Getting started with 1Password for your growing team, or refining your setup? Our Secured Success quickstart guide is for you.
Forum Discussion
Solved
Why does the 1P CLI not access the local 1P store?
👋 I have a shell script with lots of "secret references"... export EXAMPLE1_API_KEY=$(op read "op://<VAULT_NAME>/<ENTRY_NAME>/<SECTION_NAME>/<FIELD_NAME>")
export EXAMPLE2_API_KEY=$(op read "op:/...
Thanks theo​ I didn't realise that `op inject` did a bulk fetch. That actually means I can completely drop my other work-around in favour of doing this...
In a `~/.localrc` I have:
export EXAMPLE_API_KEY={{ op://VaultName/SecretName/SectionName/TokenName }} export ANOTHER_API_KEY={{ op://VaultName/SecretName/SectionName/TokenName }}I can then source via `op inject` from my `~/.zshrc`:
# Configuration you don't want as part of your main .zshrc # For me, this is a template file that includes 1Password secret references. # Meaning, I need to source the file via `op inject` so I can interpolate my secrets. # if [ -f "$HOME/.localrc" ]; then if command -v op >/dev/null; then op signin --account my.1password.com source <(op inject -i $HOME/.localrc) fi fiThis loads much faster now, even when I open a new shell instance I just get a single OS popup asking me to authorize the shell to access 1Password (and I don't need my password as it has that already and so it just needs me to press a button, which I'm fine with -- see screenshot).
Scott_1P
1Password Team
1Password TeamHi Integralist!
Really cool to see someone leaning hard on secret references!
As you note, the CLI is on the slower side. Running `op item get $someItem` gives you a sense of how long that takes. In my experience most item-level operations can take about one second.
Every time I load my terminal shell it takes an age for each secret to load.
Based on this, it sounds like you're using these secret references in a script that is loaded by your shell configuration, hence why it's slowing down any time you open a new shell?
If my inference is correct, I might recommend not loading these as part of your shell configuration (partly because if you are unable to unlock 1Password then you can't instantiate a terminal session....)
Without knowing more about your use-case or whether this is part of your shell config or a script you run, here are a few things to explore that _may_ help depending on your use-case:
- Our SDKs fair bit faster than the CLI, and there are some methods (e.g., client.secret.resolve_all() or .resolve()) that you can use to resolve a secret reference to it's value, optionally in bulk. If you're able to write the script in Go, Python, or JS, this might be faster.
- Our Shell Plugins may be helpful if the secrets you're resolving are credentials for CLI tools you use. Using one of these plugins means you can avoid loading all those secrets when launching your shell, and obtain only the secret you actually need in the moment you need it.
If none of the above are really hitting the mark, maybe you can share more about the specifics of your use case?
Thanks. It sounds like the shell plugin might help. I'll look into it more later and report back. Sounds like I can just create a custom shell "plugin" without having to necessarily contribute it back upstream to the relevant GitHub repo.
- Scott_1P
Sounds like I can just create a custom shell "plugin" without having to necessarily contribute it back upstream to the relevant GitHub repo.
Oh, now that's an interesting idea! Hopefully that makes the experience a bit smoother for you! Report back with how things go!
