Signing back into the Community for the first time? You'll need to reset your password to access your account. Find out more.
Forum Discussion
integralist
17 days agoNew Contributor
Security concern with allowing Terminal complete access to my 1P account via op CLI
I have a shell script that uses 1Password secret reference:
export EXAMPLE_API_KEY=$(op read "op://Vault-Name/Example API Token/Specific-Token/Token")
But when it's loaded, I have to authorise the terminal/shell to have access to it (see screenshot)
My concern is that it's giving the terminal/shell access to my entire account and all vaults within it when I only want to provide it with access to one entry within a single vault.
What happens if I had a malicious script installed that scans for 1Password secret references across multiple files? The script might not be able to identify the "account" but it just needs the vault names. Then it can start to build up common names for identifying secrets stored within 1Password and try requesting them, and if I've already authorised the terminal/shell I won't see a popup notification and so the script would be free to access the secrets.
Initially, I moved any secrets I use for development work into a separate vault, which I thought would help when it came to the terminal/shell requiring access via a 1Password secret reference because it would only have access to that specific vault (reducing the blast radius) but that's when I noticed it wasn't getting access to just the vault but the entire account.
I'm not sure how much of an issue people think this is but it worries me.
1Password Version: 8.10.40
Extension Version: Not Provided
OS Version: macOS 15.1
Browser: Chrome
Hi Integralist,
This is a great question. I think this falls into the same category as risks associated with malware or similarly compromised devices: there's very little any application can do to prevent that entity from accessing any information on your computer that the authorized user can access. An attacker that has the same permissions you have on the device (as is true in the scenario you are referring to in which there is arbitrary malicious code being executed) can at least theoretically access anything you access.
The CLI behaviour you outline doesn't meaningfully increase the risk in a situation like this because such an attacker with the level of access you describe doesn't require the CLI to behave this way to do harm, including potentially learning something about your 1Password data, since 1Password is necessarily unlocked in your scenario.
It sounds trite, but the answer almost always is: It's never safe to run any application on a device that is, or suspected to be, compromised. If you suspect your device is compromised, you should not unlock 1Password. That should at least prevent the attacker from obtaining any 1Password data (as for all the other data on your computer... that's a different story).
We do our best to protect your data even in the event of a compromised device, which you can read a bit more about here: https://blog.1password.com/local-threats-device-protections/
But at the end of the day, there's not a lot that any application can do to completely eliminate this risk. 1Password in it's locked state, however, would be almost an impossible nut to crack.
- Scott_1P
1Password Team
Hi Integralist,
This is a great question. I think this falls into the same category as risks associated with malware or similarly compromised devices: there's very little any application can do to prevent that entity from accessing any information on your computer that the authorized user can access. An attacker that has the same permissions you have on the device (as is true in the scenario you are referring to in which there is arbitrary malicious code being executed) can at least theoretically access anything you access.
The CLI behaviour you outline doesn't meaningfully increase the risk in a situation like this because such an attacker with the level of access you describe doesn't require the CLI to behave this way to do harm, including potentially learning something about your 1Password data, since 1Password is necessarily unlocked in your scenario.
It sounds trite, but the answer almost always is: It's never safe to run any application on a device that is, or suspected to be, compromised. If you suspect your device is compromised, you should not unlock 1Password. That should at least prevent the attacker from obtaining any 1Password data (as for all the other data on your computer... that's a different story).
We do our best to protect your data even in the event of a compromised device, which you can read a bit more about here: https://blog.1password.com/local-threats-device-protections/
But at the end of the day, there's not a lot that any application can do to completely eliminate this risk. 1Password in it's locked state, however, would be almost an impossible nut to crack.