Getting started with 1Password for your growing team, or refining your setup? Our Secured Success quickstart guide is for you.
Developer Doc "bugs"
As we are starting to develop utilizing 1Password SDK, I have been finding some "bugs" in the documentation. I would love to see these updated (to help other people). We have been having to create our own internal documentation. From: https://developer.1password.com/docs/sdks/manage-items/#update-an-item Update an item To update an item, fetch the item you want to update, specify the changes you want to make, then pass the updated item to the client.Items.Put function. # Update a field in your item item.fields[0].value = "new_value" item.websites.append( Website( label="my custom website 2", url="https://example2.com", autofill_behavior=AutofillBehavior.NEVER, ), ) updated_item = await client.items.put(item) Website is not a data type: NameError: name 'Website' is not defined From the page: https://developer.1password.com/docs/sdks/concepts/#field-types There is no Data Type "Website", but there is a Data Type "Url", which I also tried, and it does not work either: NameError: name 'Url' is not defined I finally, looking at the source code figured out that I had to do yet another "import": from onepassword.types import ItemField, Website, AutofillBehavior to make this work. Is there other documentation pages that go over all the other parts of "types.py" that tell us when they are used, where it is used, and how to do import for them? Same goes for other code pages (secrets, items, errors, vaults, etc..)
CloudFlare's proxying & the 1Password SCIM bridge
I'm looking for a definitive answer to the question "Is there any way to use CloudFlare's proxying with the 1Password SCIM bridge?" From my own personal experience, all signs seem to point to "no", but surely there must be a way? Any time I've enabled proxying on the SCIM bridge's `A` record, it always causes trouble with the `certificate-manager`, which results in certs not being renewed, which then causes the bridge to stop working completely. So is proxying completely out of the question? Or is there some way to get it working? Thanks!Documentation Correction:
From: https://developer.1password.com/docs/sdks/manage-items Under "Address": fieldType should be field_type, and sdk.ItemFieldType.Address should be ItemFieldType.ADDRESS sectionID should be section_id { id: "address", title: "Address", sectionId: "custom section", fieldType: sdk.ItemFieldType.Address, value: "", details: { type: "Address", content: { street: "1234 Elm St", city: "Springfield", country: "USA", zip: "12345", state: "IL", }, }, },
Announcing op-python and ivorynomad.onepassword
I've created a python module intended to ease use of 1password CLI in CI/CD and IaC environments. https://pypi.org/project/op-python/ I've also created an ansible lookup plugin which leverages the op-python module to perform secrets retrieval for ansible playbooks. https://galaxy.ansible.com/ui/repo/published/ivorynomad/onepassword/ I use these in my home lab environment where they have been useful to me; I hope they might be useful for others.openv – A simple CLI tool to wrap commands with 1Password secrets from .env
Hey folks, 👋 I just released a new version of a small command-line tool I’ve been working on called openv. 💡 What it does: It automatically wraps selected dev commands (like npm dev, pnpm run, etc.) with op run, if your project’s .env file contains op:// secrets from 1Password. So instead of manually writing: run --env-file=.env -- npm run dev You can just type, as you would normally do: npm run dev And it will be wrapped automatically via a shell hook. 🧠 Why I built it: This started as a personal tool because I kept forgetting to wrap my dev commands with op run, and I wanted a smoother experience that "just works" based on .env contents. It hooks into ZSH (likely direnv), with support for allow/deny patterns (e.g., only wrap certain commands like pnpm start). 🛠️ Tech: Written in Rust Works in ZSH, Bash, and Fish Installable via Homebrew Fully local 🧪 Notes: This is an early release, mainly developed for my personal use. I’m sharing it here in case others find it useful. Feedback, issues, or even feature ideas are very welcome — but no pressure! GitHub: https://github.com/andrea11/openv Thanks for reading — and happy coding! 🚀
Passkey algorithm support
Recently I began a passkey integration and I'm using 1password to test things out. There are a great deal of passkey algorithms that exist: https://www.iana.org/assignments/cose/cose.xhtml#algorithms Unfortunately it seems like if I remove all the "Recommended: No" and "Recommended: Deprecated" ones, I am unable to get 1password to generate a passkey. It gives me a somewhat opaque "1password encountered a problem" in the passkey dialogue after I click Save, and it seems to fall back to the browser which prompts me for a security key. I see this in the console log: PortOpener: passkey-save-prompt/XXXXXX received error: "create-passkey-failed" The algorithms I chose in order to be more secure based on the recommendations on that page and what I'm able to support in my server: PS384 PS512 RS256 RS384 RS512 The "deprecated" algorithm I added to make the error go away, and allow 1password to correctly function: ES256 Is there anywhere to find the full list of passkey algorithms 1password supports so I can try to come up with a good list to use on the server-side? Ideally it wouldn't contain deprecated ones.Issue with using op.exe within WSL for Ansible
Despite using 1Password, 1Password CLI and Ansible successfully in WSL on Windows 11, I've recently run into an issue. The 1Password apps on my work device were not being updated, and I believe I was using version 8.8.8 of the main app and 2.17.0 of the CLI. (Not great, I know). I had created a symbolic link for "/mnt/c/Program\ Files\ \)x86\)/1Password\ CLI/op.exe" to /usr/local/bin/op and everything was running fine. I could run 'op signin' and it would trigger my biometric authentication and 'op account list' would return my account as expected. I could also, use the community.general.onepassword lookup within Ansible just fine. I had a script to retrieve my ansible vault password configured in my ansible.cfg and this worked fine: #!/bin/bash op read "op://Personal/ansible_vault/password" After much cajoling, the support team have updated the 1Password applications on my device, I'm now running 8.11.2 of the Desktop app and 2.31.1 of OP CLI. Most of my environment works as before, 'op account list' triggers my biometrics and then returns the expected values and my ansible vault script above continues to work in the same way... however now the community.general.onepassword plugin is complaining that I'm not passing the required parameters (secret key, username, master_password, subdomain) ... but I shouldn't need to do this, as I am signed into 1Password. Again, this worked fine before upgrading the Windows OP CLI and App. Is this expected? I guess I could add these security items into my Ansible vault but I thought the whole point of OP CLI was to be able to move away from static security info in files (even if it is encrypted) and using password managers?
Docs for "connect-api" and "connect-sync"
I was able to find and download the docker images as tar files and was able to crack them open and find the raw binaries. I had mixed results when trying to execute them. Is there documentation for these binaries if we wanted to try to run these standalone (outside of a docker container)? How would one point it to the "1password-credentials.json" file - as the "docker-compose.yaml" file tells docker to stick it in a "opuser" directory (a home directory within the docker container). volumes: - "./1password-credentials.json:/home/opuser/.op/1password-credentials.json" - "data:/home/opuser/.op/data" Just looking for documentation that might help me do this? Has anyone else done this?
