Getting started with 1Password for your growing team, or refining your setup? Our Secured Success quickstart guide is for you.
Forum Discussion
Using OP and Python to autofill CLI passwords, is there a danger to passwords in memory?
I am wanting to write a script to autofill and update passwords in Python on the CLI. It is easy enough to use subprocess and run OP to get vault items and inject them. Though I am worried that by doing this I am creating vulnerabilities with passwords in memory. Is there something I should do to keep memory cleaned up in case of core dumps? I am working on a local Windows machine, and only I have access to it, but I feel like I should be taking extra steps to be safe. Or maybe a password autofill like this is just a bad idea? I'm just tired of copying passwords and pasting them into terminals.
1Password Version:1.11.2
_Extension Version: Not Provided
OS Version:Windows 10
_Referrer: forum-search:https://1password.community/search?Search=passwords%20in%20memory
5 Replies
tmarquard - when referring to scope, I didn't mean the CLI itself, I meant any scripts you planned to use to augment or work with it. For obvious reasons, we don't evaluate scripts/code created by 3rd parties to work with our existing tools. If you're not already aware of the existing documentation for the 1Password CLI, you can https://support.1password.com/command-line-reference/.
Thanks Lars,
What is the scope of the 1password CLI? I assumed it was exactly for something like this, to access passwords when they are needed on the CLI. I will take a look at the secrets automation to see if that is a better fit for what I'm trying to do.
Thanks again,
Talon
tmarquard - I would be remiss if I didn't point you towards our https://1password.com/secrets/ capabilities. Without knowing more about what you want to do, that sounds as if it might help you accomplish most if not all of it, and we even have https://1password.community/categories/secrets-automation for it, if you have questions. :)
tmarquard - I can't recommend doing this, since that's well outside the scope of what 1Password (even the CLI) helps you manage. I can really only sympathize with the undeniable fact that in some cases, following best security practices can be time-consuming and even annoying.
It would be much easier, for example, to have a one-character Account Password. Ridiculously insecure...but unquestionably easier than typing out a long string of characters every time it's required. It would also be easier to simply paste one's Account Password into a text file or keyboard shortcut, so that it could be re-pasted whenever needed. Of course that, too, wouldn't be very secure.
The point is not to compare what you are doing with either of those things directly, but to make the larger point that it's frequently not the greatest idea from a security perspective to create shortcuts with some of the very things that help keep you secure, in any environment, be it your OS, or 1Password.
Hi tmarquard!
I will send your question directly to our security team :+1: We will post back here as soon as we have an update for you.
