Type a Password/TOTP from 1Password 8 CLI

1Password 8's new Universal Autofill works well - but there are still some circumstances where I find it helpful to use KM to type 1P passwords. And that's now much easier with the new 1Password CLI.

The subroutine below retrieves and types a password or TOTP from 1Password. It's much more reliable (and quicker) than my previous macro which used keyboard navigation in 1Password 7 Mini. It types rather than pastes the password for both security and compatibility with non-standard password dialogs.

As ever, constructive criticism is very much welcomed :slight_smile:
I haven't worked through all of the options and error handling yet, but it's been working well for me for the last week or so.

(And apologies if someone else has already posted something like this; I've seen references to the CLI being used but not to a macro.)

You'll need to:

  • Install the 1Password op CLI tool (I found I needed to install it using the "Manual" method - which only required the download and installation of a standard macOS package - as I don't permit my normal user account to run sudo, which their Brew method requires).

  • To retrieve TOTP codes, you'll also need to install the jq JSON Query command-line tool. I used Homebrew for this: brew install jq.

  • Work through the rest of the CLI Getting Started steps - critically "Turn On Biometric Unlock", if you use your Apple Watch to unlock 1Password.

  • Download the main "Type a password from 1Password" subroutine macro below and import into Keyboard Maestro.

  • If your Mac has an Apple Silicon (M1) CPU, swap the path to jq in the "Sign into 1Password and find the OTP..." step to /opt/homebrew/Cellar/jq/1.6/bin/jq (or equivalent), as Rob describes below.

  • Check/fix the default Account in the "Parse parameters" step. I use "my.1password.eu" but you may need to change that to "my.1password.com" or "my.1password.ca". That's the only account-specific item in this macro; everything else is supplied as parameters to the subroutine.

  • Test with something like the second and third macros below, substituting for the name of one of the items in your 1Password vault. Note that only the Vault and Item name/ID have to be specified (and you could of course change that if you only have a single vault) - plus the Type for a TOTP item.

  • If you have any problems with the name of an item (or you think it might get renamed over time) use its persistent Item ID rather than its name. It can be found using the op item list | grep NAME command or using Edit > Copy Private Link (then isolating the part after the i= in the query string).

  • If you run into problems, consult the KM log: tail -f ~/Library/Logs/Keyboard\ Maestro/Engine.log and try to run the equivalent op commands (substituting for account, vault, item etc) on the command line.

Type a password from 1Password.kmmacros (22 KB)

Toggle display of image of macro (with relevant steps expanded)

Here are two test macros (you'll need to add a trigger and adjust the names of the Vault and Item to suit your own items), showing the optional Description (which will trigger a notification when present) and specifying a "TOTP" Type...

Type a test password from 1Password.kmmacros (1.7 KB)

Type a test OTP from 1Password.kmmacros (1.7 KB)

Thanks for these macros. They work great, except that on Monterey, home-brew installs jq at

/opt/homebrew/Cellar/jq/1.6/bin/jq

Once I changed the text script in the KM subroutine macro to reflect that, it works fine.

1 Like

Thanks, Rob - that's really helpful. I've incorporated that as an extra step in my original post to make it easier to follow.

I hadn't spotted that Homebrew uses a different install prefix on M1 Macs. I'm on Monterey too, but still on Intel (and I am a little jealous of your shiny new processor :wink: )