Forum Discussion

New Contributor

2 years ago

CLI GET/EDIT Method Security Concern

When using the 1Password CLI, why does doing a GET or EDIT on an item return the item with the password in plain text? Wouldn't it make sense to add a --response none flag? Even on the front-end U...

cli

1PassUser39398

New Contributor

2 years ago

Hi David, the use case is fairly simple. One of our vendors changed their apex domain so we now need to iterate through thousands of credentials updating the URL. To my surprise, when the EDIT command is used, the URL is updated, but the entire item is given in the response with the password in plain text. In your document on https://developer.1password.com/docs/cli/reference/management-commands/item page, you state "Caution: Command arguments can be visible to other processes on your machine". If responses are also visible (or logged), whether natively or using malware, the CLI becomes insecure.

Forum Discussion

CLI GET/EDIT Method Security Concern

Featured discussions

September at 1Password: Browser versions, enhanced security, and new integrations

Recent discussions

1PW extension bug: autofill theme detection fails when using oklch color scheme

1password input focus lag with lots of inputs

Cannot find "Destinations" tab for mounting secrets to local .env files

SSH agent requires restart between every GitHub request

How to stop a running 1password ssh agent?