Getting your secret password from 1Password in a script
A few weeks ago, I need to create a script that required one of my password.
I didn’t want to hardcode my password in the script and decided to use one super nice functionality from 1Password : access secrets stored in vaults using 1Password CLI, via the op command.
Steps
- First, you’ll need to install 1Password CLI that will give you the ability to talk to 1Password right from your scripts.
- Then, open the 1Password application, go to the item where your secret is stored. For instance, here I needed my Gmail password. [1]
- Once copied, go to you script and get the secret using the
opcommand.
gmail_pass=$(op read "<PASTE THE SECRET REFERENCE HERE>")- Use that secret in your script.
Now, when you’ll run your script, 1Password will ask you to identify and will give access to the secret to your script.
This as a couple of advantages.
The obvious one is that you don’t need to hardcode sensitive information in your scripts.
Secondly, that means its easier to rotate password because you don’t need to edit your scripts when you change your password, and you can do this easily even if your in a team setup.
A nice little trick!
Actually, you can’t really use your Gmail password for scripts but will need an application password. ↩︎
- Improve your automated testing : You will learn how to fix your tests and make them pass from things that slow you down to things that save you time. This is a self-paced video course in French.
- Helping your teams: I help software teams deliver better software sooner. We'll work on technical issues with code, test or architecture, or the process and organization depending on your needs. Book a free call where we'll discuss how things are going on your side and how I can help you.
- Deliver a talk in your organization: I have a few talks that I enjoy presenting, and I can share with your organization(meetup, conference, company, BBL). If you feel that we could work on a new topic together, let's discuss that.
