Developer Resources

1Password command-line tool: Full documentation

A complete list of every command and option in the 1Password command-line tool.


If you’re new to the command-line tool, learn how to set it up and get started.

Sign in or out

To sign in and get a session token:

op signin <signinaddress> <emailaddress> <secretkey> [--output=raw]

After you sign in the first time, you can sign in again using only the subdomain for your account:

op signin <subdomain>

Sessions automatically expire after 30 minutes of inactivity. To manually sign out:

op signout

See also Appendix: Session management.

List objects and events

To list objects:

op list (groups | users | vaults | templates | items | documents) [--vault=<vault>]

If a vault is given, the items or documents in that vault are listed; otherwise, the items or documents in all vaults are listed.

To list 100 events from the Activity Log:

op list events <eventID> (older | newer)

You can choose to get the older or newer events starting from the event ID given. If the event ID is 0, the 100 most recent events are listed.

Manage objects

Get details

To get details about an object:

op get (account | group | vault | item | totp) [<object>] [--vault=<vault>] [--include-trash]

To get details about a user:

op get user <user> [--publickey] [--fingerprint]

If you specify --publickey or --fingerprint the user’s public key or public key fingerprint is returned instead of other details.

If you specify --include-trash, items in the Trash will also be returned.

To get the UUID of an object, search by name, email address, or domain. See also Appendix: Specifying objects.

Create an item

  1. Get the template for the category of item you want to create. See Appendix: Categories for a list of categories.

    op get template <category>
  2. Edit the JSON template with the values for the item.

  3. Encode the JSON for your item:

    echo <itemJSON> | op encode
  4. Save the item:

    op create item <category> <encodeditem> [--title=<title>] [--url=<url>] [--vault=<vault>] [--tags=<tags>]

When you create an item, its UUID is returned.

Delete an item

To move an item to the Trash:

op delete item <item> [--vault=<vault>]

See also Appendix: Specifying objects.

Create or remove a vault

To create a vault:

op create vault <name>

When you create a vault, its UUID is returned.

To remove a vault:

op delete vault <vault>

See also Appendix: Specifying objects.

Edit users and groups

To edit the first and last name of a user:

op edit user <user> [--firstname=<firstname>] [--lastname=<lastname>]

To edit the name or description of a group:

op edit group <group> [--name=<name>] [--description=<description>]

Work with documents

To create a document:

op create document <filename> [--title=<title>] [--vault=<vault>] [--tags=<tags>]

When you create a document, its UUID is returned.

To download a document and save it to a file:

op get document <document> [--vault=<vault>] > <filename>

See also Appendix: Specifying objects.

Manage access

Create or remove a group

To create a group:

op create group <name>

When you create a group, its UUID is returned.

To remove a group:

op delete group <group>

See also Appendix: Specifying objects.

Manage individual access

To grant a user access to a vault or group:

op add <user> [<vault> | <group>]

To revoke a user’s access to a vault or group:

op remove <user> [<vault> | <group>]

See also Appendix: Specifying objects.

Suspend or reactivate a user

To suspend or reactivate a user:

op (suspend | reactivate) <user>

See also Appendix: Specifying objects.

Remove a user

To completely remove a user:

op delete user <user>

See also Appendix: Specifying objects.

Appendix: Checking for updates

To check for updates to the 1Password command-line tool:

op update

If a newer version is available, a link to download the latest version is returned.

Appendix: Specifying objects

Every object can be specified by UUID or name. Users and items can also be specified by email address and domain, respectively.

Object UUID Name Email address Domain

Appendix: Categories

  • Login
  • Secure Note
  • Credit Card
  • Identity
  • Bank Account
  • Database
  • Driver License
  • Email Account
  • Membership
  • Outdoor License
  • Passport
  • Reward Program
  • Server
  • Social Security Number
  • Software License
  • Wireless Router

Appendix: Session management

op signin will prompt you for your Master Password and output a command that can save your session token to an environment variable:

$ op signin <subdomain>


To set the environment variable, run the export command manually, or use eval to set it automatically:

eval $(op signin <subdomain>)

You can sign in to multiple accounts this way. Commands that you run will use the account you signed in to most recently. To run a command using a specific account, use --account=<subdomain>:

op list items --account=<subdomain>

You can also pass the session token using standard input (stdin). Use --output=raw to output only the session token, which can be piped into any other command:

$ op signin <subdomain> --output=raw


$ op signin <subdomain> --output=raw | op list items

To pass a session token as a command-line flag, use --session=<sessiontoken> with any command:

op list items --session=<sessiontoken>