Forum Discussion

Dedicated Contributor

4 years ago

`op account add` shouldn't show the Secret Key!

I'm configuring the CLI for the first time, and I was surpresed to see that op account add shows the Secret Key as I type it (same for op vault ls ). For such a sensitive secret, it should defin...

cli

XIII

Super Contributor

4 years ago

$XDG_CONFIG_HOME/op/config if I remember correctly (already deleted it)

Isn't much different then in browsers; you see the secret key when you type it and it is also not very well protected, I think.

Is probably mentioned in a 1Password security document? (Plus explanation why this is somehow OK?)

Forum Discussion

`op account add` shouldn't show the Secret Key!

Featured discussions

September at 1Password: Browser versions, enhanced security, and new integrations

Recent discussions

1PW extension bug: autofill theme detection fails when using oklch color scheme

Environments with custom text file

allowed-signers file not created

FeatureRequest: SSH Agent Key access confirm

Support for SSH Certificates (2024)