Support item sharing

[ajmr24]

Hi, unless I am mistaken it seems like item sharing (e.g., op item share) is not supported. Are there any plans to add this?

[zcutlip]

That's correct, it doesn't currently support that. But I'm happy to look into it.

Would you mind pasting in a complete op command that does what you want so I can see how you're using it, and try to set up example data for myself?

Also be sure to use --json and provide example output from op.

[ajmr24]

Thanks for looking into this!

The use case is for creating an item (via op item create) and then obtaining a shareable link to that item (via op item share). Once we obtain the id to the item from op item create, the call to op item share would look like:

op item share <item_id> --vault <vault_name> --emails 'myemail@test.com' --expires-in 7d

This returns a url to 1Password.com from which the item can be retrieved, e.g., something like: https://share.1password.com/s#Yjh3TzTzRRfBxPxXC3QT3j3o3Ed9QuLPNhdEYdHc

It does not seem like there is a way to get the CLI to return this url in json format. (--format json does not work)

[zcutlip]

Okay, great. This doesn't look too bad. I'll see what I can do!

[zcutlip]

@ajmr24, 1Password's documentation is somewhat incomplete regarding what does and doesn't work with service accounts. From my testing, item sharing is not supported by service accounts.

I wanted to confirm that's your experience as well, and that you are not using a service account to share items?

More info here: https://developer.1password.com/docs/service-accounts/use-with-1password-cli/

[ajmr24]

I agree that 1Password's documentation is not clear regarding this. I actually reached out to them on their slack channel and got this response from one of the developers:

• The 1Password SDKs currently only support service accounts.
• The 1Password SDKs currently don’t support item sharing.
• 1Password Connect currently doesn’t support item sharing-
• 1Password CLI is capable of doing item sharing in one of the two following ways:
  • Using a service account (if it has the permission to share items from a specific vault)
  • Signing in as the actual user

So item sharing is only supported via the CLI (and currently not by either the SDKs or Connect server), and it does work with service accounts.

I can confirm that in practice I am able to perform item sharing using the CLI with a service account.

[zcutlip]

@ajmr24 I'm really sorry for the delay. Unfortunately some of my family has been displaced by hurricane Helene, so things have gotten crazy for the past few weeks. But I haven't forgotten about you

edit: to be clear, not me or my immediate family, and everyone's safe and sound. just doing our best to help out where we can

[zcutlip]

@ajmr24 I've got a working prototype in the branch dev/202-support-item-sharing

If you're able to try it out, your method is OP.item_share()

I'll try to cut an alpha or beta release in the next few days but below is an example of it in action.

I've only tried it a handful of times with one item in my account. I still need to add this method to my testing framework and write tests for it.

Let me know if you're able to try it and how it works for you

In [1]: output = op.item_share(item_name, emails=emails, vault=vault)

In [2]: output
Out[2]: 'https://share.1password.com/s#talaHS1wwLBoDvYYYqnh0Fm9KKWyKO5eyY8gMB_jwfg'

In [3]: output = op.item_share(item_name, emails=[emails], vault=vault)

In [4]: output
Out[4]: 'https://share.1password.com/s#Fv3TjrHab6NFgydJ1ORlYDmBLRO7bkxj7ldnry8jU3s'

In [5]: output = op.item_share(item_name, emails=[emails], vault=vault, view_once=True)

In [6]: output
Out[6]: 'https://share.1password.com/s#CR4MnK2WbWP8T3c_qTiG5aXiidh4omH4kaN059bTeok'

[zcutlip]

I've got this working and am currently writing tests, which you can see at: https://github.com/zcutlip/pyonepassword/blob/dev/202-support-item-sharing/tests/test_op_api/item/share/test_item_share.py