A python API to query a 1Password account using the 'op' command-line tool
Project description
PYONEPASSWORD
Description
A Python API to sign into and query a 1Password account using the op
command.
Requirements
- Python >= 3.7
- 1Password command-line tool
- Internet connectivity to 1Password.com
- The
op
command queries your online account, not your local vault
- The
Example usage
Intitial sign-in
import getpass
from pyonepassword.pyonepassword import (
OP,
OPSigninException
)
def do_initial_signin():
my_signin_address = "my-1p-account.1password.com"
my_email_address = "my-1p-email@email.com"
# an abitrary nickname for this account on this device:
my_account_shorthand = "something_easy"
my_secret_key = getpass.getpass(prompt="1Password secret key:\n")
my_password = getpass.getpass(prompt="1Password master password:\n")
try:
op = OP(my_account_shorthand,
signin_address=my_signin_address,
email_address=my_email_address,
secret_key=my_secret_key,
password=my_password)
except OPSigninException as ope:
print("1Password initial signin failed: {}".format(ope))
print(ope.err_output)
exit(1)
print("1Password is signed in and ready for lookups")
return op
if __name__ == "__main__":
op = do_initial_signin()
# op is ready to use and call lookup() on
print("Signed in.")
$ python3 ./example.py
1Password secret key:
1Password master password:
Performing initial 1Password sign-in to my-1p-account.1password.com as my-1p-email@email.com
Signed in.
Subsequent sign-in and item retrieval
import getpass
from pyonepassword import (
OP,
OPSigninException
)
def do_signin():
# If you've already signed in at least once, you don't need to provide all
# account details on future sign-ins. Just master password
# If you've already signed in at least once, you don't need to provide all
# account details on future sign-ins. Just master password
my_password = getpass.getpass(prompt="1Password master password:\n")
# You may optionally provide an account shorthand if you used a custom one during initial sign-in
# shorthand = "arbitrary_account_shorthand"
# return OP(account_shorthand=shorthand, password=my_password)
# Or we'll try to look up account shorthand from your latest sign-in in op's config file
try:
# no shorthand provided, we'll try to look it up
op = OP(password=my_password)
except OPSigninException as opse:
print("1Password sign-in failed.")
print(opse.err_output)
exit(opse.returncode)
except OPNotFoundException as opnf:
print("Uh oh. Couldn't find 'op'")
print(opnf)
exit(opnf.errno)
except OPConfigNotFoundException as ope:
print("Didn't provide an account shorthand, and we couldn't locate 'op' config to look it up.")
print(ope)
exit(1)
if __name__ == "__main__":
op = do_signin()
item_password = op.get_item_password("Example Login")
print(item_password)
print("")
print("\"Example Login\" can also be looked up by its uuid")
print("")
print("Looking up uuid \"ykhsbhhv2vf6hn2u4qwblfrmg4\"...")
item_password = op.get_item_password("ykhsbhhv2vf6hn2u4qwblfrmg4")
print(item_password)
$ python3 ./examples/example-signin-get-item.py
1Password master password:
Doing normal (non-initial) 1Password sign-in
Signed in.
Looking up "Example Login"...
doth-parrot-hid-tussock-veldt
"Example Login" can also be looked up by its uuid
Looking up uuid "ykhsbhhv2vf6hn2u4qwblfrmg4"...
doth-parrot-hid-tussock-veldt
Document retrieval
op = do_signin()
file_name, document_bytes = op.get_document(
"Example Login - 1Password Logo")
print("The original file name and the document title in 1Password are often different.")
print("File name: {}".format(file_name))
print("Size: {} bytes".format(len(document_bytes)))
print("")
print("\"Example Login - 1Password Logo\" can also be looked up by its uuid")
print("")
print("Looking up uuid \"bmxpvuthureo7e52uqmvqcr4dy\"...")
file_name, document_bytes = op.get_document(
"bmxpvuthureo7e52uqmvqcr4dy")
print(file_name)
print("{} bytes".format(len(document_bytes)))
print("Writing downloaded document to {}".format(file_name))
open(file_name, "wb").write(document_bytes)
$ python3 ./examples/example-signin-get-document.py
1Password master password:
Doing normal (non-initial) 1Password sign-in
Signed in.
Getting document "Example Login - 1Password Logo"...
The original file name and the document title in 1Password are often different.
File name: logo-v1.svg
Size: 2737 bytes
"Example Login - 1Password Logo" can also be looked up by its uuid
Looking up uuid "bmxpvuthureo7e52uqmvqcr4dy"...
logo-v1.svg
2737 bytes
Writing downloaded document to logo-v1.svg
Notes
- This has been lightly tested, and only on my Mac. I don't know if it works on other systems.
- This has been tested with
op
version 1.1.0 - You need the
op
1Password command-line tool. On a Mac with homebrew, you can dobrew install 1password-cli
.
TODO
- Detect if
op
is/is not installed, and be helpful - API to get complete or partial JSON for a vault item, not just a specific field's value
- Maybe one day 1Password.com will have an API and this module won't have to use
op
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
pyonepassword-1.1.0.tar.gz
(9.8 kB
view hashes)
Built Distribution
Close
Hashes for pyonepassword-1.1.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 4e10370e03e90d5bf9d6a92dddea9b5acd5f2f6c68d791eea6324e9645b82bcc |
|
MD5 | 485dd1f8e62410672a7d17141aa04712 |
|
BLAKE2b-256 | a3f91884fe8b48c2d112750bafcf109ff32794038150ab1498404498a0ca9d48 |