1Password 8's new Universal Autofill works well - but there are still some circumstances where I find it helpful to use KM to type 1P passwords. And that's now much easier with the new 1Password CLI.
The subroutine below retrieves and types a password, TOTP, or any other field from 1Password. It's much more reliable (and far quicker) than my previous macro which used keyboard navigation in 1Password 7 Mini. It types rather than pastes the password for both security and compatibility with non-standard password dialogs.
As ever, constructive criticism is very much welcomed
I haven't worked through all of the options and error handling yet, but it's been working well for me for the last week or so.
(And apologies if someone else has already posted something like this; I've seen references to the CLI being used but not to a macro.)
You'll need to:
-
Install the 1Password
op
CLI tool (I found I needed to install it using the "Manual" method - which only required the download and installation of a standard macOS package - as I don't permit my normal user account to runsudo
, which their Brew method requires). -
To retrieve TOTP codes, you'll also need to install the
jq
JSON Query command-line tool. I used Homebrew for this:brew install jq
. -
Work through the rest of the CLI Getting Started steps - critically "Turn On Biometric Unlock", if you use your Apple Watch to unlock 1Password.
-
Download the main "Type a password from 1Password" subroutine macro below and import into Keyboard Maestro.
-
If your Mac has an Apple Silicon (M1) CPU, swap the path to
jq
in the "Sign into 1Password and find the OTP..." step to/opt/homebrew/Cellar/jq/1.6/bin/jq
(or equivalent), as Rob describes below. -
Check/fix the default Account in the "Parse parameters" step. I use "my.1password.eu" but you may need to change that to "my.1password.com" or "my.1password.ca". That's the only account-specific item in this macro; everything else is supplied as parameters to the subroutine.
-
Test with something like the second and third macros below, substituting for the name of one of the items in your 1Password vault. Note that only the Vault and Item name/ID have to be specified (and you could of course change that if you only have a single vault) - plus the Type for a TOTP item.
-
If you have any problems with the name of an item (or you think it might get renamed over time) use its persistent Item ID rather than its name. It can be found using the
op item list | grep NAME
command or using Edit > Copy Private Link (then isolating the part after thei=
in the query string). -
If you run into problems, consult the KM log:
tail -f ~/Library/Logs/Keyboard\ Maestro/Engine.log
and try to run the equivalentop
commands (substituting for account, vault, item etc) on the command line.
Type a password from 1Password.kmmacros (22 KB)
Here are two test macros (you'll need to add a trigger and adjust the names of the Vault and Item to suit your own items), showing the optional Description (which will trigger a notification when present) and specifying a "TOTP" Type...