1Password CLI Skill
Use this skill when you need secrets from 1Password through the op CLI.
References
Workflow
- •Detect OS and shell.
- •Verify CLI is available:
op --version. - •Confirm 1Password desktop app integration is enabled and app is unlocked.
- •Run all
opcommands inside a fresh tmux session. - •Sign in in tmux:
op signin. - •Verify access in tmux:
op whoami. - •For multiple accounts, use
--accountorOP_ACCOUNT.
Required tmux pattern
Otto shell actions are non-interactive and do not preserve a TTY between calls. To avoid repeated auth prompts and session failures, always run op in a dedicated tmux session.
bash
SOCKET_DIR="${TMPDIR:-/tmp}/otto-tmux-sockets"
mkdir -p "$SOCKET_DIR"
SOCKET="$SOCKET_DIR/onepassword.sock"
SESSION="op-auth-$(date +%Y%m%d-%H%M%S)"
tmux -S "$SOCKET" new -d -s "$SESSION" -n shell
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op signin" Enter
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op whoami" Enter
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op vault list" Enter
tmux -S "$SOCKET" capture-pane -p -J -t "$SESSION":0.0 -S -200
tmux -S "$SOCKET" kill-session -t "$SESSION"
Guardrails
- •Never print or paste secret values into logs, chat, or code.
- •Prefer
op runorop injectover writing secrets to disk. - •If you see
account is not signed in, re-runop signininside tmux and approve in app. - •If tmux is unavailable, stop and ask before running
opdirectly.