Getting your secret password from 1Password in a script
A few weeks ago, I need to create a script that required one of my password.
I didn't want to hardcode my password in the script and decided to use one super nice functionality from 1Password : access secrets stored in vaults using 1Password CLI, via the op
command.
Steps
- First, you'll need to install 1Password CLI that will give you the ability to talk to 1Password right from your scripts.
- Then, open the 1Password application, go to the item where your secret is stored. For instance, here I needed my Gmail password. [1]
- Once copied, go to you script and get the secret using the
op
command.
gmail_pass=$(op read "<PASTE THE SECRET REFERENCE HERE>")
- Use that secret in your script.
Now, when you'll run your script, 1Password will ask you to identify and will give access to the secret to your script.
This as a couple of advantages.
The obvious one is that you don't need to hardcode sensitive information in your scripts.
Secondly, that means its easier to rotate password because you don't need to edit your scripts when you change your password, and you can do this easily even if your in a team setup.
A nice little trick!
This is clearly an unusual post in this blog, as I mostly talk about software architecture and testing, as it's the main part of my day job. By the way, if you need some help on these subjects, let’s chat!
Actually, you can't really use your Gmail password for scripts but will need an application password. ↩︎