Protect what matters – even after you're gone. Make a plan for your digital legacy today.
CLI Slow Performance
I have the 1Password desktop app installed and up to date on my macBook Pro, the `op` CLI is also installed, up to date, and working properly. All expected CLI queries work but they are surprisingly slow. After a bunch of trial and error, it seems that it is making a round-trip online as part of every single CLI query. I added the --debug flag and I can see cache hits, but the round trip online is still occurring. Disabling the network interface causes all queries to fail. Is it possible to get the 1Password CLI working fully offline to avoid all of this unnecessary round-trip business? Surely with the desktop app installed and CLI integration turned on, there has to be a way to make efficient (and offline) use of my 1Password vaults. Otherwise automation tasks that require secrets are simply too cumbersome to handle with 1Password, and I will require a secondary solution. And in that case, I may as well give up on 1Password.
Copy secret reference (using ID values)
This applies to all platforms (not just Mac), but I didn't see a community category for "all platforms", so I'm choosing Mac because it seems to have the highest user activity Perhaps I've missed some documentation, but I don't find a way to copy a https://developer.1password.com/docs/cli/secrets-reference-syntax/ using the desktop app. This seems like a basic and essential task during development. What I want is this format: op://vault_id/item_id/section_id/field_id or if the value isn't in a section: op://vault_id/item_id/field_id How can I do that easily — and get a secret reference defined by ID values (which should be immutable — vs. name values which can be modified)? More context: I find some ways to construct the URL manually (but this is not ideal): A URL can be copied which includes the vault and item ID among other query parameters: I get one in a format like this: https://start.1password.com/open/i?v={VAULT_ID}&i={ITEM_ID} However, that's not enough as it doesn't include the section/field, and would need to be manually edited or processed by other tooling as an additional step to get the required output. I can also use "Copy item UUID" and then paste that as an argument to a manually-typed CLI command to get much more than what's needed: % op --format=json item get x5k2wndiih6cmw2rugl7ol442i { "id": "x5k2wndiih6cmw2rugl7ol442i", // --- snip --- "vault": { "id": "{REDACTED_VAULT_ID}", // --- snip --- }, // --- snip --- "fields": [ // --- snip --- { "id": "credential", "type": "CONCEALED", "label": "credential", "value": "abc123", "reference": "op://{REDACTED_VAULT_NAME}/API Credential/credential" }, // --- snip --- ] } However, this still involves either manually copying+pasting IDs or using other tooling to parse and create the required output. The JSON does include a reference value for the target field, but the reference is built using names, which isn't satisfactory for the reasons described previously. For the example above, what I want to copy to the clipboard is the following (where {VAULT_ID} is replaced by the actual vault ID): op://{VAULT_ID}/x5k2wndiih6cmw2rugl7ol442i/credential I think that if the boolean option is enabled at Settings > Advanced > Show debugging tools: then there should be an option to copy a complete ID-based secret reference for every field in its contextual menu: This is a re-posting of previous issue — the 1Password team stopped responding and it was closed without comment: https://1password.community/discussion/139642/copy-secret-reference-using-id-values 1Password Version: 8.10.48 Extension Version: Not Provided OS Version: macOS 15.0.1 Browser: Not Provided
Frustrations with .env File Handling and Environments in 1Password
To whom it may concern, I just tried to add some basic .env files to 1Password and was honestly surprised at how difficult and unsatisfying the experience was. I’ve always considered 1Password a premium, polished product, and I’ve really enjoyed using it so far. But in this case, the lack of functionality is pretty disappointing. I know you recently launched the Environments beta, which seems like a step in the right direction, but it’s clearly not fully fleshed out. Most programming projects of mine include multiple environment files, not just one. Some values in these files are sensitive, and others aren’t, so we should be able to choose which fields are masked (as passwords) and which are shown normally. Importing and exporting environment files should also be seamless, currently, it’s anything but. But the biggest issue with Environments right now is that they apparently don’t belong to vaults. That means I can’t share them with coworkers, which makes them basically useless for team projects. What’s the point of having them at all if they can’t be shared? So I tried workarounds: First, I attempted to store the variables in a secure note. While you can manually add fields, that’s clunky and time-consuming. Then I tried uploading the .env file to the note, but on macOS, the file picker doesn’t show hidden files, and apparently there’s no way to make it do so. This made it impossible to upload the file with its original name, a really basic oversight, and one that shouldn’t exist in a premium product. Next, I tried using a Document item. At least the drag-and-drop upload worked (unlike Secure Notes), but now I’m locked into a document type that only allows a single file. That’s just not workable when a project has multiple secret environment files. Even worse, if I want to replace the file, the drag-and-drop UI disappears entirely, so I can’t upload a hidden file again. I’d have to delete the entire document and start over. That’s absurd. I genuinely respect the work you’ve done on 1Password; it’s one of the few tools I’ve used that felt reliable and trustworthy out of the box. But these gaps in functionality around something as basic as handling environment files are frustrating. And for a product at this price point, I expect this sort of workflow to just work. It’s hard to believe these limitations haven’t already been addressed. On top of that, it was surprisingly difficult to even find a proper way to give feedback like this. That feels like a mistake, if users can’t easily tell you where the product falls short, you miss the chance to improve it. Anyway, I needed to get this off my chest. I hope this feedback is helpful, and that we’ll see improvements to these features soon. Best regards, Joël Grosjean
"op inject" does not find item in vault
Hi, I'm currently trying to generate a .env file locally using a .env.reference containing secret references, but I keep getting an error when running op inject. Any help on this would be much appreciated. --- .env.reference APP_ENV="op://Env_Server_Local/APP_ENV/password" FRONTEND_APP_URL="op://Env_Server_Local/FRONTEND_APP_URL/password" SERVER_URL="op://Env_Server_Local/SERVER_URL/password" > When running op read, it works % op read op://Env_Server_Local/APP_ENV/password development > When running op inject to generate the .env file, it fails. The secret does exist and was not deleted or archived. % op inject -i packages/server/.env.reference -o packages/server/.env [ERROR] 2025/06/13 08:45:14 could not find item APP_ENV in vault Env_Server_Local, because it has been deleted or archived. Please restore the item if you want to use it with secret provisioning. I feel it might be due to adding new items to the vault / updating existing items. --- 1password-cli : 2.31.1 desktop app: 1Password for Mac 8.10.80 (81080023) ---- This is blocking us from fully integrating 1password as secrets manager. Any help appreciated 🙏op run messes up the cli text format
I'm using op run to load secrets into the environment. but it messes up the text format of the subsequent cli. See the history below. My "hi" even disappeared after I hit enter. Any solutions? % op run --env-file=.env.local -- aider --model openai/gpt-4o-mini ────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── Aider v0.81.1 Model: openai/gpt-4o-mini with whole edit format Git repo: .git with 27 files Repo-map: using 4096 tokens, auto refresh ────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── > It seems like you want to start a new request. Please let me know what changes you would like to make, and I will assist you accordingly! Tokens: 9.0k sent, 30 received. Cost: $0.0014 message, $0.0014 session. ────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── > In comparison, if i run the cli tool without op run. It's well-formated. % aider --model openai/gpt-4o-mini ────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── Warning: openai/gpt-4o-mini expects these environment variables - OPENAI_API_KEY: Not set You can skip this check with --no-show-model-warnings https://aider.chat/docs/llms/warnings.html Open documentation url for more info? (Y)es/(N)o/(D)on't ask again [Yes]: n Aider v0.81.1 Model: openai/gpt-4o-mini with whole edit format Git repo: .git with 27 files Repo-map: using 4096 tokens, auto refresh ────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── > hi litellm.AuthenticationError: AuthenticationError: OpenAIException - The api_key client option must be set either by passing api_key to the client or by setting the OPENAI_API_KEY environment variable The API provider is not able to authenticate you. Check your API key. ────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── >
Allow Warp as terminal to open SSH URLs
http://warp.dev is a popular terminal emulator that support both MacOS, Windows and Linux. It's popular and should be considered relevant enough. It would be great to support this Terminal within Settings -> Developer -> SSH Agent -> Advanced -> Open SSH URLs with.
