Download 1Password CLI1Password CLI 2.30.3 is now available. 🎉
This release includes security improvements, bug fixes for 1Password CLI commands, and introduces enhanced configuration options.
- The
OP_RUN_NO_MASKING environment variable is now exposed to allow users to control the masking of the op run command output. #4089 - For 1Password accounts that are managed by an MSP, 1Password CLI commands involving Service Accounts, Connect, or the Events API no longer occasionally return an error. #4033
- The
op read, op run and op inject commands no longer query archived items. #3893 - On Windows, the CLI now checks each signature of the 1Password desktop app before connecting to it. #4136
- Sensitive values in the human-readable output of item management commands are now concealed by default. You can display them using the
--reveal flag. #4158 - Caching is now being used for service account sessions on Mac and Linux. #4133
- The error message when 1Password CLI can’t connect with the 1Password desktop app now includes a link to troubleshooting documentation for more help. #3933
op whoami will now signal if the CLI is authenticated as a human user. #4104- The output of
op vault list now contains the created date and item count for each vault. #4092 - The
op item move and op item delete commands now also work for SSH Key items. #3951 - The
op vault revoke user command now doesn’t allow you to revoke permissions in a Personal, Private, or Employee vault. #3844 - When the same environment variable name exists both in the operating system environment and an environment file,
op run now correctly sources the value from the environment file. #3667 - The Windows Authenticode signature now uses the SHA256 hashing algorithm. #4135
- Team members can now use 1Password CLI to create service accounts when they have the required permissions to do so.
- You can now use the
op whoami command with a 1Password Connect server. #2636 - Service account tokens now include device UUIDs for scalability purposes. #4009
- The output when you create a service account can now be formatted as a json object by adding
--format json to the command. #3996
- Private vaults have been renamed Employee vaults for 1Password Business accounts. #3810
- 1Password can now retrieve PKCS1-formatted SSH keys using
op read. #3993 - The 1Password CLI package installed for macOS now correctly displays the CLI version in the package receipt. #4027
op read now outputs an error message consistent with the provided secret reference when no matching field or section is found on the item. #3592- The output of SSH private keys now use platform-appropriate line breaks (CR vs CRLF). #3913
- Users who have the
manage_vault permission in a vault can now grant and revoke access to the vault. #3863
- The CLI build for Darwin now builds with Go 1.21.8. The previous version was built using an older version, which was causing alerts for certain customers.
op service-account create command allows you to create a new service account that you can use to automate secrets management.op service-account ratelimit command allows you to fetch information about service account rate limit usage. #3886op user provision now clarifies that users will not be considered for billing until they accept their invitation. #3965--expires-in flags now support days and weeks. #3298- The
item share --expiry flag is now aliased to the standardized --expires-in flag. #3298 - We corrected a typo in the
user suspend error message. #3298
- We’ve fixed an issue retrieving an SSH Key when using 1Password CLI with a Connect server. #3851
op vault list --permission now allows you to retrieve a list of vaults for which a user or group has specific permissions. #3879- When setting a non-generated password, 1Password CLI now always correctly updates the password strength. #3787
- The 1Password CLI Mac installer now allows for custom location selection. #3731
- Help text now uses present tense more consistently where actions in the present are described. #3768
- Help text now refers to the 1Password app consistently. #3626
- Help text now refers to Connect server instances and tokens consistently. #3476
op group user grant and op group user revoke no longer panic when the group doesn’t exist. #3859- Duo MFA is no longer prompted for more often than required. #3907
op item edit now accepts JSON input via the --template flag. #1849op item edit now supports piping items as JSON via stdin. #1849- If you’re not an owner and try to add the Team Members group to a vault when the
limitedGroupVaultAccess feature flag is turned on, 1Password CLI now returns a helpful error. #3830 - When 1Password CLI can’t connect to the 1Password desktop app, the error message now suggests restarting the app. #3835
- We’ve improved the error message when
op item edit finds duplicate fields to more clearly format field labels that aren’t in a section. #3849 - Creating a vault with
--icon=name now works again, using the updated icons. #3833 - The error message for
op item edit when duplicated fields are found by label no longer prints the field’s value. #3848
- You can now authenticate the following CLIs using Touch ID and other unlock options with 1Password Shell Plugins. Thanks to everyone who contributed!
- Axiom CLI, contributed by @rajapri28613 shell-plugins#342
- Binance CLI, contributed by @bala-ceg #shell-plugins#391
- Civo CLI, contributed by @itsCheithanya shell-plugins#296
- Crowdin CLI, contributed by @JoeKarow shell-plugins#359
- HuggingFace, contributed by @bala-ceg shell-plugins#393
- InfluxDB CLI, contributed by @bala-ceg shell-plugins#392
- Flyctl CLI, contributed by @arunsathiya shell-plugins#141
- Kaggle CLI, contributed by @rajapri28613 shell-plugins#341
- LocalStack CLI, contributed by @simonrw shell-plugins#371
- MongoDB Atlas CLI , contributed by @joqim shell-plugins#198
- Pipedream CLI, contributed by @rajapri28613 shell-plugins#338
- Todoist CLI, contributed by @rajapri28613 shell-plugins#340
- Upstash CLI, contributed by @siddhikhapare shell-plugins#316
- Vertica CLI, contributed by @parthiv11 shell-plugins#327
- Yugabyte CLI, contributed by @parthiv11 shell-plugins#322
- Zapier CLI, contributed by @rajapri28613 shell-plugins#337
- We’ve updated help text for many commands to use simpler language. #3676 #3768
op read help text now includes an example of how to use the ssh-format query parameter to get an SSH key’s private key. #3795op run help text now includes an explanation of how to use service accounts with op run. #3804- We’ve updated error messages for
op item create to be more clear. #3766 - We’ve updated error messages when provisioning actions fail to be more clear. #3263
op whoami for service accounts now authenticates automatically instead of asking to authenticate the service account token. #3744- The PostgreSQL shell plugin now supports
pgcli as an alternative to psql. (Thanks, @szymon!) shell-plugins#384 - The Cachix shell plugin now checks for the
~/.config/cachix/cachix.dhall file and attempts to import an auth token using the specified file. (Thanks @dethancosta!) shell-plugins#373 - The Sentry CLI shell plugin now skips authentication when you use the
--auth-token and --api-key flags. (Thanks @roy9495!). shell-plugins#370 - The Homebrew shell plugin now provides authentication for the
upgrade, update, install and reinstall commands. (Thanks @cullenmcdermott!). shell-plugins#369 - The Sentry shell plugin now supports
SENTRY_PROJECT & SENTRY_URL. (Thanks @JoeKarow!) shell-plugins#363 - The PostgreSQL plugin now also supports the
pg_dump and pg_restore CLI utilities. (Thanks @JoeKarow!) shell-plugins#353 - The OpenAI shell plugin now has updated documentation and management URLs. (Thanks @arunsathiya!) shell-plugins#351
- When generating the shell plugin template, you now only need to set the last word of the credential name as the default 1Password field name if the credential name is longer than seven characters. (Thanks @arunsathiya!) shell-plugins#263
- The ngrok shell plugin now specifies the correct credential length. shell-plugins#250
- The ngrok shell plugin now uses environment variables in ngrok version 3.2.1 and later. (Thanks @arunsathiya!) shell-plugins#222
- We’ve restored deprecated JSON keys for
op whoami output for service account for backwards-compatibility. #3754 op whoami now throws the appropriate error if an invalid service account token is set. #3744- When you search for an item by title and vault and the title is 26 characters long, 1Password CLI now returns the item. #3751
op vault list now only returns vaults you have read access to. #3688
Developer tools
