1Password CLI Release Notes

1Password CLI

Release Notes

Show betas

2.16.1 (build #2160101) – released 2023-03-29

This release fixes two shell plugins and brings improvements to newly-added functionality.

Improvements

The help text for op events-api now specifies that Events Reporting is only available for business accounts. {3453}
When initializing the SourceGraph shell plugin an appropriate management url will be displayed. {shell-plugins#228}

Fixed

Treasure Data shell plugin no longer returns an error during the init step, as its executable now correctly references its API Key credential. {shell-plugins#225}
When initializing the Gitea plugin, it now also checks the default configuration directory on MacOS to find a credential to import. Thanks to @mcornick for their contribution! {shell-plugins#219}

2.16.0 (build #2160001) – released 2023-03-23

This release introduces a new Events API feature, as well as two new shell plugins. Additionally, it contains fixes and improvements to 1Password CLI and shell plugins.

The default features list when creating new Events API tokens will now include Audit Events, in addition to Sign-In Attempts and Item Usages. {3146}
Authenticate Gitea CLI using Touch ID and other unlock options with 1Password Shell Plugins. Thanks to @14zombies for their contribution! {shell-plugins#205}
Authenticate Treasure Data CLI using Touch ID and other unlock options with 1Password Shell Plugins. Thanks to @Lewuathe for their contribution! {shell-plugins#176}

Improvements

`ngrok` is now aware of the `--config` flag and of any existing config files in the default location on the user's filesystem. {shell-plugins#194}
The HomeBrew shell plugin now skips authentication for the `bump` sub-command as well. Thanks to @MTCoster for their contribution! {shell-plugins#179}
The `--output` flag of `op document get` is now doubled by `--out-file`, for consistency with other commands. {2960}
To help with determining the 1Password item to use for a shell plugin, additional item metadata is now shown in the selection prompt. {3180}
Shell plugins credential fields can now be identified by more than one name. {3386}
`document get` now outputs the absolute file path on a successful file write and prompts to overwrite if the file already exists. {3383}

Fixed

Connect tokens with no vault access permissions can no longer be created using the 1Password CLI. {3167}
Item count is now present in the JSON output of empty vaults' details. {2995}
`UpdatedAt` and `ItemCount` attributes are now consistently up to date in the cached vaults. {3373}
Item version is now up to date in the output of `op item create` and `op item edit`. {3387}
Connect tokens can now be created when passing the `--vault` flag with the `op connect token create`. {3290}
Items are now successfully returned by `op item get` even if they were last edited by a deleted or restricted user. {3394}
The CLI will no longer silently succeed if the piped input is not handled properly. {3378}
Item lookup by name will no longer fail when resource name is alphanumeric of length 26. {2614}

2.14.0 (build #2140001) – released 2023-02-16

This release introduces five new shell plugins as well as improved error messages around shell plugin local builds and CLI command help text.

Shout-out to @arunsathiya from the community for their plugin contributions to this release! 💚

Authenticate ngrok using Touch ID and other unlock options with 1Password Shell Plugins. Thanks to @arunsathiya for their contribution! {shell-plugins#165}
Authenticate Vultr CLI using Touch ID and other unlock options with 1Password Shell Plugins. Thanks to @arunsathiya for their contribution! {shell-plugins#159}
Authenticate Snowflake CLI using Touch ID and other unlock options with 1Password Shell Plugins. {shell-plugins#161}
Authenticate Fastly CLI using Touch ID and other unlock options with 1Password Shell Plugins. Thanks to @arunsathiya for their contribution! {shell-plugins#169}
Authenticate Sourcegraph CLI using Touch ID and other unlock options with 1Password Shell Plugins. Thanks to @arunsathiya for their contribution! {shell-plugins#146}

Improvements

The AWS Shell Plugin now checks if the AWS_SHARED_CREDENTIALS_FILE environment variable is set and attempts to import credentials using the specified file. Thanks to @Volatus for their contribution! {shell-plugins#178}
Error messages for shell plugin local builds now include link to troubleshooting documentation. {3286}
Help text formatting is now more consistent across commands. {3343}
op item help text now shows correct command for getting item category templates. {3358}

2.13.1 (build #2130101) – released 2023-01-25

This release introduces four new shell plugins, as well as two importers. It also contains some improvements and fixes brought to the CLI commands and to the shell plugins' cache.

In addition, this release fixes a bug introduced in 2.13.0, where the Windows binaries were not code-signed.

Shout-out to @bsamseth, @ssttehrani and @alexclst from the community for their contributions to this release! 💚

Authenticate the Cargo CLI using Touch ID and other unlock options with 1Password Shell Plugins. {shell-plugins#139}
Authenticate the Argo CD CLI using Touch ID and other unlock options with 1Password Shell Plugins. Thanks to @ssttehrani for their contribution! {shell-plugins#145}
Authenticate the Databricks CLI using Touch ID and other unlock options with 1Password Shell Plugins. Thanks to @bsamseth for their contribution! {shell-plugins#143}
Authenticate the OpenAI CLI using Touch ID and other unlock options with 1Password Shell Plugins. {shell-plugins#152}
`op update` now allows you to look for updates from a specific channel via the `--channel` flag. {1648}

Improvements

Twilio CLI credentials can now be imported from the `~/.twilio-cli/config.json` config file. {shell-plugins#112}
Linode CLI credentials can now be imported from the `~/.config/linode-cli` config file. Thanks to @alexclst for their contribution! {shell-plugins#113}
Shell plugins now throw an error if a configured item is archived. {3232}
When importing shell plugin credentials and prompting for a vault to store them in, 1Password CLI will only show vault names if all vaults have distinct names. {3244}
The AWS, CircleCI, DigitalOcean, Fossa, GitHub, GitLab, Heroku and Okta plugins no longer unnecessarily prompt for authorization when no arguments are provided to the commands. {shell-plugins#126}
The Homebrew and ReadMe plugins no longer unnecessarily prompt for authorization for 'help' or 'version' related commands. {shell-plugins#126}

Fixed

`--vault` flag for `op item edit` now has the appropriate description. {3273}
Plugin cache no longer breaks when caching certain credentials. {3295}
Code signing for 1Password CLI binaries for Windows has been fixed. {3347}
Connecting 1Password CLI with the 1Password app for Windows is now again possible. {3347}

2.12.0 (build #2120001) – released 2022-12-19

This release introduces three new Shell Plugins!

Shout-out to @shyim and @kanadgupta from the community for their plugin contributions to this release! 💚

Authenticate the ReadMe CLI using Touch ID and other unlock options with 1Password Shell Plugins. Thanks to @kanadgupta for their contribution! {shell-plugins#106}
Authenticate the Hcloud CLI using Touch ID and other unlock options with 1Password Shell Plugins. Thanks to @shyim for their contribution! {shell-plugins#87}
Authenticate the Cloudflare Workers using Touch ID and other unlock options with 1Password Shell Plugins. Thanks to @shyim for their contribution! {shell-plugins#94}

2.11.0 (build #2110001) – released 2022-12-15

This release introduces two new Shell Plugins, as well as a few bug fixes for the Shell Plugins contribution beta.

Additionally, this release also fixes a CLI bug that intermittently causes `panic`s on Windows.

Shout-out to @markdorison and @micnncim from the community for their plugin contributions to this release, as well as to @shyim for bringing a Shell Plugins bug to our attention! 💚

Authenticate the Homebrew package manager using Touch ID and other unlock options with 1Password Shell Plugins. Thanks to @markdorison for their contribution! {shell-plugins#110}
Authenticate the Cachix CLI using Touch ID and other unlock options with 1Password Shell Plugins. Thanks to @micnncim for their contribution! {shell-plugins#97}

Improvements

Shell plugin commands will now error, or show a warning in the case of `op plugin list`, if any incompatible local plugins are detected. {3196}

Fixed

Errors that were encountered sporadically on repeated use of CLI on Windows when 1Password CLI is connected to the 1Password app are no longer returned. {2611}
Locally built plugins with the CredentialUsage.Provisioner field set no longer crash. {3262}
Locally built plugins no longer fail when using cache or additional command flags due to incomplete `ProvisionOutput` sent as response to RPC calls. {3276, shell-plugins#103}

2.10.0 (build #2100003) – released 2022-12-13

This release introduces three new plugins and four new importers, as well as support for the Fish shell for 1Password Shell Plugins.

Shout-out to @markdorison, @alexclst and @colinbarr from the community for their contributions to this release! 💚

Authenticate the Tugboat CLI using Touch ID and other unlock options with 1Password Shell Plugins. Thanks to @markdorison for their contribution! {shell-plugins#85}
Authenticate the Linode CLI using Touch ID and other unlock options with 1Password Shell Plugins. Thanks to @alexclst for their contribution! {shell-plugins#86}
Authenticate the Lacework CLI using Touch ID and other unlock options with 1Password Shell Plugins. Thanks to @colinbarr for their contribution! {shell-plugins#95}
Shell plugins can now be used with Fish shell. {3264}

Improvements

'op plugin init' and 'op plugin run' will now return a warning or an error if the plugin's CLI cannot be found in $PATH. {3230}
Datadog credentials can now be imported from the `.dogrc` config file. {shell-plugins#101}
Snyk credentials can now be imported from the `snyk.json` config file. {shell-plugins#82}
Sentry CLI credentials can now be imported from the `.sentryclirc` config file. {shell-plugins#99}
Github Personal Access Tokens can now be imported from the `gh/hosts.yml` config file. {shell-plugins#74}

2.9.1 (build #2090101) – released 2022-12-06

This patch release fixes the use of the MySQL plugin.

Fixed

Using the MySQL Shell Plugin no longer throws the 'unknown option `--defaults-file`' error. {3259}

2.9.0 (build #2090001) – released 2022-12-05

Welcome to the world of 1Password Shell Plugins! 🚀

Shell Plugins takes the Touch ID and other unlock options you're used to from 1Password CLI and makes them available for every CLI under the sun. ☀️ You can store your API credentials encrypted in 1Password and load them just when you use a CLI, so you never have to store your credentials in plaintext on disk.

We’d like to give a huge shout out to all our awesome beta testers. Throughout the past months, you have helped us tremendously by letting us in on your daily workflows, filing bug reports, suggesting improvements and shaping 1Password Shell Plugins together with us into the product that we are releasing today. You are all amazing! 🎉

Check out all the features of 1Password Shell Plugins and learn more about automating your local workflows in the 1Password developer documentation!

Authenticate CLIs for AWS, CircleCI, DigitalOcean, DogShell, FOSSA, GitHub, GitLab, HashiCorp Vault, Heroku, Okta, PostgreSQL, Sentry, Snyk, Stripe and Twilio using Touch ID and other unlock options with 1Password Shell Plugins.

2.8.0 (build #2080013) – released 2022-12-02

This release brings improvements to the command usage and user operations with the 1Password CLI.

Improvements

The global flags will now only be listed in the root command's help text. {3215}
User provisioning and confirmation operations are more performant. {3087,3137}

2.7.3 (build #2070301) – released 2022-11-01

This release contains improvements and fixes related to shell plugins, modifications to our help-text and a security fix.

Improvements

Usage help-text and error messages now use "Connect with 1Password CLI" as the name of the integration setting. {2628}

Security

Resolved an issue where malicious vault items could override environment variables on Windows. Credits to security researcher RyotaK and the Go security team.

2.7.2 (build #2070202) – released 2022-10-21

This release contains improvements and fixes brought to commands' usage, output and help text.

Improvements

`op signin` help text now notes that users are only prompted to authenticate if not already authenticated. {2824}
Management commands now work with their plural form as well (e.g. `op items list`). {1566}
Information about the `op read` command is now included in the help text for `op item get`. {2830}
Listing connect tokens now shows the IntegrationId instead of the issuer. {1663}
`op user provision` help-text now uses the word "administrator" rather than "admin". {2745}
`op user get` help text examples now use `--public-key` flag instead of `--publickey`. {2922}

Fixed

TRANSFER_SUSPENDED is now accurately reflected in `op user get`. {2704}
It's no longer possible to create a vault with no name. {2855}
Displayed vault details are now consistently up to date for cached vaults. {2829}

2.7.1 (build #2070101) – released 2022-09-08

This release contains a series of fixes for a few issues our customers brought to our attention. Thank you everyone for your involvement.

Improvements

The help text for `op group user` commands now uses simpler language to describe membership. {2687}

Fixed

An error message prompting the user to sign in again is displayed instead of panic when no credentials are available. {2697}
`op vault create --help` now shows the correct default value for the `--allow-admins-to-manage` flag. {2645}
Fixed an issue on Windows where the CLI would return "The system cannot find the file specified" when using biometric unlock in some rare cases. {2806}
Piping multiple items into `op item create` does no longer trigger an Internal Conflict Server Error. {2808}

2.7.0 (build #2070002) – released 2022-08-30

This release prepares support for sharing SSH items and allows for default values to be specified for template variables used in secret references in either `op inject` or `op run`.

Improvements

Default values for template variables can now be specified in environment files used with `op run` and in configuration files used with `op inject`. {2307}
Prepare support for sharing SSH items. After support is added on 1password.com, item-sharing for SSH keys will work from this version onwards. {2700}

2.6.2 (build #2060201) – released 2022-08-17

This patch release fixes a bug related to using `op item create` in scripts.

Improvements

Items that are retrieved from the built-in cache now have their usage reported in the Usage Report. {2021}

Fixed

`op item create` no longer freezes in certain scripts, when called without piped input. {2703}

2.6.1 (build #2060102) – released 2022-08-09

In this release we have a few quality of life improvements, bugfixes, and a significant cache optimization. Also, beta users who wish to use a Docker image can pull the `2-beta` tag to retrieve the latest v2 beta images.

1Password CLI beta release images are published to Docker Hub. {2664}

Improvements

Item caching logic has been optimized. {2662}
`op item list --favorite` now only lists favorite items. {1837}
Creating new Connect servers in a directory in which 1password-credential.json already exists now prompts to confirm a file overwrite. {2220}
Help text examples now show Powershell versions when you use 1Password CLI on Windows. {2581}
The CLI reference overview documentation now notes that the cache is enabled by default on UNIX-like systems. {2621}
`op group user revoke` help text is now up to date with 1Password CLI 2. {2686}

Fixed

Provisioned users who were suspended can now be deleted. {2563}
1Password CLI binaries in Docker images show the correct version. {2671}
Debian beta package version metadata correctly reflects that it is a beta. {2660}

2.6.0 (build #2060007) – released 2022-07-21

This release mostly contains optimisations pertaining to the CLI's caching, as well as improvements and fixes related to file handling.

Improvements

The file of a Document-type item can now be referenced using the 1Password CLI secret referencing syntax. {2118}
Optimize commands that involve retrieving multiple fields (eg. 'op run', 'op inject'). {2557}
Cache is enabled by default, it can be disabled by setting the `OP_CACHE` env var to `false`, or by specifying the `--cache=false` flag. {2589}
`op --help` now contains documentation related to the default caching between commands. {2589}
The help text example for concatenating secrets with op inject now uses db_url consistently. {2522}
`op read` help text now notes that whitespaces are supported, require quotation marks. {2522}

Fixed

User timestamp fields are omitted instead of shown as year 1 if they are not returned in the server response. {2435}
The cache daemon process no longer holds the current directory in use. {2485}
Vault items are cached more reliably and efficiently when the `--cache` flag is enabled. {2540}
The name of file-type fields is again visible in json and human-readable item representations. {2616}
The file-type fields now have the correct ID in the json and human-readable output of items. {2625}

2.5.1 (build #2050101) – released 2022-06-22

This release contains a bugfix.

Fixed

Using biometric unlock on macOS should no longer return the error "connecting to desktop app: determining parent process of" in some rare cases. {2544}

2.5.0 (build #2050001) – released 2022-06-21

This release mainly contains fixes centered around file-handling with the CLI, as well as our Connect client. An exhaustive list of additions, improvements and fixes can be found below.

`op item create/edit` can now handle file attachments to items. {2141}

Improvements

A debug message is now logged if the state of CLI biometric unlock in the 1Password app cannot be determined. {2167}
An error is now thrown when `op document get` tries to print a file containing unprintable characters. {2288}
`op item list` returns more descriptive error messages when it times out. {2371}
The CLI reference overview documentation now includes a learn more section, various style updates. {2386}
Debug messages are printed to stderr instead of stdout. {2167}
The correct ID and secret references are now displayed for file-type item fields in the json output of items. {2524}
`op item get` leverages the vault in its piped input, in order to improve performance for these use-cases. {2211}
A friendlier error is returned if the local session file is corrupt. {2459}
A clearer error is displayed when trying to read a file field that has not finished uploading. {2539}

Fixed

Debug messages are only printed if the --debug flag is used. {2167}
Secret references that match more than one secret now return an error instead of returning the first match when using the CLI with Connect. {2525}
Addressed a problem where upgrading from a CLI version lower than v2.3.1 could lead to an error for the first 10 minutes after updating. {2459}
Fields and files can now be consistently referenced using the 1Password Secret Referencing Syntax, when using a Connect backend. {2541}

2.4.1 (build #2040101) – released 2022-06-08

This patch release addresses some of the issues that have been brought to our attention by our users. We want to thank the 1Password community for raising these, and for helping us quickly identify and fix them.

Improvements

It is now possible to specify the vault of an item on creation through the JSON template or piped input. {2460}
Mentions of `--cache` now note that the cache is not available on Windows. {2447}

Fixed

`op user edit --name NAME` command now correctly updates the user's name. {2501}
Categories containing multiple tokens in their name are not invalidated anymore, when specified in json template/piped input in op item create. {2515}

2.4.0 (build #2040002) – released 2022-05-31

This release contains improvements and fixes over the CLI's piped input handling. The help-text and some user-facing errors have also been improved. To boot, a new command to retrieve information about currently ongoing sessions has been added.

The `op whoami` command now allows retrieving information about the currently ongoing sessions. {2218}

Improvements

You can now pipe json input to the CLI commands without explicitly passing the "-" argument placeholder. {2216}
Successfully granting a Connect server access to a vault prints a completion message. {2210}
A more descriptive error message is returned when `op item get` is called without the vault flag when used with a Connect backend. {2475}

Fixed

Piping now works with `op connect server get`, `op connect server delete` and `op connect token delete`. {2216}
The Connect server UUIDs corresponding to the listed tokens now show up in the json output of `op connect token list`. {2216}
`op item create` now interprets the `--category` flag as expected when items are piped via stdin or passed via template files. {2464}
`op document create` help-text example now uses CLI 2 syntax. {2427}

2.3.1 (build #2030101) – released 2022-05-24

This patch release contains two fixes for regressions introduced in 2.3.0. We want to thank the 1Password CLI community for raising these issues to us, and helping us quickly identify and fix them.

Improvements

A more suggestive error is returned when trying to grant access for Connect to a Private/Personal vault. {2212}
Secret references are now printed in the json output of `op item create/edit` commands. {2387}

Fixed

`op item get` no longer returns an error when `--include-archive` is not specified and Connect is configured. {2476}
When querying values of fields with identical names within different sections of an item using a Connect server, 1Password CLI now returns the expected value. {2477}

Security

Strengthen key derivation for sessions established using biometric unlock by adding a salt. {2062}

2.3.0 (build #2030001) – released 2022-05-20

In this release, we have a mix of new features, quality-of-life improvements, bugfixes, and security updates.

Improvements

The public key, fingerprint, and key type fields of an SSH Key item are included in `op item get` output and secret references. {2341}
The 'Additional Information' field from the human-readable representation of items has been removed. {2369}
The output `op vault list` is sorted alphabetically. {2437}
The cache can also be enabled by setting the `OP_CACHE` environment variable to true. {2372}
A clearer error is returned if the CLI is not installed correctly on macOS for biometric unlock to work. {2202}
The help text example for retrieving a one-time password in `op item get` uses the `--otp` flag. {2358}

Fixed

The CLI should no longer return erroneous fields when there are more than one field with the same ID in an item. {2341}
`op document get` command now prints without adding a new line at the end of its output (a 'linefeed' ASCII character). {2413}
IDs can be used in secret references when using Connect backend. {2384}
The vault ID and name are consistently present in the output of `op item create/edit`. {2441, 2179}
Ensure user properties are correctly populated by getting user object from user API. {2432}

Security

Improved validation of server parameters in SRP process. Credits to Cure53. {2442}

2.2.0 (build #2020001) – released 2022-05-06

This release mainly contains some improvements around the CLI's help-text, as well as adds the possibility to pipe via stdin when creating items.

Improvements

`op connect token create` help-text example now uses CLI 2 syntax. {2292}
`op connect` help-text now clarifies vault limitations. {2330}
`op connect token create` has improved help text, and now takes a `--vault` flag instead of `--vaults` to clarify that multiple `--vault` flags can be set. {2329}
`op item create` now accepts JSON input on stdin. {2425}

2.1.0 (build #2010001) – released 2022-04-25

In this release, we've added a feature to include item fields' secret references as part of an item's JSON output.

JSON item output now shows valid secret references for all fields. {2100,2361}

Improvements

When using `op account add` for a shorthand that already exists, the shorthand is now displayed with the suggested `op account forget` command. {1051}

2.0.2 (build #2000201) – released 2022-04-20

This release contains a small fix and improvements to the usage help-text.

Improvements

When signing in with duplicate accounts a more descriptive message is shown. {1051}
Item types available in item create and item get are cleared up in the usage text. {2272}
The help text for `op item get` is now more clear about the intended output when retrieving fields using the `--fields` flag. {2306}

Fixed

The usage of `op read` no longer contains the reference argument twice. {2261}
Escape sequences in the output of `op run` are no longer escaped. {2331}

2.0.1 (build #2000102) – released 2022-04-17

This release contains fixes and improvements that have been suggested by customers for the 2.0.0 CLI. Additionally, it includes security improvements made after a security audit by Secfault Security.

Added support for OTP field type for inline item assignments. {1647}

Improvements

All links to related developer documentation articles now point to the new URLs. {2069}
`op account add` help text now notes that biometric unlock requires 1Password 8. {2099}
`op completion` help text now has instructions for loading completion information for PowerShell. {2068}
`UUIDs` are now referred to as `IDs` throughout help text. {2136}
JSON item output now includes the vault's name the item is from. {2100}
Errors are clearer when reading/creating config file fails. {2062,2095}
CLI now throws an error when a command doesn't work with Connect and Connect specific environment variables are set. {2046}
`op item template get` no longer shows an empty vault key for the item. {2169}
Subcommands in the help text now follow the CRUDL order. {2058}
The user ID in the output of `op account list` is now referred to as such, instead of user UUID. {2136}
op user provision help text is now more clear. {2159}
Revoking user access from the Team Members group returns a more descriptive error message. {1553}
When adding a new account, you can now supply your user's secret key with the `OP_SECRET_KEY` environment variable. This is the new recommended method to add accounts on systems where we cannot prompt you for the secret key. Credits to Secfault Security. {2185}
The `op` binary from the Docker Image is now statically compiled, and works well with Alpine Docker images. {1694}
The list output for vaults, items and accounts now contains more details in its json format. {2192}
op events-api help text now notes business or team account requirements. {2271}
op item template list now uses new syntax for op item template get example. {2265}
Events API naming is now standardized in help text. {2269}
.env files that are used with `op run` can now contain and refer to environment variables that contain linebreaks. {2086}
Parsing of .env files for `op run` is now more robust. Credits to Secfault Security for pointing out a parsing inconsistency. {2182}

Fixed

Fields called `title`, `url` and `tags` now take priority over the built-in attributes, with `op read`, `op run` and `op inject`. {2059}
The output of `op signin` now correctly mentions that `op signin` uses the `--account` flag instead of an argument. {2089}
Address fields are now properly displayed instead of being empty. {2063}
Addressed a rare case where running a CLI command with biometric unlock enabled consistently results in an "SRP-x unsupported length" error. {2193}
Windows signature file `op.exe.sig` returns to the Windows download archive. {2180}
`op connect vault grant` and `op connect vault revoke` now return an error if you are missing permissions to perform the action. {2213}
Example for document get now uses CLI 2 syntax. {2145}
Providing raw text as piped input into `op inject` now outputs an appropriate error message. {2178}
Date and MonthYear field types are now properly parsed when the item JSON template is provided to create an item. {2075}
The `pkg-version` for the 1Password CLI on macOS now returns the correct version. {2120}
Debian packages for 32-bit arm systems are packaged under the correct architecture name (armhf). {2186}
Addressed an issue where you could get a persistent "You are not currently signed in" even after signing in. {2293}

Security

Replaced backticks in help text and error messages with single quotes. {2112}
Improved the signature verification of the 1Password app when using biometric unlock on Windows. Credits to Secfault Security. {2143}
Filtering of `op` specific environment variables has been removed from `op run`, as no security advantages are obtained by this filtering. Credits to Secfault Security. {2184}
Fixed a race-condition that could result in a file written by the CLI to not end up with the specified filemode. Credits to Secfault Security. {2198}
The CLI refuses to write to files that are symlinked. Credits to Secfault Security. {2198}
Unprintable characters are now filtered out from the output of the CLI, when used interactively. Credits to Secfault Security. {2183}

2.0.0 (build #2000019) – released 2022-03-10

This is the first release of the next generation of 1Password CLI! 🚀

It takes the usability and accessibility that you're used to from 1Password to the terminal. Among others, it allows you to unlock the CLI using biometrics, and has a new and improved command structure and output.

In addition, we also introduced some brand new functionality to 1Password CLI. Some of the features we'd like to highlight are Psst! support and the ability to securely load secrets into scripts, applications, and other workloads.

We would like to shout out our amazing early access community for raising bug reports, suggesting improvements, and helping us shape the 1Password CLI along every iteration of the beta into the product we are now releasing! 🎉

Check out all the improvements and new features below and learn more in our new developer documentation!

1Password CLI 2 now uses a new command schema, together with a more intuitive JSON output format.
Biometric Unlock can now be used instead of typing your account password on the command line. {1943}
Loading secrets into configuration files, environment variables and key-files is now possible with the inject, run and read commands, respectively. {1577}
The item get, inject, run and read commands now also support using a Connect server. Use it by setting OP_CONNECT_HOST and OP_CONNECT_TOKEN environment variables. {1580}
Now you can securely share items with anyone - even if the recipient doesn't use 1Password - using op item share. {1650}
1Password CLI can now be installed via apt, dnf and apk.
All commands now format their output in a new human friendly format. Use the --format=json flag or OP_FORMAT=json environment variable to output as JSON. {1487, 1564}

Improvements

Vault access permissions can now be granted and revoked granularly when managing users' and groups' access to vaults by specifying --permissions. {1517}
Listing groups or users that have access to a vault now displays the group's or user's permissions. {1608}
Granting or revoking vault permissions prints the resulting permissions. {1739}
Setting whether a vault is safe for travel can be achieved with the --travel-mode flag, while editing vaults. {1505}
Deleting multiple vaults at once is now possible. {1505}
When getting items, you can now retrieve fields by field type. {1855}
Creating and editing items now have a dry-run feature, which prints the resulting items without saving them. {1515}
When editing items, you can now change the autofill url, tags and title. {1506}
Creating items can now be done using templates similar in format to the items retrieved with 1Password CLI. The old format is no longer supported. Support for passing in base64 encoded templates as an argument has been removed. {1578}
Creating and editing items now offer support for setting, updating and deleting fields through command line arguments. {1515}
Saving item templates to a file is now possible. {1636}
Curly brackets are no longer shown around vault IDs when listing items. {1632}
Selecting items by tags now retrieves nested tags. {1529}
Setting the --tags flag to an empty value while editing items or documents will now remove all tags. {1558}
Tags specified multiple times on commands to create or edit items or documents are now applied only once. {1598}
Adding new accounts is now done using a standalone command, op account add. Configuring new accounts via op signin is no longer supported. {1898}
op signin accepts the --account flag to select which account to sign in to. The command no longer supports arguments. {1898}
$OP_ACCOUNT and --account flag now also accept a user UUID or an account UUID. {1900}
The --list flag of op signin has been removed, and the functionality has been moved to op account list. {1881}
Listing accounts no longer returns DSECRET and SECRET_KEY in its output. {1748}
Forgetting all authenticated accounts at once is now possible. {1504}
Confirming multiple users of an account at once is now possible. {1502}
Deleting multiple users from an account at once is now possible. {1502}
Editing multiple users within an account at once is now possible. {1502}
Reactivating multiple users within an account at once is now possible. {1502}
Suspending multiple users within an account at once is now possible. {1502}
You can now output debug logs using the binary flag --debug or the environment variable OP_DEBUG. Currently debug logs exist for biometric unlock only. {1910}
--iso-timestamps can now also be set using the $OP_ISO_TIMESTAMPS environment variable. {1926}
The --include-archive flag can now also be specified setting the OP_INCLUDE_ARCHIVE environment variable to true. {1616}
The formatting and phrasing of error messages has been improved. {1871}
The help text across 1Password CLI commands is now clearer, more elaborate and better formatted. {1736}
1Password CLI now has completion support for fish shell. {2056}
list and delete commands can now be used with their aliases: ls, remove and rm. {1571}
Listing events is no longer possible. Please continue using 1Password CLI version 1 to read audit events. Before support for version 1 ends, a more sophisticated solution for audit events will be available. {1710}
armv7 and arm64 Docker images of 1Password CLI are now being built and published on DockerHub. {1771}
When granting a user access to a group, passing the role via the --role flag is now case insensitive. {1752}
Editing groups or vaults now supports clearing the description with --description="". {1544}

Fixed

Retrieving accounts now returns the correct account type for Team accounts. {2008}
op update now works on MacOS too. {1717}
Granting users permission to a vault consistently works as expected. {1730}
Confirming users within an account now properly confirms individual users. {1751}
Listing group permissions to a vault displays the correct permissions based on the account’s tier. {1517}

1Password CLI Release Notes

1Password CLI

Release Notes

2.16.1 (build #2160101) – released 2023-03-29

Improvements

Fixed

2.16.0 (build #2160001) – released 2023-03-23

Improvements

Fixed

2.14.0 (build #2140001) – released 2023-02-16

Improvements

2.13.1 (build #2130101) – released 2023-01-25

Improvements

Fixed

2.12.0 (build #2120001) – released 2022-12-19

2.11.0 (build #2110001) – released 2022-12-15

Improvements

Fixed

2.10.0 (build #2100003) – released 2022-12-13

Improvements

2.9.1 (build #2090101) – released 2022-12-06

Fixed

2.9.0 (build #2090001) – released 2022-12-05

2.8.0 (build #2080013) – released 2022-12-02

Improvements

2.7.3 (build #2070301) – released 2022-11-01

Improvements

Security

2.7.2 (build #2070202) – released 2022-10-21

Improvements

Fixed

2.7.1 (build #2070101) – released 2022-09-08

Improvements

Fixed

2.7.0 (build #2070002) – released 2022-08-30

Improvements

2.6.2 (build #2060201) – released 2022-08-17

Improvements

Fixed

2.6.1 (build #2060102) – released 2022-08-09

Improvements

Fixed

2.6.0 (build #2060007) – released 2022-07-21

Improvements

Fixed

2.5.1 (build #2050101) – released 2022-06-22

Fixed

2.5.0 (build #2050001) – released 2022-06-21

Improvements

Fixed

2.4.1 (build #2040101) – released 2022-06-08

Improvements

Fixed

2.4.0 (build #2040002) – released 2022-05-31

Improvements

Fixed

2.3.1 (build #2030101) – released 2022-05-24

Improvements

Fixed

Security

2.3.0 (build #2030001) – released 2022-05-20

Improvements

Fixed

Security

2.2.0 (build #2020001) – released 2022-05-06

Improvements

2.1.0 (build #2010001) – released 2022-04-25

Improvements

2.0.2 (build #2000201) – released 2022-04-20

Improvements

Fixed

2.0.1 (build #2000102) – released 2022-04-17

Improvements

Fixed

Security

2.0.0 (build #2000019) – released 2022-03-10

Improvements

Fixed

Recommend

About Joyk