This package provides Emacs auth-source integration for 1Password using secret
references and the op command-line tool. It’s handy for use with things like
smtpmail and other Emacs packages which expect to be able to lookup login
credentials. It should be a drop-in replacement for the default auth-info
source.
This package was heavily inspired by auth-source-gopass. Like that package, as of this writing, each query must resolve to exactly one entry, and there is no interactive selection in case of conflicts.
Installation instructions forthcoming.
To enable the package, run:
(auth-source-1password-enable)This package provides some parameters as well as a function, which can be customized to reflect you personal use-case.
| variable | default | description |
|---|---|---|
auth-source-1password-vault | “Personal” | Vault to search for credentials. |
auth-source-1password-executable | “op” | Executable used for op, should point to a valid installation of the 1Password CLI. |
auth-source-1password-construct-secret-reference | ‘auth-source-1password–1password-construct-entry-path | Function to construct the secret reference in the 1password store. |
To customize the organization of secrets in your 1Password store, re-implement
auth-source-1password-construct-secret-reference. The default assumes that
1Passwords entries are named after the host in question and that passwords are
stored in a field named after the user:
(defun auth-source-1password--1password-construct-entry-path (_backend _type host user _port)
"Construct the full entry-path for the 1password entry for HOST and USER.
Usually starting with the `auth-source-1password-vault', followed
by host and user."
(mapconcat #'identity (list auth-source-1password-vault host user) "/"))In reality, you’ll probably end up searching for entries like this:
(auth-source-pick-first-password :host 1password-entry-name :user 1password-field-name)e.g.,
(auth-source-pick-first-password :host "Gmail.com" :user "password")