Level up your business security with free, on-demand training and certification. Explore 1Password Academy today →
Forum Discussion
Empty-string passwords are snowflakes
I want to store "secrets" (passwords, encryption keys) in 1Password, to be consumed, in principal, by automation. I'm creating a JSON template like this, where one secret has a non-empty value and the other is empty:
{
"title": "tg-development",
"category": "SECURE_NOTE",
"fields": [
{
"label": "FOO",
"type": "CONCEALED",
"value": "very-secret-value"
},
{
"label": "BAR",
"type": "CONCEALED",
"value": ""
}
]
}If I check the website, or the 1Password app, I see FOO but I do not see BAR.
However, if I try to edit the item, then I see both fields FOO and BAR.
If I try to retrieve the item:
op item get tg-development --format=json --reveal
Then I get this (excerpt):
{
"category": "SECURE_NOTE",
"fields": [
{
"type": "CONCEALED",
"label": "FOO",
"value": "very-secret-value"
},
{
"type": "CONCEALED",
"label": "BAR"
}
]
}Notice the difference: the CLI returns both fields, but one of them is missing the `value` key.
What I expect is that the CLI would return all fields with their values, even if the values are empty. Please return all fields properly.
I'm guessing this is why the site and the app do not show secrets with empty values.
If I try "category": "API_CREDENTIAL" in the template, I get the same result.
op version 2.34.0 on macOS 15.7.7
1 Reply
Additionally, when the item is created like this:
op item create --vault "$VAULT" --template ...
The command will print out all the labels it has created, except for those with an empty value.
This is confusing, and it requires workarounds.
Please treat all secrets the same, no matter what particular string value they have. Empty string is a valid string value.
