Developer Resources

1Password CLI: Getting started

Learn how to set up and use 1Password from the command line.

Set up 1Password CLI

To install the 1Password command-line tool:

  1. Download 1Password CLI for your platform and architecture.

  2. Move op to /usr/local/bin, or another directory in your $PATH.

  3. To verify the installation, check the version number:

     op --version
    

To install the 1Password command-line tool:

  1. Download 1Password CLI for your platform and architecture.

    • To verify its authenticity, use GnuPG and the .sig file included in the download:

        gpg --receive-keys 3FEF9748469ADBE15DA7CA80AC2D62742012EA22
        gpg --verify op.exe.sig op.exe
      
  2. Create a directory C:\Program Files\1Password CLI and copy op.exe to it.

  3. Add C:\Program Files\1Password CLI to your %PATH%.

  4. To verify the installation, check the version number:

     op --version
    

To install the 1Password command-line tool:

  1. Download 1Password CLI for your platform and architecture.

    • To verify its authenticity, use GnuPG and the .sig file included in the download:

        gpg --receive-keys 3FEF9748469ADBE15DA7CA80AC2D62742012EA22
        gpg --verify op.sig op
      
  2. Move op to /usr/local/bin, or another directory in your $PATH.

  3. To verify the installation, check the version number:

     op --version
    

Get started with 1Password CLI

The first time you use 1Password CLI, you’ll need to enter your sign-in address and email address:

op signin example.1password.com wendy_appleseed@example.com

Then enter your Secret Key and 1Password account password.

After you sign in the first time, you can sign in again using your account shorthand, which is your sign-in address subdomain. op signin will prompt you for your account password and output a command that can save your session token to an environment variable:

op signin example

Enter the password for user wendy_appleseed@example.com at example.1password.com:
export OP_SESSION_example="XLC6cHkeSHByBqrikXt36fdMVLLdHuoACNFUrNMuRXQ"

Hyphens (-) in a subdomain will be changed to an underscore (_).

To set the environment variable, run the export command manually, or use eval (Mac, Linux) or Invoke-Expression (Windows) to set it automatically.

On Mac and Linux:

eval $(op signin example)

On Windows:

Invoke-Expression $(op signin example)

Now that you have a session token, you can start using 1Password CLI. For example, to show all the items in your account:

op list items

Session tokens expire after 30 minutes of inactivity, after which you’ll need to sign in again.

Learn more

You can use 1Password CLI to work with users, vaults, and items. For example, here’s how to upload a document to your Private vault:

op create document readme.txt --vault Private

To see a list of all the items in your Shared vault:

op list items --vault Shared

The output will show the UUIDs of the items. To get the details of an item:

op get item WestJet

You can use names or UUIDs in commands that take any user, vault, or item as an argument. Use UUIDs because they’ll never change, so you can be sure you’re always referring to the same object. It’s also faster and more efficient.

op get item nqikpd2bdjae3lmizdajy2rf6e

You can get details of just the fields you want. For one field, 1Password CLI returns a simple string:

op get item nqikpd2bdjae3lmizdajy2rf6e --fields password
5ra3jOwnUsXVjx5GL@FX2d7iZClrrQDc

For multiple fields, specify them in a comma-separated list. 1Password CLI returns a JSON object:

op get item nqikpd2bdjae3lmizdajy2rf6e --fields username,password
{"username": "wendy_appleseed", "password": "5ra3jOwnUsXVjx5GL@FX2d7iZClrrQDc"}

Parse and manipulate JSON output with jq

Every op command outputs in one of two formats: a simple string, like a UUID, or JSON. To parse and manipulate JSON output, we recommend the command-line tool jq.

To use jq to parse a Login item called “WestJet” and retrieve the password:

op get item WestJet | jq '.details.fields[] | select(.designation=="password").value'

To use jq to manipulate a Login item template, set the username value to “wendy”, and save the item in your Private vault:

On Mac and Linux:

umask 077   # Prevent others from reading your template file

op get template login | \
  jq '(.fields[] | select(.designation == "username")).value = "wendy"' > login.json
op create item login --template login.json --title "My New Item"
rm login.json

On Windows:

cd "$HOME"   # Prevent others from reading your template file

op get template login | \
  jq '(.fields[] | select(.designation == "username")).value = "wendy"' > login.json
op create item login --template login.json --title "My New Item"
rm login.json

Learn more about jq.

Get help

To check for updates to 1Password CLI:

op update

If a newer version is available, 1Password CLI can download it for you.

You can see a list of all commands with op --help, or learn about a specific command with op <command> --help.

Learn how to use 1Password CLI.

Still need help?

If this article didn't answer your question, contact 1Password Support.

Published: