Skip to content

Instantly share code, notes, and snippets.

@codeinthehole
Created June 29, 2022 21:29
Show Gist options
  • Save codeinthehole/d6b35b56ad17d9f165f86d102caf0cd7 to your computer and use it in GitHub Desktop.
Save codeinthehole/d6b35b56ad17d9f165f86d102caf0cd7 to your computer and use it in GitHub Desktop.
Bash script for listing the users who have access to a 1Password item
#!/usr/bin/env bash
#
# Print the users who have access to a given 1Password item.
#
# Usage:
#
# 1pw-item-users "$ITEM_NAME"
#
# Note, the `op` tool must be authenticated before this command is run.
function main {
local item_name="$1"
# Determine the vault ID for the passed item.
local vault_id
vault_id=$(vault_id "$item_name")
# Print the unique emails from the combined lists of direct- and group-linked users.
(vault_direct_user_emails "$vault_id" ; vault_group_user_emails "$vault_id") | sort | uniq
}
# Print the vault ID for the given item name.
function vault_id {
op item get --format=json "$1" | jq -r '.vault.id'
}
# Print a list of user emails who have DIRECT access to a vault (the vault ID is passed).
function vault_direct_user_emails {
op vault user list --format=json "$1" | jq -r '.[].email'
}
# Print a list of user emails who have GROUP access to a vault (the vault ID is passed).
function vault_group_user_emails {
op vault group list --format=json "$1" | jq -r '.[] | .id' | while read -r group_id;
do
op group user list --format=json "$group_id" | jq -r '.[].email';
done
}
main "$@"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment