The subroutine below retrieves and types a password or TOTP from 1Password. It's much more reliable (and quicker) than my previous macro which used keyboard navigation in 1Password 7 Mini. It types rather than pastes the password for both security and compatibility with non-standard password dialogs.
As ever, constructive criticism is very much welcomed
I haven't worked through all of the options and error handling yet, but it's been working well for me for the last week or so.
(And apologies if someone else has already posted something like this; I've seen references to the CLI being used but not to a macro.)
You'll need to:
Install the 1Password
opCLI tool (I found I needed to install it using the "Manual" method - which only required the download and installation of a standard macOS package - as I don't permit my normal user account to run
sudo, which their Brew method requires).
To retrieve TOTP codes, you'll also need to install the
jqJSON Query command-line tool. I used Homebrew for this:
brew install jq.
Download the main "Type a password from 1Password" subroutine macro below and import into Keyboard Maestro.
If your Mac has an Apple Silicon (M1) CPU, swap the path to
jqin the "Sign into 1Password and find the OTP..." step to
/opt/homebrew/Cellar/jq/1.6/bin/jq(or equivalent), as Rob describes below.
Check/fix the default Account in the "Parse parameters" step. I use "my.1password.eu" but you may need to change that to "my.1password.com" or "my.1password.ca". That's the only account-specific item in this macro; everything else is supplied as parameters to the subroutine.
Test with something like the second and third macros below, substituting for the name of one of the items in your 1Password vault. Note that only the Vault and Item name/ID have to be specified (and you could of course change that if you only have a single vault) - plus the Type for a TOTP item.
If you have any problems with the name of an item (or you think it might get renamed over time) use its persistent Item ID rather than its name. It can be found using the
op item list | grep NAMEcommand or using Edit > Copy Private Link (then isolating the part after the
i=in the query string).
If you run into problems, consult the KM log:
tail -f ~/Library/Logs/Keyboard\ Maestro/Engine.logand try to run the equivalent
opcommands (substituting for account, vault, item etc) on the command line.
Here are two test macros (you'll need to add a trigger and adjust the names of the Vault and Item to suit your own items), showing the optional Description (which will trigger a notification when present) and specifying a "TOTP" Type...