Feature Request: Generate random passwords with CLI via dedicated command (e.g. `op generate`)

New Contributor

3 months ago

Suggestion have an option to run a command using `op generate` as a command wrapper with an environment variable generated.

Such that an environment variable is briefly created in a environment where a passed command is run, and then safely destroyed with 100% certainty (even on error/crash).

E.g. `op generate password <<options>> -c 'store-secret add "example" --secret $GENERATED_PASSWORD' --confirmation $GENERATED_PASSWORD`.
Where GENERATED_PASSWORD is the environment variable created and `-c` is the command to be run.

The implementation could be something like:

// Note: Pseudo bash code, I'm not a bash programmer

// Create temp local evn var
GENERATED_PASSWORD=`op generate password <<options>>`

// Run given command
...

// Cleanup 
unset GENERATED_PASSWORD

// Add signal handling to cleanup GENERATED_PASSWORD

// Optionally (on by default) hook in to SDOUT/SDERR to redact the secret in output

Value add the extra complexity over just allowing the `op password` to be used directly:
* Reduce the likely hood of secrets to be exposed accidentally
* Cleanup handling on error
* Way to showcase best practice in secrets management
* Increase the value of the ("op") 1Password CLI/improve DevX
* There are a lot of edge cases that 1Password can handle that would likely be too much work/missed for manual scripts

Forum Discussion

Feature Request: Generate random passwords with CLI via dedicated command (e.g. `op generate`)

Recent Discussions

macOS 26 beta browser extension very slow to open

`op account add` with `Integrate with 1Password CLI`

Console flooded with errors when clicking links during 1Password passkey selection dialog

WSL2 Arm Build

1password doesn't seem to remember the key approval for JetBrains IDEA Ultimate