Set up the command-line tool
To install the 1Password command-line tool:
Download the tool for your platform and architecture. You can verify the
op
binary with GnuPG using the .sig file included in the download:gpg --receive-keys 3FEF9748469ADBE15DA7CA80AC2D62742012EA22 gpg --verify op.sig op
Move
op
to/usr/local/bin
, or another directory in your $PATH.To verify the installation, check the version number:
op --version
Get started with the command-line tool
The first time you use the 1Password command-line tool, you’ll need to enter your sign-in address and email address:
op signin example.1password.com wendy_appleseed@example.com
Then enter your Secret Key and Master Password.
After you sign in the first time, you can sign in again using only the subdomain for your account. op signin
will prompt you for your Master Password and output a command that can save your session token to an environment variable:
$ op signin example
Please enter your password for user wendy_appleseed@example.com at example.1password.com:
export OP_SESSION_example="XLC6cHkeSHByBqrikXt36fdMVLLdHuoACNFUrNMuRXQ"
To set the environment variable, run the export
command manually, or use eval
to set it automatically:
eval $(op signin example)
Now that you have a session token, you can start using the tool. For example, to show all the items in your account:
op list items
Session tokens expire after 30 minutes of inactivity, after which you’ll need to sign in again.
Learn more
You can use the tool to work with users, vaults, and items. For example, here’s how to upload a document to your Private vault:
op create document readme.txt --vault=Private
To see a list of all the items in your Shared vault:
op list items --vault=Shared
The output will show the UUIDs of the items. To get the details of an item:
op get item WestJet
You can use names or UUIDs in commands that take any user, vault, or item as an argument. Use UUIDs because they’ll never change, so you can be sure you’re always referring to the same object. It’s also faster and more efficient.
op get item nqikpd2bdjae3lmizdajy2rf6e
Parse and manipulate JSON output with jq
Every op
command outputs in one of two formats: a simple string, like a UUID, or JSON. To parse and manipulate JSON output, we recommend the command-line tool jq.
To use jq to parse a Login item called “WestJet” and retrieve the password:
op get item WestJet | jq '.details.fields[] | select(.designation=="password").value'
To use jq to manipulate a Login item template, set the first field value to “my secret”, and save the item in your Private vault:
#!/bin/bash
D=$(op get template login | jq -c '.fields[1].value = "my secret"' | op encode)
op create item login $D --title="My New Item"
Get help
To check for updates to the 1Password command-line tool:
op update
If a newer version is available, a link to download the latest version is returned.
You can see a list of all commands with op --help
, or learn about a specific command with op <command> --help
.