1Password : Scripting using 1Password CLI


This will be done with done with he Linux variety and requires shell access, the requirement here to create some vaults and groups in preparation for a migration from the USA to the EU.

Get the 1Password CLI 

First we need to get the 1password CLI which can be done with this command, if you get an error about permission then you can use the "su -" to get root access if you know that password.

sudo -s \
curl -sS https://downloads.1password.com/linux/keys/1password.asc | \
gpg --dearmor --output /usr/share/keyrings/1password-archive-keyring.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/1password-archive-keyring.gpg] https://downloads.1password.com/linux/debian/$(dpkg --print-architecture) stable main" |
tee /etc/apt/sources.list.d/1password.list
mkdir -p /etc/debsig/policies/AC2D62742012EA22/
curl -sS https://downloads.1password.com/linux/debian/debsig/1password.pol | \
tee /etc/debsig/policies/AC2D62742012EA22/1password.pol
mkdir -p /usr/share/debsig/keyrings/AC2D62742012EA22
curl -sS https://downloads.1password.com/linux/keys/1password.asc | \
gpg --dearmor --output /usr/share/debsig/keyrings/AC2D62742012EA22/debsig.gpg
apt update && apt install 1password-cli

Check the install

Run this command to check the install:

op --version

That should return the current version like this:


Connect to Vault Service

Run this command to attempt to get the vaults in your subscription:

op vault list

This will then tell you about the prerequisites and then ask if you would like to connect like this:


When you enter "y" to this option you then need to sign in as you normally would, which will require your website, e-mail, secret, key, password and MFA code as you can see below:


If this is entered correctly you should then find the process will complete without errors, excellent let move on.

Login to 1Password CLI 

Now you have connected you now need to sign in with those details for that use this command:

eval $(op signin)

You should now be logged into the vault if you then run this command:

op vault list 

You should see your vaults just like this:


Scripting the creation of Vaults

Now we need to script the creation the vaults we require for the move, so now we are connected we need a text file with a list of names of the vaults call that vaults.txt (this needs to contain the name of the vaults one per line)

Once you have vaults.txt then you need save that on the Linux server, then you need the script to import the Vaults from this file, where the script will read the file and then create the vaults as per the script.

I have called the script Vaults.sh and this is the script below:

#!/bin/bash

# Check if the vaults.txt file exists
if [[ ! -f vaults.txt ]]; then
  echo "vaults.txt file not found!"
  exit 1
fi

# Loop through each line in the vaults.txt file
while IFS= read -r vault_name; do
  # Check if the vault name is not empty
  if [[ -n "$vault_name" ]]; then
    echo "Creating vault: $vault_name"
    creation_output=$(op vault create "$vault_name" 2>&1)
    creation_status=$?

    # Output the command's result for debugging
    echo "$creation_output"

    # Check if the vault creation was successful
    if [[ $creation_status -ne 0 ]]; then
      echo "Failed to create vault: $vault_name"
    else
      echo "Successfully created vault: $vault_name"
    fi
  else
    echo "Empty vault name encountered, skipping..."
  fi
done < vaults.txt

You will need to make the script executable and readable so for that you will need to run this command:

chmod u+r+x Vaults.sh

Then from the shell you can run:

./Vaults.sh

That should then create your vaults as per the vaults.txt file.


You have now created all your vaults, lets move on to the groups.

Scripting the creation of Groups

Now we need to script the creation the groups we require for the move, so now we are connected we need a text file with a list of names of the groups call that groups.txt (this needs to contain the name of the vaults one per line)

Once you have vaults.txt then you need save that on the Linux server, then you need the script to import the groups from this file, where the script will read the file and then create the groups as per the script.

I have called the script Groups.sh and this is the script below:

#!/bin/bash

# Check if the groups.txt file exists
if [[ ! -f groups.txt ]]; then
  echo "groups.txt file not found!"
  exit 1
fi

# Loop through each line in the groups.txt file
while IFS= read -r group_name; do
  # Check if the group name is not empty
  if [[ -n "$group_name" ]]; then
    echo "Creating group: $group_name"
    creation_output=$(op group create "$group_name" 2>&1)
    creation_status=$?

    # Output the command's result for debugging
    echo "$creation_output"

    # Check if the group creation was successful
    if [[ $creation_status -ne 0 ]]; then
      echo "Failed to create group: $group_name"
    else
      echo "Successfully created group: $group_name"
    fi
  else
    echo "Empty group name encountered, skipping..."
  fi
done < groups.txt

You will need to make the script executable and readable so for that you will need to run this command:

chmod u+r+x Groups.sh

Then from the shell you can run:

./Groups.sh

That should then create your vaults as per the vaults.txt file.




You have now created all the groups as well.

Previous Post Next Post

نموذج الاتصال