1Poshword
PowerShell client for 1Password
- Cross-platform (Windows/OSX/Linux, PowerShell v4.0+)
agilekeychain
andopvault
support- Login, Password, Secure Note, and Generic Account decryption
- Metadata for all entries
- Tab completion (
agilekeychain
only) - Output formats
PSCredential
SecureString
- Plaintext
- Clipboard
- Complete
Get-Help
documentation
Quickstart
Install from the PowerShell Gallery (Windows-only, PS v5+):
PS> Install-Module -Name 1Poshword
Direct download:
'1Poshword.psd1','1Poshword.psm1','lib.ps1','pbkdf2.cs' |% {
Invoke-WebRequest https://raw.githubusercontent.com/latkin/1poshword/master/$_ -OutFile ./$_
}
Import-Module ./1Poshword.psd1
Get-1PEntry
Lists 1Password entries. Alias g1p
.
PS> g1p
Name Type LastUpdated Location
---- ---- ----------- --------
Twitter Login 11/29/15 11:53:44 PM https://twitter.com/
Github Login 11/29/15 11:58:12 PM https://github.com/login
Gmail - Personal Login 11/30/15 12:11:50 AM https://accounts.google.com/ServiceLogin
Gmail - Work Login 2/8/16 4:23:38 PM https://accounts.google.com/ServiceLogin
SSH Password 2/10/16 1:30:34 PM
Gmail Backup Codes SecureNote 6/8/16 8:41:44 AM
...
Details
PS> g1p twitter | fl *
Name : Twitter
Id : E61537A747044159BE8F2A412614C83F
VaultPath : /Users/lincoln/Dropbox/1Password/1Password.agilekeychain
SecurityLevel : SL5
KeyId :
KeyData :
Location : https://twitter.com/
Type : Login
CreatedAt : 10/27/15 8:53:36 PM
LastUpdated : 11/29/15 11:53:44 PM
EncryptedData : U2FsdGVkX198K5razrhlihDvUrIC2FTp29PcqQpmO48MApG758vljLe+z...
Unprotect-1PEntry
Derypts a particular 1Password entry to a variety of formats. Alias 1p
.
Add flag -PasswordOnly
(alias -po
) to output only an entry's password field.
(Yes, "unprotect" is weird, but that's the approved verb for decryption so we're going with it.)
Output | Note | |
---|---|---|
PSCredential | Default for
|
PS> 1p twitter 1Password vault password: *************** |
SecureString | Default for
|
PS> 1p ssh 1Password vault password: *************** |
Plaintext | PS> 1p github -plain 1Password vault password: *************** |
|
Clipboard | PS> 1p 'Gmail - Personal' -clip 1Password vault password: *************** |
Tips
Password-only output | # output password as SecureString PS> 1p twitter -po |
Custom vault path | # at import PS> Import-Module 1Poshword.psd1 -args <.agilekeychain or .opvault path> |
Specify password programmatically | PS> $p = Read-Host -AsSecureString 'Speak, friend, and enter' Speak, friend, and enter: *************** |
Piping | PS> g1p twitter | 1p |
"Reveal" behavior | PS> 1p 'gmail backup codes' -plain | less |
Thanks
1Pass, as the original inspiration for this. The first draft of 1Poshword was mostly just a transcription of 1Pass.
Medo, for the C# Pbkdf2-with-arbitrary-HMAC implementation.
AgileBits, for the excellent docs describing the opvault
data format.
This project is not supported or endorsed by AgileBits. "1Password" is a registered trademark of Agile Web Solutions, Inc.