PMV
PMV is a tiny utility for working with the 1password CLI.
Commands
env
Generates a set of environment export variables from a 1password tag.
- Login to 1password, eg
eval $(op signin gitlab)
- Create an item in 1password and configure it with a unique tag. Note that slashes (
/
) in tags will be shown hierarchically in the 1password UI, which can be useful for categorization.
- Each field with a
env:
prefix will be emitted as an export. For example env:GITLAB_TOKEN=xyz
will generate export GITLAB_TOKEN=xyz
.
- Use
eval $(pmv env Tag)
to export the environment variables into the current shell.
- To add a prefix to each item, use the optional
--prefix PREFIX_
argument.
Usage:
$ # Before using pmv, log using 1password client
$ eval $(op signin gitlab)
$ # Sample usage of `pmv env`
$ pmv env ProductName/Env:Test
export SECRET=abc
export OTHER_SECRET=xyz
$ # More useful usage, exports variables to shell
$ eval $(pmv env ProductName/Env:Test)
$ # Secrets are now loaded into the environment
$ # Add a prefix to the items
$ pmv env ProductName/Env:Test --prefix HUB_
export HUB_SECRET=abc
export HUB_OTHER_SECRET=xyz
json
Generates a secrets blob in JSON
- Login to 1password, eg
eval $(op signin gitlab)
- Create an item in 1password and configure it with a unique tag. Note that slashes (
/
) in tags will be shown hierarchically in the 1password UI, which can be useful for categorization.
- Each field with a
json:
prefix will be emitted as an export. For example json:secret=xyz
will generate {"secret": "xyz"}
.
- Use
pmv env Tag > secrets.json
to write the secrets to a file.
Usage:
$ # Before using pmv, log using 1password client
$ eval $(op signin gitlab)
$ # Sample usage of `pmv json`
$ pmv json ProductName/Env:Test > secrets.json
capture aws
Captures credentials to AWS for use in Environments. Will validate the credentials before saving them.
- Login to 1password, eg
eval $(op signin gitlab)
- Run:
pmv capture aws --description "My Production Credentials" --tags "MyTag,MyOtherTag" --vault "DefaultsToPersonal" --delete-tagged-items
- You can set a title for the item with
--title
, but if you choose --description
, a title, including details such as AWS Account ID, Account Alias, Username and your chosen Description will be generated.
- ⚠️ Note: using
--delete-tagged-items
will remove any others items with the given tags from the vault.
Usage:
$ # Before using pmv, log using 1password client
$ eval $(op signin gitlab)
$ # Sample usage of `pmv capture aws`
$ pmv capture aws --description "My Production Credentials" --tags "MyTag" --delete-tagged-items
pmv: 🔓 Enter AWS_ACCESS_KEY: AKIA5D2HJMW3IVMIOZS4
pmv: 🔓 Enter AWS_SECRET_ACCESS_KEY:
pmv: 🔓 Thanks. Verifying the credentials with AWS...
pmv: ✅ Verification passed.
pmv: 🗑 Deleting old items with tag `MyTag`
{"uuid":"a6nnjec4nzjqfnvnmcahotfw3i","createdAt":"2022-04-24T10:32:20.67999+02:00","updatedAt":"2022-04-24T10:32:20.67999+02:00","vaultUuid":"5albo45xgknr5k4xm4dlq3whk4"}