diff --git a/CHANGELOG.md b/CHANGELOG.md index 561d3b69d..73e188275 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -36,6 +36,7 @@ ### Maintenance - Deps: bump pi-* stack, Slack SDK, discord-api-types, file-type, zod, and Biome. - Skills: add CodexBar model usage helper with macOS requirement metadata. +- Skills: add 1Password CLI skill with op examples. - Lint: organize imports and wrap long lines in reply commands. - Deps: update to latest across the repo. diff --git a/skills/1password/SKILL.md b/skills/1password/SKILL.md new file mode 100644 index 000000000..35bcb5a34 --- /dev/null +++ b/skills/1password/SKILL.md @@ -0,0 +1,30 @@ +--- +name: 1password +description: Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/running secrets via op. +homepage: https://developer.1password.com/docs/cli/get-started/ +metadata: {"clawdbot":{"emoji":"🔐","requires":{"bins":["op"]},"install":[{"id":"brew","kind":"brew","formula":"1password-cli","bins":["op"],"label":"Install 1Password CLI (brew)"}]}} +--- + +# 1Password CLI + +Follow the official CLI get-started steps. Don't guess install commands. + +## References + +- `references/get-started.md` (install + app integration + sign-in flow) +- `references/cli-examples.md` (real `op` examples) + +## Workflow + +1. Check OS + shell. +2. Verify CLI present: `op --version`. +3. Enable desktop app integration in 1Password app (per get-started). +4. Sign in: `op signin`. +5. If multiple accounts: use `--account` or `OP_ACCOUNT`. +6. Verify access: `op whoami` or `op account list`. + +## Guardrails + +- Never paste secrets into logs, chat, or code. +- Prefer `op run` / `op inject` over writing secrets to disk. +- If sign-in without app integration is needed, use `op account add`. diff --git a/skills/1password/references/cli-examples.md b/skills/1password/references/cli-examples.md new file mode 100644 index 000000000..c8da0972b --- /dev/null +++ b/skills/1password/references/cli-examples.md @@ -0,0 +1,29 @@ +# op CLI examples (from op help) + +## Sign in + +- `op signin` +- `op signin --account ` + +## Read + +- `op read op://app-prod/db/password` +- `op read "op://app-prod/db/one-time password?attribute=otp"` +- `op read "op://app-prod/ssh key/private key?ssh-format=openssh"` +- `op read --out-file ./key.pem op://app-prod/server/ssh/key.pem` + +## Run + +- `export DB_PASSWORD="op://app-prod/db/password"` +- `op run --no-masking -- printenv DB_PASSWORD` +- `op run --env-file="./.env" -- printenv DB_PASSWORD` + +## Inject + +- `echo "db_password: {{ op://app-prod/db/password }}" | op inject` +- `op inject -i config.yml.tpl -o config.yml` + +## Whoami / accounts + +- `op whoami` +- `op account list` diff --git a/skills/1password/references/get-started.md b/skills/1password/references/get-started.md new file mode 100644 index 000000000..3c60f75ce --- /dev/null +++ b/skills/1password/references/get-started.md @@ -0,0 +1,17 @@ +# 1Password CLI get-started (summary) + +- Works on macOS, Windows, and Linux. + - macOS/Linux shells: bash, zsh, sh, fish. + - Windows shell: PowerShell. +- Requires a 1Password subscription and the desktop app to use app integration. +- macOS requirement: Big Sur 11.0.0 or later. +- Linux app integration requires PolKit + an auth agent. +- Install the CLI per the official doc for your OS. +- Enable desktop app integration in the 1Password app: + - Open and unlock the app, then select your account/collection. + - macOS: Settings > Developer > Integrate with 1Password CLI (Touch ID optional). + - Windows: turn on Windows Hello, then Settings > Developer > Integrate. + - Linux: Settings > Security > Unlock using system authentication, then Settings > Developer > Integrate. +- After integration, run any command to sign in (example in docs: `op vault list`). +- If multiple accounts: use `op signin` to pick one, or `--account` / `OP_ACCOUNT`. +- For non-integration auth, use `op account add`.