Developer tools1Password CLI 2.32.0
- You can now use 1Password CLI to recover accounts for family or team members.
Download 1Password CLI
1Password CLI 2.32.0 is now available. 🎉
This release adds support for recovering family and team member accounts with 1Password CLI.
Subscribe to the RSS feed for 1Password CLI release notes.
1Password CLI 2.31.1
- The 1Password app integration with 1Password CLI now works again on Windows.
- A typo in the error message for ‘op user confirm’ has been fixed.
1Password CLI 2.31.0
- 1Password CLI no longer causes direnv to halt when the two are used together.
- Following the deprecation of CLI 1, the
1password/op:latestDockerHub tag will now always point to the latest version of CLI 2. - The Go version has been bumped to 1.23.8.
op vault list --filternow returns all vaults you have access to regardless of permission level, making it easier to discover and manage vaults beyond those where you have read access.op group user grantnow works correctly in MSP accounts.
1Password CLI 2.30.3
- The
OP_RUN_NO_MASKINGenvironment variable is now exposed to allow users to control the masking of theop runcommand output. - For 1Password accounts that are managed by an MSP, 1Password CLI commands involving Service Accounts, Connect, or the Events API no longer occasionally return an error.
- The
op read,op runandop injectcommands no longer query archived items. - On Windows, the CLI now checks each signature of the 1Password desktop app before connecting to it.
1Password CLI 2.30.0
- Sensitive values in the human-readable output of item management commands are now concealed by default. You can display them using the
--revealflag. - Caching is now being used for service account sessions on Mac and Linux.
- The error message when 1Password CLI can’t connect with the 1Password desktop app now includes a link to troubleshooting documentation for more help.
op whoamiwill now signal if the CLI is authenticated as a human user.- The output of
op vault listnow contains the created date and item count for each vault. - The
op item moveandop item deletecommands now also work for SSH Key items. - The
op vault revoke usercommand now doesn’t allow you to revoke permissions in a Personal, Private, or Employee vault. - When the same environment variable name exists both in the operating system environment and an environment file,
op runnow correctly sources the value from the environment file. - The Windows Authenticode signature now uses the SHA256 hashing algorithm.
1Password CLI 2.29.0
- Team members can now use 1Password CLI to create service accounts when they have the required permissions to do so.
- You can now use the
op whoamicommand with a 1Password Connect server. - Service account tokens now include device UUIDs for scalability purposes.
- The output when you create a service account can now be formatted as a json object by adding
--format jsonto the command.
1Password CLI 2.28.0
- Private vaults have been renamed Employee vaults for 1Password Business accounts.
- 1Password can now retrieve PKCS1-formatted SSH keys using
op read. - The 1Password CLI package installed for macOS now correctly displays the CLI version in the package receipt.
1Password CLI 2.27.0
op readnow outputs an error message consistent with the provided secret reference when no matching field or section is found on the item.- The output of SSH private keys now use platform-appropriate line breaks (CR vs CRLF).
- Users who have the
manage_vaultpermission in a vault can now grant and revoke access to the vault.
1Password CLI 2.26.1
- The CLI build for Darwin now builds with Go 1.21.8. The previous version was built using an older version, which was causing alerts for certain customers.
1Password CLI 2.26.0
op service-account createcommand allows you to create a new service account that you can use to automate secrets management.op service-account ratelimitcommand allows you to fetch information about service account rate limit usage.op user provisionnow clarifies that users will not be considered for billing until they accept their invitation.--expires-inflags now support days and weeks.- The
item share --expiryflag is now aliased to the standardized--expires-inflag. - We corrected a typo in the
user suspenderror message.
1Password CLI 2.25.1
- We’ve fixed an issue retrieving an SSH Key when using 1Password CLI with a Connect server.
1Password CLI 2.25.0
op vault list --permissionnow allows you to retrieve a list of vaults for which a user or group has specific permissions.- When setting a non-generated password, 1Password CLI now always correctly updates the password strength.
1Password CLI 2.24.0
- The 1Password CLI Mac installer now allows for custom location selection.
- Help text now uses present tense more consistently where actions in the present are described.
- Help text now refers to the 1Password app consistently.
- Help text now refers to Connect server instances and tokens consistently.
op group user grantandop group user revokeno longer panic when the group doesn’t exist.- Duo MFA is no longer prompted for more often than required.
1Password CLI 2.23.0
op item editnow accepts JSON input via the--templateflag.op item editnow supports piping items as JSON via stdin.- If you’re not an owner and try to add the Team Members group to a vault when the
limitedGroupVaultAccessfeature flag is turned on, 1Password CLI now returns a helpful error. - When 1Password CLI can’t connect to the 1Password desktop app, the error message now suggests restarting the app.
- We’ve improved the error message when
op item editfinds duplicate fields to more clearly format field labels that aren’t in a section. - Creating a vault with
--icon=namenow works again, using the updated icons. - The error message for
op item editwhen duplicated fields are found by label no longer prints the field’s value.
1Password CLI 2.22.0
- You can now authenticate the following CLIs using Touch ID and other unlock options with 1Password Shell Plugins. Thanks to everyone who contributed!
- Axiom CLI, contributed by @rajapri28613
- Binance CLI, contributed by @bala-ceg
- Civo CLI, contributed by @itsCheithanya
- Crowdin CLI, contributed by @JoeKarow
- HuggingFace, contributed by @bala-ceg
- InfluxDB CLI, contributed by @bala-ceg
- Flyctl CLI, contributed by @arunsathiya
- Kaggle CLI, contributed by @rajapri28613
- LocalStack CLI, contributed by @simonrw
- MongoDB Atlas CLI , contributed by @joqim
- Pipedream CLI, contributed by @rajapri28613
- Todoist CLI, contributed by @rajapri28613
- Upstash CLI, contributed by @siddhikhapare
- Vertica CLI, contributed by @parthiv11
- Yugabyte CLI, contributed by @parthiv11
- Zapier CLI, contributed by @rajapri28613
- We’ve updated help text for many commands to use simpler language.
op readhelp text now includes an example of how to use thessh-formatquery parameter to get an SSH key’s private key.op runhelp text now includes an explanation of how to use service accounts withop run.- We’ve updated error messages for
op item createto be more clear. - We’ve updated error messages when provisioning actions fail to be more clear.
op whoamifor service accounts now authenticates automatically instead of asking to authenticate the service account token.- The PostgreSQL shell plugin now supports
pgclias an alternative topsql. (Thanks, @szymon!) - The Cachix shell plugin now checks for the
~/.config/cachix/cachix.dhallfile and attempts to import an auth token using the specified file. (Thanks @dethancosta!) - The Sentry CLI shell plugin now skips authentication when you use the
--auth-tokenand--api-keyflags. (Thanks @roy9495!). - The Homebrew shell plugin now provides authentication for the
upgrade,update,installandreinstallcommands. (Thanks @cullenmcdermott!). - The Sentry shell plugin now supports
SENTRY_PROJECT&SENTRY_URL. (Thanks @JoeKarow!) - The PostgreSQL plugin now also supports the
pg_dumpandpg_restoreCLI utilities. (Thanks @JoeKarow!) - The OpenAI shell plugin now has updated documentation and management URLs. (Thanks @arunsathiya!)
- When generating the shell plugin template, you now only need to set the last word of the credential name as the default 1Password field name if the credential name is longer than seven characters. (Thanks @arunsathiya!)
- The ngrok shell plugin now specifies the correct credential length.
- The ngrok shell plugin now uses environment variables in ngrok version 3.2.1 and later. (Thanks @arunsathiya!)
- We’ve restored deprecated JSON keys for
op whoamioutput for service account for backwards-compatibility. op whoaminow throws the appropriate error if an invalid service account token is set.- When you search for an item by title and vault and the title is 26 characters long, 1Password CLI now returns the item.
op vault listnow only returns vaults you have read access to.
