PowerShell client for 1Password
PowerShell C#

README.md

1Poshword

PowerShell client for 1Password

demo

  • Cross-platform (Windows/OSX/Linux, PowerShell v4.0+)
  • agilekeychain and opvault support
  • Login, Password, Secure Note, and Generic Account decryption
  • Metadata for all entries
  • Tab completion (agilekeychain only)
  • Output formats
    • PSCredential
    • SecureString
    • Plaintext
    • Clipboard
  • Complete Get-Help documentation

Quickstart

Install from the PowerShell Gallery (Windows-only, PS v5+):

PS> Install-Module -Name 1Poshword

Direct download:

'1Poshword.psd1','1Poshword.psm1','lib.ps1','pbkdf2.cs' |% {
    Invoke-WebRequest https://raw.githubusercontent.com/latkin/1poshword/master/$_ -OutFile ./$_
}

Import-Module ./1Poshword.psd1

Get-1PEntry

Lists 1Password entries. Alias g1p.

PS> g1p

Name               Type       LastUpdated          Location
----               ----       -----------          --------
Twitter            Login      11/29/15 11:53:44 PM https://twitter.com/
Github             Login      11/29/15 11:58:12 PM https://github.com/login
Gmail - Personal   Login      11/30/15 12:11:50 AM https://accounts.google.com/ServiceLogin
Gmail - Work       Login      2/8/16 4:23:38 PM    https://accounts.google.com/ServiceLogin
SSH                Password   2/10/16 1:30:34 PM
Gmail Backup Codes SecureNote 6/8/16 8:41:44 AM
...

Details

PS> g1p twitter | fl *

Name          : Twitter
Id            : E61537A747044159BE8F2A412614C83F
VaultPath     : /Users/lincoln/Dropbox/1Password/1Password.agilekeychain
SecurityLevel : SL5
KeyId         : 
KeyData       : 
Location      : https://twitter.com/
Type          : Login
CreatedAt     : 10/27/15 8:53:36 PM
LastUpdated   : 11/29/15 11:53:44 PM
EncryptedData : U2FsdGVkX198K5razrhlihDvUrIC2FTp29PcqQpmO48MApG758vljLe+z...

Unprotect-1PEntry

Derypts a particular 1Password entry to a variety of formats. Alias 1p.

Add flag -PasswordOnly (alias -po) to output only an entry's password field.

(Yes, "unprotect" is weird, but that's the approved verb for decryption so we're going with it.)

Output Note
PSCredential Default for
  • Login
  • Generic Account
PS> 1p twitter
1Password vault password: ***************

UserName                            Password
--------                            --------
LincolnAtkinson System.Security.SecureString
SecureString Default for
  • Secure Note
  • Password
PS> 1p ssh
1Password vault password: ***************

System.Security.SecureString
Plaintext
PS> 1p github -plain
1Password vault password: ***************

latkin
p@ssw0rd1
Clipboard
PS> 1p 'Gmail - Personal' -clip
1Password vault password: ***************

Tips

Password-only output
# output password as SecureString
PS> 1p twitter -po

# output password as plaintext
PS> 1p twitter -plain -po

# copy password to clipboard
PS> 1p twitter -clip -po
Custom vault path
# at import
PS> Import-Module 1Poshword.psd1 -args <.agilekeychain or .opvault path>

# per-command
PS> 1p entryname -VaultPath <.agilekeychain or .opvault path>

# change default
PS> Set-1PDefaultVaultPath <.agilekeychain or .opvault path>
Specify password programmatically
PS> $p = Read-Host -AsSecureString 'Speak, friend, and enter'
Speak, friend, and enter: ***************

PS> 1p github $p -plain

latkin
p@ssw0rd1
Piping
PS> g1p twitter | 1p
"Reveal" behavior
PS> 1p 'gmail backup codes' -plain | less

Thanks

1Pass, as the original inspiration for this. The first draft of 1Poshword was mostly just a transcription of 1Pass.

Medo, for the C# Pbkdf2-with-arbitrary-HMAC implementation.

AgileBits, for the excellent docs describing the opvault data format.

This project is not supported or endorsed by AgileBits. "1Password" is a registered trademark of Agile Web Solutions, Inc.