connect server - connection refused
I attempted to deploy connect server but it didn't work below are the context input: op item get --format json --vault my_vault_name my_item_title response: [ERROR] 2025/03/14 05:03:37 could not retrieve item ‘my_vault_name/my_item_title: Get "http://localhost:8080/v1/vaults?filter=title+eq+%22my_vault_name%22": dial tcp [::1]:8080: connect: connection refused what have I done I installed locally follow instruction on getting start page I installed via helm chart I already got 1password-credentials.json file locally I already set environment variable OP_CONNECT_TOKEN, OP_CONNECT_HOST I also set environment variables OP_SESSION, OP_HTTP_PORT, OP_LOG_LEVEL I also tried with API heartbeat but also get connection refused info on environment MacOS: 15.3.2 chip M2 ARM64 1Password version: 1Password for Mac 8.10.64 1Password CLI version: 2.30.3 kubenetes: using colima, runtime containerd + k3s pods are up and running (both connect-api and connect-sync) In my profile on 1password.com, it said “Your Connect server hasn’t authenticated with 1Password yet.” helm status give this response NAME: connect LAST DEPLOYED: Fri Mar 14 01:13:28 2025 NAMESPACE: default STATUS: deployed REVISION: 1 NOTES: ** Please be patient while the chart is being deployed ** 1Password Connect is being deployed to Kubernetes. More information about 1Password Connect can be found at https://support.1password.com/secrets-automation/ it look like I missed last “authentication step” but I couldn’t figure out Thank youRepeated errors using git on CLI, VSCode
I am repeatedly having issues where I am getting SSH key errors and/or connections to github are timing out (perhaps connection throttling?) When issuing requests, I'm not always getting prompted or reprompted to approve my key with 1P. Restarting 1P seems to mostly consistently prompt for reauthorization, but it only hangs around for one or two connections before I go back to timeouts/lack of connection. How can I test/confirm whether this is comms issue between the ssh agent and 1P/IDE/CLI?Agent forwarding in VS Code
The ssh agent forwarding documentation states: The IdentityAgent takes precedence over the SSH_AUTH_SOCK environment variable, so you may want to modify the ~/.ssh/config file for your remote workstation so the IdentityAgent setting is only applied if you're not in an SSH shell. Match host * exec "test -z $SSH_TTY" IdentityAgent "~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock" This advice works for a normal terminal session (e.g. iTerm -> ssh) but it does not work in the Visual Studio Code integrated terminal. The reason is that VS Code does NOT set the `SSH_TTY` environment variable, so this doesn't match, and so the terminal doesn't use the 1Password agent. Perhaps the better suggestion would be to test for an ssh client like so? Match host * exec "test -z '$SSH_CLIENT'" I can confirm this works both from iTerm and VS Code.
ssh-agent not respecting OP_BIOMETRIC_UNLOCK_ENABLED
From another device, if I set OP_BIOMETRIC_UNLOCK_ENABLED=true in my shell, and then type `eval $(op signin)` then my desktop where 1P is running, pops up the biometric dialog to authenticate. This is correct and expected. If I set OP_BIOMETRIC_UNLOCK_ENABLED=false and do the same command, now I get asked at the command-line for my vault password. This is also correct and expected. I have enabled ssh-agent and `ssh-add -l` shows my key. Regardless of the OP_BIOMETRIC_UNLOCK_ENABLED setting, when I type `ssh hostname`, I get the dialog on my desktop prompting me to use my fingerprint. This is NOT correct. If OP_BIOMETRIC_UNLOCK_ENABLED=false, `ssh hostname` should prompt for the vault password at the command-line. Futhermore, it `eval $(op signin)` has been executed and there is an active session, then I would expect the `ssh hostname` to just work and not require any authentication. This essentially makes ssh agent only usable when at the desktop machine and not logged in to it remotely. The openssh ssh-agent works as expected. From a developer point of view, I actually think what I want to happen is not likely possible since ssh is connecting to ssh-agent through the socket and has no awareness of the OP_BIOMETRIC_UNLOCK_ENABLED environment variable. It would be really nice if this could work.
Copy secret reference (using ID values)
This applies to all platforms (not just Mac), but I didn't see a community category for "all platforms", so I'm choosing Mac because it seems to have the highest user activity Perhaps I've missed some documentation, but I don't find a way to copy a secret reference using the desktop app. This seems like a basic and essential task during development. What I want is this format: op://vault_id/item_id/section_id/field_id or if the value isn't in a section: op://vault_id/item_id/field_id How can I do that easily — and get a secret reference defined by ID values (which should be immutable — vs. name values which can be modified)? More context: I find some ways to construct the URL manually (but this is not ideal): A URL can be copied which includes the vault and item ID among other query parameters: I get one in a format like this: https://start.1password.com/open/i?v={VAULT_ID}&i={ITEM_ID} However, that's not enough as it doesn't include the section/field, and would need to be manually edited or processed by other tooling as an additional step to get the required output. I can also use "Copy item UUID" and then paste that as an argument to a manually-typed CLI command to get much more than what's needed: % op --format=json item get x5k2wndiih6cmw2rugl7ol442i { "id": "x5k2wndiih6cmw2rugl7ol442i", // --- snip --- "vault": { "id": "{REDACTED_VAULT_ID}", // --- snip --- }, // --- snip --- "fields": [ // --- snip --- { "id": "credential", "type": "CONCEALED", "label": "credential", "value": "abc123", "reference": "op://{REDACTED_VAULT_NAME}/API Credential/credential" }, // --- snip --- ] } However, this still involves either manually copying+pasting IDs or using other tooling to parse and create the required output. The JSON does include a reference value for the target field, but the reference is built using names, which isn't satisfactory for the reasons described previously. For the example above, what I want to copy to the clipboard is the following (where {VAULT_ID} is replaced by the actual vault ID): op://{VAULT_ID}/x5k2wndiih6cmw2rugl7ol442i/credential I think that if the boolean option is enabled at Settings > Advanced > Show debugging tools: then there should be an option to copy a complete ID-based secret reference for every field in its contextual menu: This is a re-posting of previous issue — the 1Password team stopped responding and it was closed without comment: https://1password.community/discussion/139642/copy-secret-reference-using-id-values 1Password Version: 8.10.48 Extension Version: Not Provided OS Version: macOS 15.0.1 Browser: Not Provided
CLI script for migration from .com to .eu
When switching regions as documented in https://support.1password.com/regions/ there are certain limitations: Files can’t be copied across regions. To copy a Document item, download the file to your computer, then upload it to the new account. To copy an item with an attached file, download the file to your computer, remove the attached file from the item, copy the item to the new account, and add the file attachment back to the copied item. Items with custom icons can’t be copied across regions. Edit the item to remove the custom icon, copy the item to the new account, and add the custom icon back to the copied item. Items with related item links can be copied, but you’ll need to relink items after you copy them. Has anyone made a smart script for the op commandline tool to detect which items are affected by the above limitations? Or does the app reliably complain if it can't copy 1:1 from .com to .eu?
Trouble getting document items in Kubernetes with 1P Connect Operator
Hey everyone, I'm trying to get a document out of 1P and into a k8s secret with the Connect Operator, version 1.8.1. I can get Login items but not Document items, even though there seems to be a discussion about this exact topic stating that Documents are supported as of version 1.3.0. Does anyone else have experience with this? --- apiVersion: onepassword.com/v1 kind: OnePasswordItem metadata: name: config-file-dot-yaml namespace: default spec: itemPath: "vaults/dev/items/config-file.yaml" This is the OnePasswordItem I have. The Document config-file.yaml is in the vault dev, and kubectl describe secret config-file-dot-yaml returns an event of "No items found with identifier 'config-file.yaml' " Is there any examples out there of getting the document? Thanks!
Can't connect to 1password from Raycast
If I don't have the 1password app open at the same time, the Raycast extension doesn't want to connect an authenticate. It either keeps on trying to Authenticate forever, or it tells me to update the app (which I have), or it tell me something about context window exceded. The cli is also up to date.
