Signing back into the Community for the first time? You'll need to reset your password to access your account. Find out more.
Forum Discussion
Nezteb
2 years agoNew Contributor
Feature Request: Generate random passwords with CLI via dedicated command (e.g. `op generate`)
There are a few past threads about this:
- December 2020: https://1password.community/discussion/117673/generating-passwords-with-the-cli
- March 2022: https://1password.community/discussion/127625/feature-request-add-password-generation-with-words-in-cli
- May 2022: https://1password.community/discussion/129811/generate-passwords-from-op-1p-cli
They never seemed to go anywhere. One suggestion was to use:
op item create --title='retrievable generated password' --category=password --generate-password=20,letters,digits | op read op://Private/'retrievable generated password'/password
I find that overly verbose and complex just to get a short-lived password. There are many situations where you wouldn't want to save a password in 1P from a shell script. In my case, I'm spinning up containers to test with, after which I destroy the container and never need the password again.
There are plenty of other ways to do this with bash/zsh:
- date +%s | sha256sum | base64 | head -c 32 ; echo
- openssl rand -base64 32
I'd much prefer a way to do this with the 1Password CLI if at all possible. Something like op generate [options]
, though the command can be anything.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided
- Former Member
+1, FTR ChatGPT lied and said it existed already :)
op generate password 20 --require-uppercase --require-lowercase --require-digits --require-symbols
- Former Member
More temporary but if you are familiar with
jq
https://stedolan.github.io/jq/manual/
op item create \
--dry-run \
--category Password \
--generate-password='letters,digits,symbols,32' \
--format json \
| jq -r '.fields[] | select(.id == "password").value'
- Former Member
Example use case:
Take the temporary generated password and use it to override a database (non password/login item) password
PASS=$(op item create \
--dry-run \
--category Password \
--generate-password='letters,digits,symbols,32' \
--format json \
| jq -r '.fields[] | select(.id == "password").value');
op item get "EXISTING DATABASE ITEM" --format json \
| op item create \
--vault "VAULT" \
--title "NEW NAME" \
- 'username=USER' 'database=DB' "password=${PASS}"
- NeztebNew Contributor
Ah TIL about the
--dry-run
flag, thanks for that tip!Using your snippet as a base, I came up with a bash alias for this:
```
genpass() {
CHARS=${1:-32}ITEM=$(op item create \
--dry-run \
--category Password \
--generate-password="letters,digits,symbols,$CHARS" \
--format json)PASS=$(echo "$ITEM" | jq -r '.fields[] | select(.id == "password").value')
echo "$PASS"
}
```That could all be one or two lines but I split it up for ease-of-use. 😅
Usage:
```
❯ genpass
7FwhRY.Zp.BVWxUrqUxKPEQQx-u!PKa.❯ genpass 5
n3F-L❯ genpass 64
ngtstGwJ3KmJQ2fJ-MkVkCPNNCqHXt_k-j3szo4KvVeFHVi*J*P*b2xVxpdRWRA8
``` - Former Member
Much easier to read like that, thanks for riffing off it 😀
- andi_t_1P
1Password Team
Hey all, we do have ongoing work for making this feature possible. Here is what it could like:
op item edit --generate "My Field"
op item edit --generate "My Field=20,letters,numbers"
op item edit --generate "My Field[text]=20,letters,numbers"
No ETA for when this will be available though, but in the meantime, let us know what feedback you have about the design.
- Former Member
@andi.t_1P that could help a bit for my use case, yeah! Although having a dedicated
generate
command could also have some nice use-cases. Thanks for sharing what you're up to. - Former Member
If you have any specific use cases that this really doesn't solve, please feel free to let us know :)
Amanda
- Former Member
I think the other use case is to create a temporary password, maybe for a hash salt or something where we don't store it in 1Password after it's generated
- Former Member
Hi @ubcpittet,
That's currently possible, actually!
op item create --category password --generate-password --dry-run --format json | jq -r '.fields[0].value'
Cheers!
Amanda