Back to Details

1password

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

1Password CLI

1Password CLI

Follow the official CLI get-started steps. Don't guess install commands.
请遵循官方CLI入门步骤操作,不要自行猜测安装命令。

References

参考资料

  • references/get-started.md
    (install + app integration + sign-in flow)
  • references/cli-examples.md
    (real 
    op
    examples)
  • references/get-started.md
    (安装+应用集成+登录流程)
  • references/cli-examples.md
    (真实
    op
    使用示例)

Workflow

工作流程

  1. Check OS + shell.
  2. Verify CLI present: 
    op --version
    .
  3. Confirm desktop app integration is enabled (per get-started) and the app is unlocked.
  4. REQUIRED: create a fresh tmux session for all 
    op
    commands (no direct 
    op
    calls outside tmux).
  5. Sign in / authorize inside tmux: 
    op signin
    (expect app prompt).
  6. Verify access inside tmux: 
    op whoami
    (must succeed before any secret read).
  7. If multiple accounts: use 
    --account
    or 
    OP_ACCOUNT
    .
  1. 检查操作系统与shell环境。
  2. 验证CLI是否已安装:
    op --version
  3. 确认已开启桌面端应用集成(按照入门文档操作)且应用处于解锁状态。
  4. 强制要求:所有
    op
    命令都必须在全新的tmux会话中运行(禁止在tmux外直接调用
    op
    )。
  5. 在tmux内登录/授权:
    op signin
    (会触发桌面端应用提示)。
  6. 在tmux内验证访问权限:
    op whoami
    (读取任何密钥前必须确保该命令执行成功)。
  7. 若存在多个账号:使用
    --account
    参数或
    OP_ACCOUNT
    环境变量指定。

REQUIRED tmux session (T-Max)

强制要求使用tmux会话(T-Max)

The shell tool uses a fresh TTY per command. To avoid re-prompts and failures, always run 
op
inside a dedicated tmux session with a fresh socket/session name.
Example (see 
tmux
skill for socket conventions, do not reuse old session names):
bash
SOCKET_DIR="${OPENCLAW_TMUX_SOCKET_DIR:-${CLAWDBOT_TMUX_SOCKET_DIR:-${TMPDIR:-/tmp}/openclaw-tmux-sockets}}"
mkdir -p "$SOCKET_DIR"
SOCKET="$SOCKET_DIR/openclaw-op.sock"
SESSION="op-auth-$(date +%Y%m%d-%H%M%S)"

tmux -S "$SOCKET" new -d -s "$SESSION" -n shell
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op signin --account my.1password.com" Enter
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op whoami" Enter
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op vault list" Enter
tmux -S "$SOCKET" capture-pane -p -J -t "$SESSION":0.0 -S -200
tmux -S "$SOCKET" kill-session -t "$SESSION"
shell工具会为每条命令分配全新的TTY。为避免重复弹窗提示和运行失败,请始终在使用全新socket/会话名称的专用tmux会话中运行
op
示例(socket规范请参考
tmux
skill,请勿复用旧的会话名称):
bash
SOCKET_DIR="${OPENCLAW_TMUX_SOCKET_DIR:-${CLAWDBOT_TMUX_SOCKET_DIR:-${TMPDIR:-/tmp}/openclaw-tmux-sockets}}"
mkdir -p "$SOCKET_DIR"
SOCKET="$SOCKET_DIR/openclaw-op.sock"
SESSION="op-auth-$(date +%Y%m%d-%H%M%S)"

tmux -S "$SOCKET" new -d -s "$SESSION" -n shell
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op signin --account my.1password.com" Enter
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op whoami" Enter
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op vault list" Enter
tmux -S "$SOCKET" capture-pane -p -J -t "$SESSION":0.0 -S -200
tmux -S "$SOCKET" kill-session -t "$SESSION"

Guardrails

注意事项

  • Never paste secrets into logs, chat, or code.
  • Prefer 
    op run
    / 
    op inject
    over writing secrets to disk.
  • If sign-in without app integration is needed, use 
    op account add
    .
  • If a command returns "account is not signed in", re-run 
    op signin
    inside tmux and authorize in the app.
  • Do not run 
    op
    outside tmux; stop and ask if tmux is unavailable.
  • 切勿将密钥粘贴到日志、聊天记录或代码中。
  • 优先使用
    op run
    / 
    op inject
    ,避免将密钥写入磁盘。
  • 若需要在未开启应用集成的情况下登录,请使用
    op account add
  • 若命令返回「账号未登录」,请在tmux内重新运行
    op signin
    并在桌面应用中完成授权。
  • 禁止在tmux外运行
    op
    ;如果无法使用tmux,请停止操作并咨询相关人员。