https://1password.com/downloads/command-line/
I am trying it out, and hope it will be as useful for cases like using the Google Cloud CLI's secrets command to retrieve secrets in automated scripts, like "gcloud secrets versions access latest --secret=wildcard_foo_com_pem".
https://support.1password.com/command-line-getting-started/
I've followed the installation and authentication instructions, and ran "op signin my.1password.com foo@bar.com", entered my account's secret key, my account's password, then it prompted for "Enter your six-digit authentication code:". But I didn't receive any text messages with authentication codes on my phone.
So now I am stuck. I don't have 2FA set up on my 1password account, apparently. Do I need to do that in order to use "op", and how do I do that?
More importantly, when I write a script that authenticates using the "op" command line utility, how can it accomplish the two-factor authentication step without me being present behind the keyboard and entering a response manually? And is there a better way to write a script that authenticates somehow without using my literal secret key and password and 2fa code?
This seems to be an open issue since at least March 2019. Has it been fixed yet, or is a fix planned? Should I just give up trying to use "op" to write automated unattended scripts, the way I use "gcloud secrets"?
https://1password.community/discussion/97138/cli-always-requ...
>CLI always requires authentication code
>I am using the op CLI and I also have two-factor authentication enabled. Every time I authenticate to op, it asks for the authentication code. This gets annoying quickly and does not help in my quest to automate CLI signin.
>$ op signin YYY
>Enter the password for XXX at YYY.1password.com:
>Enter your six-digit authentication code:
>Is there a way to convince op that it is running on the same host similar to the way the 1password application and browser extensions do?
>Reply:
>@razorsedge unfortunately the CLI has something of an "incomplete" implementation of 2FA, only in that it does not persist the 2FA secret after the first authentication. All the other apps persist this secret, allowing them to do 2FA "silently" in the background, but that has not yet been implemented on the CLI. It's something we look to do in the future, but I can't give a timeline on when it will be available.
>[...]
https://github.com/dcreemer/1pass/issues/17
>Support TFA for 1password accounts #17
>I have TFA enabled for my 1password account. Unfortunately, 1pass can't handle this and instead of letting me input the token, the TFA prompt instantly returns and fails.
>signing in to xxx.1password.com alpipego@xxx.com
>Enter your six-digit authentication code: [LOG] 2019/03/17 12:53:25 (ERROR) Incorrect One-Time Password length. Expected 6.
>1pass failed to signin to xxx.1password.com
>It'd be great if TFA support could be added.
