Forum Discussion

Nezteb's avatar
Nezteb
New Contributor
3 years ago

Feature Request: Generate random passwords with CLI via dedicated command (e.g. `op generate`)

There are a few past threads about this:
- December 2020: https://1password.community/discussion/117673/generating-passwords-with-the-cli
- March 2022: https://1password.community/discussion/127625/feature-request-add-password-generation-with-words-in-cli
- May 2022: https://1password.community/discussion/129811/generate-passwords-from-op-1p-cli

They never seemed to go anywhere. One suggestion was to use:

op item create --title='retrievable generated password' --category=password --generate-password=20,letters,digits | op read op://Private/'retrievable generated password'/password

I find that overly verbose and complex just to get a short-lived password. There are many situations where you wouldn't want to save a password in 1P from a shell script. In my case, I'm spinning up containers to test with, after which I destroy the container and never need the password again.

There are plenty of other ways to do this with bash/zsh:
- date +%s | sha256sum | base64 | head -c 32 ; echo
- openssl rand -base64 32

I'd much prefer a way to do this with the 1Password CLI if at all possible. Something like op generate [options], though the command can be anything.

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided

CLI

16 Replies

Show More
  • andi_t_1P's avatar
    andi_t_1P
    Icon for 1Password Team rank1Password Team
    3 years ago

    Hey all, we do have ongoing work for making this feature possible. Here is what it could like:


    op item edit --generate "My Field"
    op item edit --generate "My Field=20,letters,numbers"
    op item edit --generate "My Field[text]=20,letters,numbers"

    No ETA for when this will be available though, but in the meantime, let us know what feedback you have about the design.

  • Former Member's avatar
    Former Member
    3 years ago

    Much easier to read like that, thanks for riffing off it 😀

  • Nezteb's avatar
    Nezteb
    New Contributor
    3 years ago

    Ah TIL about the --dry-run flag, thanks for that tip!

    Using your snippet as a base, I came up with a bash alias for this:

    ```
    genpass() {
    CHARS=${1:-32}

    ITEM=$(op item create \
    --dry-run \
    --category Password \
    --generate-password="letters,digits,symbols,$CHARS" \
    --format json)

    PASS=$(echo "$ITEM" | jq -r '.fields[] | select(.id == "password").value')

    echo "$PASS"
    }
    ```

    That could all be one or two lines but I split it up for ease-of-use. 😅

    Usage:
    ```
    ❯ genpass
    7FwhRY.Zp.BVWxUrqUxKPEQQx-u!PKa.

    ❯ genpass 5
    n3F-L

    ❯ genpass 64
    ngtstGwJ3KmJQ2fJ-MkVkCPNNCqHXt_k-j3szo4KvVeFHVi*J*P*b2xVxpdRWRA8
    ```

  • Former Member's avatar
    Former Member
    3 years ago

    Example use case:
    Take the temporary generated password and use it to override a database (non password/login item) password

    PASS=$(op item create \
    --dry-run \
    --category Password \
    --generate-password='letters,digits,symbols,32' \
    --format json \
    | jq -r '.fields[] | select(.id == "password").value');
    op item get "EXISTING DATABASE ITEM" --format json \
    | op item create \
    --vault "VAULT" \
    --title "NEW NAME" \
    - 'username=USER' 'database=DB' "password=${PASS}"

  • Former Member's avatar
    Former Member
    3 years ago

    More temporary but if you are familiar with jq https://stedolan.github.io/jq/manual/

    op item create \
    --dry-run \
    --category Password \
    --generate-password='letters,digits,symbols,32' \
    --format json \
    | jq -r '.fields[] | select(.id == "password").value'

  • Former Member's avatar
    Former Member
    3 years ago

    +1, FTR ChatGPT lied and said it existed already :)
    op generate password 20 --require-uppercase --require-lowercase --require-digits --require-symbols