feat(1password): add 1password integration

Author: jalpp

README.md

@@ -1,7 +1,7 @@
 
 # PassDIY
 
-A personal password/token manager TUI for developers to generate various types of hash/salted secrets and store them in their cloud-based Hashicorp Vault
+A personal password/token manager TUI for developers to generate various types of hash/salted secrets and store them in different cloud based vaults
 
 ## Why PassDIY?
 
@@ -25,32 +25,20 @@ Because managing tokens, pins used in various dummy/dev apps require them to be
 
 ![passdiydemo2 (1)](https://github.com/user-attachments/assets/a69792c6-d24d-4659-b478-9f9aa32e071d)
 
-## Setup
+## Hashicorp Setup
 
-To allow PassDIY to store and connect to your Hashicorp vault you must create a [service principle](https://developer.hashicorp.com/hcp/docs/hcp/iam/service-principal) with ```Vault Secrets App Manager``` permission. You would also need to set up following Env variables to successfully connect and store the secrets to specific app in your vault. If you don't care about storing the values you can ignore the below variables and directly run 
-`go run main.go`
+To allow PassDIY to store and connect to your Hashicorp vault you must create a [service principle](https://developer.hashicorp.com/hcp/docs/hcp/iam/service-principal) with ```Vault Secrets App Manager``` permission. Also would need set below envs
 
-`HCP_CLIENT_ID` your sp client ID
+`export HCP_CLIENT_ID=<your-hcp-client-id>`
+`export HCP_CLIENT_SECRET=<your-hcp-client-secret>`
 
-`HCP_CLIENT_SECRET` your sp secret
+more detailed in `./Setup.md`
 
-`HCP_ORG_ID` your HCP org ID
+## 1Password Setup
 
-`HCP_PROJECT_ID` your HCP project ID
+To allow PassDIY to connect to your 1Password Vault you would need to set [service principle](https://developer.1password.com/docs/sdks) anf the service account token
 
-`HCP_APP_NAME` your HCP app name
-
-`HCP_API_TOKEN` your HCP API token generated from `HCP_CLIENT_ID` and `HCP_CLIENT_SECRET` you don't need generate `HCP_API_TOKEN` every time it expires the PassDIY's `hcpvaultconnect` command will handle it by automatically connecting for you
-
-you can now clone the repo and run from source
-
-`go run main.go`
-
-can also build PassDIY with build command and run passdiy
-
-`go build`
-
-`./passdiy`
+`export OP_SERVICE_ACCOUNT_TOKEN=<your-service-account-token>`
 
 ## Config
 
@@ -83,6 +71,7 @@ const (
  - [Hashicorp Vault](https://developer.hashicorp.com/hcp/api-docs/vault-secrets#overview)
  - [English](github.com/gregoryv/english)
  - [Clipboard](https://github.com/atotto/clipboard)
+ - [1Password SDK](https://github.com/1Password/onepassword-sdk-go)
 
 ## License
 

Setup.md

@@ -0,0 +1,32 @@
+## Hashicorp Setup
+
+To allow PassDIY to store and connect to your Hashicorp vault you must create a [service principle](https://developer.hashicorp.com/hcp/docs/hcp/iam/service-principal) with ```Vault Secrets App Manager``` permission. You would also need to set up following Env variables to successfully connect and store the secrets to specific app in your vault. If you don't care about storing the values you can ignore the below variables and directly run 
+`go run main.go`
+
+`HCP_CLIENT_ID` your sp client ID
+
+`HCP_CLIENT_SECRET` your sp secret
+
+`HCP_ORG_ID` your HCP org ID
+
+`HCP_PROJECT_ID` your HCP project ID
+
+`HCP_APP_NAME` your HCP app name
+
+`HCP_API_TOKEN` your HCP API token generated from `HCP_CLIENT_ID` and `HCP_CLIENT_SECRET` you don't need generate `HCP_API_TOKEN` every time it expires the PassDIY's `hcpvaultconnect` command will handle it by automatically connecting for you
+
+you can now clone the repo and run from source
+
+`go run main.go`
+
+can also build PassDIY with build command and run passdiy
+
+`go build`
+
+`./passdiy`
+
+## 1Password Setup
+
+To allow PassDIY to connect to your 1Password Vault you would need to set [service principle](https://developer.1password.com/docs/sdks)
+
+`export OP_SERVICE_ACCOUNT_TOKEN=<your-service-account-token>`

cmds/cmd.go

@@ -9,6 +9,7 @@ import (
 	tea "github.com/charmbracelet/bubbletea"
 	"github.com/jalpp/passdiy/config"
 	hcp "github.com/jalpp/passdiy/hcpvault"
+	opass "github.com/jalpp/passdiy/onepassword"
 	cmd "github.com/jalpp/passdiy/password"
 )
 
@@ -24,10 +25,11 @@ var (
 	pwpDesc             = fmt.Sprintf("strong %d-word passphrase", config.PASSPHRASE_COUNT_NUM)
 	saltDesc            = fmt.Sprintf("password with extra %d-char salt on top", config.SALT_EXTRA_LENGTH)
 	hashDesc            = "hash value of a password with Argon2id"
-	directDesc          = "direct hash running buffer value with Argon2id"
-	hcpvaultstoreDesc   = "Store a new secret to Hashicop Vault"
-	hcpvaultconnectDesc = "Generate HCP API token and connect to Hashicop Vault"
+	hcpvaultstoreDesc   = "Store a new secret to Hashicorp Vault"
+	hcpvaultconnectDesc = "Generate HCP API token and connect to Hashicorp Vault"
 	hcpvaultlistDesc    = "List HCP Vault secrets log details"
+	opassstoreDesc      = "Store a new secret to 1Password in password format"
+	opasslistDesc       = "List 1Password Vault item names"
 )
 
 func (i CommandItem) Title() string       { return i.title }
@@ -84,6 +86,8 @@ func CreateCommandItems() []list.Item {
 		CommandItem{title: "hcpvaultstore", desc: hcpvaultstoreDesc},
 		CommandItem{title: "hcpvaultconnect", desc: hcpvaultconnectDesc},
 		CommandItem{title: "hcpvaultlist", desc: hcpvaultlistDesc},
+		CommandItem{title: "1passstore", desc: opassstoreDesc},
+		CommandItem{title: "1passlist", desc: opasslistDesc},
 	}
 }
 
@@ -152,6 +156,17 @@ func HandleCommand(input, userInput string) string {
 			return "Please connect to Hashicorp vault via hcpvaultconnect"
 		}
 		return list
+	case "1passstore":
+		parts := strings.SplitN(userInput, "|", 3)
+		if len(parts) == 3 {
+			user := parts[0]
+			pass := parts[1]
+			url := parts[2]
+			return opass.Create(user, pass, url)
+		}
+		return "Invalid format. use 'user|value|url'."
+	case "1passlist":
+		return opass.List()
 	default:
 		return fmt.Sprintf("Unknown command: %s", input)
 	}

go.mod

@@ -12,10 +12,13 @@ require (
 )
 
 require (
+	github.com/1password/onepassword-sdk-go v0.1.3 // indirect
 	github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
 	github.com/charmbracelet/x/ansi v0.2.3 // indirect
 	github.com/charmbracelet/x/term v0.2.0 // indirect
 	github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f // indirect
+	github.com/extism/go-sdk v1.3.1 // indirect
+	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/mattn/go-localereader v0.0.1 // indirect
@@ -25,6 +28,7 @@ require (
 	github.com/muesli/termenv v0.15.2 // indirect
 	github.com/rivo/uniseg v0.4.7 // indirect
 	github.com/sahilm/fuzzy v0.1.1 // indirect
+	github.com/tetratelabs/wazero v1.8.1 // indirect
 	golang.org/x/crypto v0.17.0 // indirect
 	golang.org/x/sync v0.8.0 // indirect
 	golang.org/x/sys v0.24.0 // indirect

go.sum

@@ -1,3 +1,5 @@
+github.com/1password/onepassword-sdk-go v0.1.3 h1:PP8+pydBt40Uh21tXP9bmPCPTlBc23JW5iVpOjzssw4=
+github.com/1password/onepassword-sdk-go v0.1.3/go.mod h1:nZEOzWFvodClltx8G0xtcNGqzNrrcfW589Rb9T82hE8=
 github.com/alexedwards/argon2id v1.0.0 h1:wJzDx66hqWX7siL/SRUmgz3F8YMrd/nfX/xHHcQQP0w=
 github.com/alexedwards/argon2id v1.0.0/go.mod h1:tYKkqIjzXvZdzPvADMWOEZ+l6+BD6CtBXMj5fnJppiw=
 github.com/atotto/clipboard v0.1.4 h1:EH0zSVneZPSuFR11BlR9YppQTVDbh5+16AmcJi4g1z4=
@@ -16,6 +18,10 @@ github.com/charmbracelet/x/term v0.2.0 h1:cNB9Ot9q8I711MyZ7myUR5HFWL/lc3OpU8jZ4h
 github.com/charmbracelet/x/term v0.2.0/go.mod h1:GVxgxAbjUrmpvIINHIQnJJKpMlHiZ4cktEQCN6GWyF0=
 github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f h1:Y/CXytFA4m6baUTXGLOoWe4PQhGxaX0KpnayAqC48p4=
 github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f/go.mod h1:vw97MGsxSvLiUE2X8qFplwetxpGLQrlU1Q9AUEIzCaM=
+github.com/extism/go-sdk v1.3.1 h1:eVpuv36b67Km/tAb7Cq6msHEW8kkdFgpZO/7fCwjuoE=
+github.com/extism/go-sdk v1.3.1/go.mod h1:tPMWfCSOThie3LSTSZKbrQjRm2oAXxUUjSE4HJWjYQM=
+github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
+github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
 github.com/gregoryv/english v0.6.0 h1:NHGV9r1M20ifPacmPG41ZQGEbH9cTlxvwUuAcXm1v0w=
 github.com/gregoryv/english v0.6.0/go.mod h1:F5O7gDq0yWDJUEOXuNv+ebChEjK7N9eBFHsxGyFui/0=
 github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
@@ -39,6 +45,8 @@ github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
 github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
 github.com/sahilm/fuzzy v0.1.1 h1:ceu5RHF8DGgoi+/dR5PsECjCDH1BE3Fnmpo7aVXOdRA=
 github.com/sahilm/fuzzy v0.1.1/go.mod h1:VFvziUEIMCrT6A6tw2RFIXPXXmzXbOsSHF0DOI8ZK9Y=
+github.com/tetratelabs/wazero v1.8.1 h1:NrcgVbWfkWvVc4UtT4LRLDf91PsOzDzefMdwhLfA550=
+github.com/tetratelabs/wazero v1.8.1/go.mod h1:yAI0XTsMBhREkM/YDAK/zNou3GoiAce1P6+rp/wQhjs=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=

main.go

@@ -101,6 +101,13 @@ func (m model) Update(msg tea.Msg) (tea.Model, tea.Cmd) {
 				if m.inputMode == "hash" && inputValue != "" {
 					return m, tea.Batch(cmd.ExecuteCommand("hash", inputValue), m.spinner.Tick)
 				}
+				if m.inputMode == "1passstore" {
+					if inputValue != "" && strings.Contains(inputValue, "|") {
+						return m, tea.Batch(cmd.ExecuteCommand("1passstore", inputValue), m.spinner.Tick)
+					}
+					m.output = "Please provide input in 'user|value|url' format."
+					return m, nil
+				}
 				if m.inputMode == "hcpvaultstore" {
 					if inputValue != "" && strings.Contains(inputValue, "=") {
 						return m, tea.Batch(cmd.ExecuteCommand("hcpvaultstore", inputValue), m.spinner.Tick)
@@ -110,6 +117,7 @@ func (m model) Update(msg tea.Msg) (tea.Model, tea.Cmd) {
 				}
 				m.output = "Please provide valid input."
 				return m, nil
+
 			}
 
 			selectedItem := m.list.SelectedItem().(cmd.CommandItem).Title()
@@ -134,7 +142,7 @@ func (m model) Update(msg tea.Msg) (tea.Model, tea.Cmd) {
 				return m, tea.Batch(cmd.ExecuteCommand(selectedCommand, m.prevOutput), m.spinner.Tick)
 			}
 
-			if selectedItem == "hash" || selectedItem == "hcpvaultstore" {
+			if selectedItem == "hash" || selectedItem == "hcpvaultstore" || selectedItem == "1passstore" {
 				m.inputMode = selectedItem
 				m.textInput.SetValue("")
 				m.prevOutput = ""
@@ -195,6 +203,15 @@ func (m model) View() string {
 				maskedInput,
 			))
 		}
+
+		if m.inputMode == "1passstore" {
+			return style.GreenStyle.Render(
+				fmt.Sprintf(
+					"Enter the password/token in 'name|value|url' format and press Enter: \n\n%s\n\n",
+					maskedInput,
+				))
+		}
+
 		return style.GreenStyle.Render(fmt.Sprintf(
 			"Enter the token/password for hashing with Argon2id and press Enter:\n\n%s\n\n",
 			maskedInput,
@@ -218,6 +235,10 @@ func (m model) View() string {
 		return style.VaultStyle.Render(fmt.Sprintf("%s\n\n ⛛ Vault: %s", m.list.View(), m.output))
 	}
 
+	if strings.Contains(strings.ToLower(m.output), "1password") {
+		return style.OPassStyle.Render(fmt.Sprintf("%s\n\n1Password Vault: %s", m.list.View(), m.output))
+	}
+
 	return style.GreenStyle.Render(fmt.Sprintf("%s\n\n 🔑 [c] Copy [esc] Exist Sublist [x] Clear \n 🔑 Buffer: %s%s", m.list.View(), cmd.CoverUp(m.output), copyMessage))
 }
 

onepassword/connect.go

@@ -0,0 +1,24 @@
+package onepassword
+
+import (
+	"context"
+	"os"
+
+	"github.com/1password/onepassword-sdk-go"
+)
+
+func Connect() *onepassword.Client {
+
+	token := os.Getenv("OP_SERVICE_ACCOUNT_TOKEN")
+
+	client, err := onepassword.NewClient(context.Background(),
+		onepassword.WithServiceAccountToken(token),
+
+		onepassword.WithIntegrationInfo("passdiy", "v1.0.0"),
+	)
+	if err != nil {
+		return nil
+	}
+
+	return client
+}

onepassword/create.go

@@ -0,0 +1,93 @@
+package onepassword
+
+import (
+	"context"
+	"errors"
+	"fmt"
+
+	"github.com/1password/onepassword-sdk-go"
+)
+
+func GetVaultId(client *onepassword.Client) string {
+	vaults, err := client.Vaults.ListAll(context.Background())
+	var valId string
+	if err != nil {
+		panic(err)
+	}
+	for {
+		vault, err := vaults.Next()
+		if errors.Is(err, onepassword.ErrorIteratorDone) {
+			break
+		} else if err != nil {
+			panic(err)
+		}
+
+		valId = vault.ID
+	}
+	return valId
+}
+
+func createItem(client *onepassword.Client, vaultID string, usernameVal string, passVal string, URL string) string {
+	sectionID := "passDetails"
+	itemParams := onepassword.ItemCreateParams{
+		Title:    fmt.Sprintf("PassDIY Gen: %s", URL),
+		Category: onepassword.ItemCategoryLogin,
+		VaultID:  vaultID,
+		Fields: []onepassword.ItemField{
+			{
+				ID:        "username",
+				Title:     "username",
+				Value:     usernameVal,
+				FieldType: onepassword.ItemFieldTypeText,
+			},
+			{
+				ID:        "password",
+				Title:     "password",
+				Value:     passVal,
+				FieldType: onepassword.ItemFieldTypeConcealed,
+			},
+			{
+				ID:        "onetimepassword",
+				Title:     "one-time password",
+				Value:     "otpauth://totp/my-example-otp?secret=jncrjgbdjnrncbjsr&issuer=1Password",
+				SectionID: &sectionID,
+				FieldType: onepassword.ItemFieldTypeTOTP,
+			},
+		},
+		Sections: []onepassword.ItemSection{
+			{
+				ID:    sectionID,
+				Title: "Extra Details",
+			},
+		},
+		Tags: []string{"passdiy generated", fmt.Sprintf("web: %s", URL)},
+		Websites: []onepassword.Website{
+			{
+				URL:              URL,
+				AutofillBehavior: onepassword.AutofillBehaviorAnywhereOnWebsite,
+				Label:            URL,
+			},
+		},
+	}
+
+	createdItem, err := client.Items.Create(context.Background(), itemParams)
+	if err != nil {
+		return fmt.Sprintf("Error %s", err.Error())
+	}
+
+	return fmt.Sprintf("Successfully created password item ID %s in 1Password Vault", createdItem.Title)
+}
+
+func Create(user string, pass string, URL string) string {
+
+	var client = Connect()
+
+	if client == nil {
+		return "Error! Please check 1password config"
+	}
+
+	var valId = GetVaultId(client)
+
+	return createItem(client, valId, user, pass, URL)
+
+}