT: 'clientclientclient' - name: Save Tailscale auth key (Client) to 1Password id: save-tailscale-authkey-1password-client run: | cat $OP_ITEM_ID.updated.json | op item edit $OP_ITEM_ID --vault $OP_VAULT_ID env: OP_ITEM_ID: 'REDACTED' OP_VAULT_ID: 'REDACTED'Note that if I cat the updated JSON to stdout it shows that the file was correctly updated, so the issue should not be the JSON file but rather with updating the 1Password entry afterwards.
Error in the save step in GitHub Actions is:
unable to process line 1: Couldn't update the item.Embarrassed to admit that the workaround DOES, in fact, work, and my service account simply lacked write permissions. Would love for the error message to tell me this, but it was my error and I have my action working now!
Wow. Thanks.
I'll use this.
Hope they'll patch this issue in a future version.Hey Anush008
I am in contact with 1password support and they mentioned a workaround which works.
You can do it by modifying the downloaded JSON format and uploading it again as JSON. For example this modifies the "value" in the 2nd entry of the "fields" structure in the JSON file and pipes it to the edit command:
op item get test --vault "MyVault" --format json > newItem.json
jq '.fields[1].value = "newpassword"' newItem.json >> newItem-modified.json
cat newItem-modified.json | op item edit test --vault "MyVault"Sadly it does not work for all field types. For example if you have a "File" field (so you attached a file to the 1password item) you cannot upload a new file to this field that way. But for all regular fields containing only text it should work.
Hope that helps in your case.
Tom
