Forum Discussion

twoellert's avatar
twoellert
New Contributor
7 months ago

CLI Bug - Item edit fails from within GitHub Action

Hey,

I noticed a bug in the 1password CLI if you use it from within a GitHub Action. The issue occurs when editing an existing item in a 1password vault.

Command to call from within a GitHub Action:
op item edit existingItemName --vault vaultUuid existingValue=newValue

If you do this you will get an error message about an invalid JSON and the value in the item is not updated.

The same command runs fine on Windows and Linux in a regular shell.

Versions affected:
The issue started in 1password CLI version 2.23.0. 2.22.0 works fine. The issue is still present in the current version 2.30.0 and also the latest-beta I tried.

Possibly its due to the GitHub action bash terminal not really being interactive? Not sure.

I tried with several different ways of passing the name of the existingValue and newValue into the command but none worked. All ended up with the same error. In 2.23.0 some stuff shows up in the changelog of the CLI regarding "item edit", I think this caused the problem.

If anyone knows a different workaround than to stick with v2.22.0 for now let me know.

Regards,
Tom

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided

CLI

5 Replies

Sort By
  • dbsmith's avatar
    dbsmith
    New Contributor
    6 days ago

    Still broken in 1Password CLI v2.31.0.

    The proposed workaround doesn't work for me when attempting to edit a secure note or API credential item.

    Relevant step in GitHub Actions is:

        - name: Get Tailscale auth key (Client) from 1Password
      id: get-tailscale-authkey-1password-client
      run: |
        op item get $OP_ITEM_ID --vault $OP_VAULT_ID --format json > $OP_ITEM_ID.json
        jq --arg field_id "$OP_FIELD_ID" --arg new_value "$TAILSCALE_AUTHKEY_CLIENT" '.fields |= map(if .id == $field_id then .value = $new_value else . end)' $OP_ITEM_ID.json > $OP_ITEM_ID.updated.json
      env:
        OP_ITEM_ID: 'REDACTED'
        OP_FIELD_ID: 'credential'
        TAILSCALE_AUTHKEY_CLIENT: 'clientclientclient'

    - name: Save Tailscale auth key (Client) to 1Password
      id: save-tailscale-authkey-1password-client
      run: |
        cat $OP_ITEM_ID.updated.json | op item edit $OP_ITEM_ID --vault $OP_VAULT_ID
      env:
        OP_ITEM_ID: 'REDACTED'
        OP_VAULT_ID: 'REDACTED'

    Note that if I cat the updated JSON to stdout it shows that the file was correctly updated, so the issue should not be the JSON file but rather with updating the 1Password entry afterwards.

    Error in the save step in GitHub Actions is:

    unable to process line 1: Couldn't update the item.
    • dbsmith's avatar
      dbsmith
      New Contributor
      6 days ago

      Embarrassed to admit that the workaround DOES, in fact, work, and my service account simply lacked write permissions. Would love for the error message to tell me this, but it was my error and I have my action working now!

  • Anush008's avatar
    Anush008
    New Contributor
    7 months ago

    Wow. Thanks.
    I'll use this.
    Hope they'll patch this issue in a future version.

  • twoellert's avatar
    twoellert
    New Contributor
    7 months ago

    Hey Anush008

    I am in contact with 1password support and they mentioned a workaround which works.

    You can do it by modifying the downloaded JSON format and uploading it again as JSON. For example this modifies the "value" in the 2nd entry of the "fields" structure in the JSON file and pipes it to the edit command:

    op item get test --vault "MyVault" --format json > newItem.json
    jq '.fields[1].value = "newpassword"' newItem.json >> newItem-modified.json
    cat newItem-modified.json | op item edit test --vault "MyVault"

    Sadly it does not work for all field types. For example if you have a "File" field (so you attached a file to the 1password item) you cannot upload a new file to this field that way. But for all regular fields containing only text it should work.

    Hope that helps in your case.

    Tom

  • Anush008's avatar
    Anush008
    New Contributor
    7 months ago

    Hi twoellert. I ran into this too while editing and item in GitHub Actions.
    Thanks for suggesting to use v2.22.0. This version works fine.