Getting started with 1Password for your growing team, or refining your setup? Our Secured Success quickstart guide is for you.
Forum Discussion
Is it possible to inject a OTP into a config file?
I've set up a config file template as described here: https://developer.1password.com/docs/cli/secrets-config-files
Everything is working great, except for the OTP. The reference (op://<vault>/<item>/<section>/one-time password) appears to be addressing the "value" field which contains the otpauth://... URI, rather than addressing the "topt" field where the current calculated value (e.g. 123456) is stored.
Is there a way to merge the OTP code into a config file using the op.exe inject syntax, or must I merge it in manually using the op get totp <uuid> [flags] command and some scripting magic?
1Password Version: CLI 2.7.1
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided
5 Replies
andi_t_1P1Password Team
Thanks for the detailed explanation of your case, it definitely helps in understanding why you need this!
Best,
AndiJust wanted to add - I know putting such an ephemeral code in a config file seems weird, so to elaborate: The Cisco AnyConnect VPN client doesn't take command line arguments for username, password, OTP, etc. Their solution is to write everything to a file and read the file in. It's janky, but it works...
Thanks andi_t_1P!
- andi_t_1P
Hi @nate886 , the answer to your question is that, currently, there is no way in which you could retrieve the totp value of a one time password using secret references. You could only achieve that using
op item get <uuid> --otp. That being said, I just filed an internal feature request for making this possible with secret references well, withop readorop injectmore specifically.All the best,
Andi I found a thread on https://www.reddit.com/r/1Password/comments/vh9q8f/getting_totp_code_via_cli_v2_using_the_template/?utm_source=share&utm_medium=web2x&context=3 asking the same question, but it looks like everyone suggested going the manual merge route.
Figured it was worth asking here to see if there was an official answer.
