Interacting with 1Password CLI

jonlin · September 22, 2020, 7:25pm

I am attempting to implement R interactivity with the 1Password CLI (https://support.1password.com/command-line-getting-started/). My short term objective is just trying to initialize and store an initial token that is generated by 1Password, so I can pull passwords from the vault down the line.

In the Windows Command prompt and also the RStudio Terminal, I am able to interact with the CLI. This is because I can interactively enter in the Secret Key and also Password when prompted:

> op signin <DOMAIN>.1password.com <email-address> --raw
Enter the Secret Key for <EMAIL> at <DOMAIN>.1password.com: (interactive entry)
Enter the password for <EMAIL> at <DOMAIN>.1password.com: (interactive entry)
abcdefghijklmnopqrstuvwxyz1234567890 (SESSION TOKEN TO BE SAVED)

However, I am struggling on how to do this in R. My initial approach has been trying to chain shell() or system() commands, but I can't quite seem to figure out how to do it within R.

This first example doesn't allow me to respond to the additional prompts - it automatically fails:

> system('op signin <DOMAIN>.1password.com <EMAIL>', intern = TRUE, invisible=FALSE, wait=FALSE)
[1] "Enter the Secret Key for <EMAIL> at <DOMAIN>.1password.com: [ERROR] invalid account key format length 0"
> shell('op signin <DOMAIN>.1password.com <EMAIL>')
Enter the Secret Key for <EMAIL> at <DOMAIN>.1password.com: [ERROR] invalid account key format length 0

Any form of chaining (whether using &, &&, ;) doesn't seem to allow additional responses after the initial command either. As an example:

> shell('op signin <DOMAIN>.1password.com <EMAIL> && <SECRET KEY>')
Enter the Secret Key for <EMAIL> at <DOMAIN>.1password.com: [ERROR] invalid account key format length 0

Does anyone have any suggestions on how to get R to respond to this interaction?

AlexisW · September 23, 2020, 1:19pm

Did you try this form:

op signin <sign_in_address> <email_address> <secret_key>

i.e. same as your last one but without &&.

jonlin · September 23, 2020, 2:11pm

Thanks Alexis. So yes, I can specify the secret key in the initial command:

shell('op signin <DOMAIN>.1password.com <EMAIL> <SECRET KEY>')

However, then it will ask for the password via interactive entry, so I think I'm at the same potential hurdle. So even if I do something like:

shell('op signin <EMAIL> <SECRET KEY> --raw && <PASSWORD>')
Enter the password for <EMAIL> at <SECRET KEY>: [ERROR] The handle is invalid.

It doesn't seem to pass the along. I guess what is interesting is that if I attempt entering the SECRET KEY first and then passing a blank password in the interactive command prompt/shell, I get a '401 unauthorized'

AlexisW · September 23, 2020, 2:25pm

Oh I missed the password part. You can try this:

system2("op signin <EMAIL> <SECRET KEY> --raw", input = "<PASSWORD>")

jonlin · September 23, 2020, 3:09pm

@AlexisW that led me close to the solution, that is fantastic. Thank you very much.

I had to modify the approach suggested to move each argument into a character vector of args, but that worked very well:

system2('op', args = c('signin', R_DOMAIN, R_EMAIL, R_SECRET_KEY, '--raw'), input = R_PASSWORD, stdout = TRUE)

Specifically to 1Password, you have to generate and save two items to the system environment before being able to effectively use it.

When you run it for the very first time, you have to set an environment variable to OP_DEVICE=xxxx. This will be generated when you attempt to run the above for the first time.
Once do you do that, and rerun the same master key command, you'll get a session token. This needs to be saved in the system environment as OP_SESSION_subdomain.

system · September 30, 2020, 3:10pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.

If you have a query related to it or one of the replies, start a new topic and refer back with a link.