1Password CLI

by Simon
Updated to 2.29.0 on
Developer tools
Download 1Password CLI

1Password CLI 2.29.0 is now available. 🎉

This release adds support for administrators and owners to allow any team member to create service accounts with 1Password CLI. It also includes other improvements to service accounts and Connect.


What's new

1Password CLI 2.22.0
  • You can now authenticate the following CLIs using Touch ID and other unlock options with 1Password Shell Plugins. Thanks to everyone who contributed!
  • We’ve updated help text for many commands to use simpler language. #3676, #3768
  • op read help text now includes an example of how to use the ssh-format query parameter to get an SSH key’s private key. #3795
  • op run help text now includes an explanation of how to use service accounts with op run. #3804
  • We’ve updated error messages for op item create to be more clear. #3766
  • We’ve updated error messages when provisioning actions fail to be more clear. #3263
  • op whoami for service accounts now authenticates automatically instead of asking to authenticate the service account token. #3744
  • The PostgreSQL shell plugin now supports pgcli as an alternative to psql. (Thanks, @szymon!) shell-plugins#384
  • The Cachix shell plugin now checks for the ~/.config/cachix/cachix.dhall file and attempts to import an auth token using the specified file. (Thanks @dethancosta!) shell-plugins#373
  • The Sentry CLI shell plugin now skips authentication when you use the --auth-token and --api-key flags. (Thanks @roy9495!). shell-plugins#370
  • The Homebrew shell plugin now provides authentication for the upgrade, update, install and reinstall commands. (Thanks @cullenmcdermott!). shell-plugins#369
  • The Sentry shell plugin now supports SENTRY_PROJECT & SENTRY_URL. (Thanks @JoeKarow!) shell-plugins#363
  • The PostgreSQL plugin now also supports the pg_dump and pg_restore CLI utilities. (Thanks @JoeKarow!) shell-plugins#353
  • The OpenAI shell plugin now has updated documentation and management URLs. (Thanks @arunsathiya!) shell-plugins#351
  • When generating the shell plugin template, you now only need to set the last word of the credential name as the default 1Password field name if the credential name is longer than seven characters. (Thanks @arunsathiya!) shell-plugins#263
  • The ngrok shell plugin now specifies the correct credential length. shell-plugins#250
  • The ngrok shell plugin now uses environment variables in ngrok version 3.2.1 and later. (Thanks @arunsathiya!) shell-plugins#222
  • We’ve restored deprecated JSON keys for op whoami output for service account for backwards-compatibility. #3754
  • op whoami now throws the appropriate error if an invalid service account token is set. #3744
  • When you search for an item by title and vault and the title is 26 characters long, 1Password CLI now returns the item. #3751
  • op vault list now only returns vaults you have read access to. #3688
1Password CLI 2.23.0
  • op item edit now accepts JSON input via the --template flag. #1849
  • op item edit now supports piping items as JSON via stdin. #1849
  • If you’re not an owner and try to add the Team Members group to a vault when the limitedGroupVaultAccess feature flag is turned on, 1Password CLI now returns a helpful error. #3830
  • When 1Password CLI can’t connect to the 1Password desktop app, the error message now suggests restarting the app. #3835
  • We’ve improved the error message when op item edit finds duplicate fields to more clearly format field labels that aren’t in a section. #3849
  • Creating a vault with --icon=name now works again, using the updated icons. #3833
  • The error message for op item edit when duplicated fields are found by label no longer prints the field’s value. #3848
1Password CLI 2.24.0
  • The 1Password CLI Mac installer now allows for custom location selection. #3731
  • Help text now uses present tense more consistently where actions in the present are described. #3768
  • Help text now refers to the 1Password app consistently. #3626
  • Help text now refers to Connect server instances and tokens consistently. #3476
  • op group user grant and op group user revoke no longer panic when the group doesn’t exist. #3859
  • Duo MFA is no longer prompted for more often than required. #3907
1Password CLI 2.25.0
  • op vault list --permission now allows you to retrieve a list of vaults for which a user or group has specific permissions. #3879
  • When setting a non-generated password, 1Password CLI now always correctly updates the password strength. #3787
1Password CLI 2.26.0
  • op service-account create command allows you to create a new service account that you can use to automate secrets management.
  • op service-account ratelimit command allows you to fetch information about service account rate limit usage. #3886
  • op user provision now clarifies that users will not be considered for billing until they accept their invitation. #3965
  • --expires-in flags now support days and weeks. #3298
  • The item share --expiry flag is now aliased to the standardized --expires-in flag. #3298
  • We corrected a typo in the user suspend error message. #3298
1Password CLI 2.26.1
  • The CLI build for Darwin now builds with Go 1.21.8. The previous version was built using an older version, which was causing alerts for certain customers.
1Password CLI 2.27.0
  • op read now outputs an error message consistent with the provided secret reference when no matching field or section is found on the item. #3592
  • The output of SSH private keys now use platform-appropriate line breaks (CR vs CRLF). #3913
  • Users who have the manage_vault permission in a vault can now grant and revoke access to the vault. #3863
1Password CLI 2.28.0
  • Private vaults have been renamed Employee vaults for 1Password Business accounts. #3810
  • 1Password can now retrieve PKCS1-formatted SSH keys using op read. #3993
  • The 1Password CLI package installed for macOS now correctly displays the CLI version in the package receipt. #4027
1Password CLI 2.29.0
  • Team members can now use 1Password CLI to create service accounts when they have the required permissions to do so.
  • You can now use the op whoami command with a 1Password Connect server. #2636
  • Service account tokens now include device UUIDs for scalability purposes. #4009
  • The output when you create a service account can now be formatted as a json object by adding --format json to the command. #3996