Adding/Sign-in to a 1Password account via bash script

133 views
Skip to first unread message

skp15

unread,
Nov 28, 2022, 10:10:10 PM11/28/22
to rundeck-discuss

I am trying to add a 1Password account through a bash script to do further operations but `op account add` doesn't have --password flag as an option.

Reference - https://developer.1password.com/docs/cli/sign-in-manually

I get this error: Enter the password for ..... at ***.1password.com: [ERROR] 2022/11/29 02:53:01 inappropriate ioctl for device

How do I specify the password so that there's no intervention from `op account add` command to prompt for the password?

rac...@rundeck.com

unread,
Nov 29, 2022, 6:34:10 AM11/29/22
to rundeck-discuss
Hi, a good way to do that is to "wrap" the command using expect in your script. Take a look at this.

Hope it helps!

skp15

unread,
Dec 5, 2022, 7:43:24 PM12/5/22
to rundeck-discuss
What does `send -- "user\r"` do?

How do I pass the password to this command?

skp15

unread,
Dec 5, 2022, 7:48:50 PM12/5/22
to rundeck-discuss
I am using a simple bash script and I would like to securely pass the password and a key for adding and signing in to the 1Password vault.

rac...@rundeck.com

unread,
Dec 6, 2022, 7:12:11 AM12/6/22
to rundeck-discuss

Hi,

The expect script must call your bash script and then pass the password (directly or using a option/secure option), let me share an example:

Your Script (stored in your file system):

#!/bin/bash
echo "please type your password:"
read password
echo "the password is: $password"

The Expect Script (defined as inline script in this example):

spawn /path/to/your/simple/bash/script.sh
expect "please type your password:\r"
send -- "1234\r"
expect eof

Let’s do that using a Rundeck job using an option to pass the password:

- defaultTab: nodes
  description: ''
  executionEnabled: true
  id: 33258b42-89fc-4c43-a4c4-041316e6aa23
  loglevel: INFO
  name: HelloWorld
  nodeFilterEditable: false
  options:
  - name: password
    required: true
  plugins:
    ExecutionLifecycle: null
  scheduleEnabled: true
  sequence:
    commands:
    - interpreterArgsQuoted: false
      script: |-
        spawn /path/to/your/simple/bash/script.sh
        expect "please type your password:\r"
        send -- "1234\r"
        expect eof
      scriptInterpreter: /usr/bin/expect
    keepgoing: false
    strategy: node-first
  uuid: 33258b42-89fc-4c43-a4c4-041316e6aa23

You can see an amazing explanation here.

Greetings.

rac...@rundeck.com

unread,
Dec 6, 2022, 7:15:01 AM12/6/22
to rundeck-discuss

This is the right example job definition, the previous one passes “1234” string, my bad:

- defaultTab: nodes
  description: ''
  executionEnabled: true
  id: 33258b42-89fc-4c43-a4c4-041316e6aa23
  loglevel: INFO
  name: HelloWorld
  nodeFilterEditable: false
  options:
  - name: password
    required: true
  plugins:
    ExecutionLifecycle: null
  scheduleEnabled: true
  sequence:
    commands:
    - interpreterArgsQuoted: false
      script: |-
        spawn /path/to/your/simple/bash/script.sh
        expect "please type your password:\r"
        send -- "@option.password@\r"
        expect eof
      scriptInterpreter: /usr/bin/expect
    keepgoing: false
    strategy: node-first
  uuid: 33258b42-89fc-4c43-a4c4-041316e6aa23

Regards!

Reply all
Reply to author
Forward
0 new messages