1password-cli (op) cheatsheet

1password-cli-op-cheatsheet.md

1password-cli (op) cheatsheet

This came in handy when rummaging, managing, deduplicating, and improving the health of a company 1password

List all vault names

op vault list | cut -d' ' -f4- | sed 's,^ ,,g'

Get all vault data in csv format

op vault list --format=json | \
  op vault get - --format json | \
  jq -M -s . | \
  jq -r '(map(keys) | add | unique) as $cols | map(. as $row | $cols | map($row[.])) as $rows | $cols, $rows[] | @csv'

List all users in groups

op group list --format=json | \
  jq -r '.[].name' | \
  while read id; do \
    op group user list $id --format=json | \
      jq '.[] + {"group": "'"$id"'"}'; \
  done | \
  jq -M -s . | \
  jq -r '(map(keys) | add | unique) as $cols | map(. as $row | $cols | map($row[.])) as $rows | $cols, $rows[] | @csv'

Create a group

op group create "<group>"

Add users to group

op group user grant --group "<group>" --user "<user>"

Add group to vault with specific permissions

This gives fewer permissions than the default

op vault group grant \
  --vault <vault> \
  --group <group> \
  --permissions allow_viewing,create_items,edit_items,archive_items,delete_items,import_items

For full permissions use --permissions allow_viewing,allow_editing,allow_managing

List all groups associated to a user

op group list --user <user>

List user associated to group

op user list --group <group>

List users associated to vault

op users list --vault <vault>

List groups associated to vault

op group list --vault <vault>

List groups associated to user

op group list --user <user>

Get all secrets specifically tagged

op item list --tags <tag> --format json | \
  jq -r '.[] | ("\"" + .title + "\",\"" + .vault.name + "\"")'