Hi,
I want to write a batch file to change the password on a particular slot when it is run without user interaction. Is this possible?
Thanks,
Keir
You could put the OnlyKey CLI commands into a batch file. I am not sure what you mean by without user interaction. You can’t type out passwords without touching device.
Hi Keir, have also wondered if this is possible as well. For all other settings you can specify the new value non-interactively on the command line, for example:
onlykey-cli setslot 1a label test1
Successfully set Label
onlykey-cli setslot 1a username user1
Successfully set Username
However for the password, if you try the same, it will interactively prompt you to enter the password even if you had included it on the command line:
onlykey-cli setslot 1a password my_password
Type Control-T to toggle password visible.
Password/Key:
So far the one potential workaround may be to specify both username and password including the separator into the username field (and then use a blank password field):
onlykey-cli setslot 1a username “user1 \t my_password”
Successfully set Username
Has anyone found a more effective workaround to the above?
regards,
Ted
By the way, for the above to work, your key may have to have Sysadmin mode enabled.
Hello,
I am also trying to make a batch file to fill in all needed data for my onlykeys and I have the same issue. It does not seem to be possible to inject passwords from command line.
I tried to enable the sysadmin mode but it did not seem to help.
Also put the key to config mode and that did not help either.
I even tried to redirect input stream to be taken from a file for the onlykey-cli.exe, but that did not work either as I expect the text I pushed was flushed out before the app asked for the password.
One more annoyance I noticed is that it does not seem to be possible even to copy-paste the password on the onlykey-cli.
Which means I am not able to use it even in a limited way. I.e. to fill other fields with the script and just copy-paste the password when the onlykey-cli asks for it.
There was a note in the doc that using cli for secrets is not preferred as the command history is saved.
This is not the case in Windows as the history is deleted when the command prompt is closed.
And additionally I have set up a batch file that gets the commands in a loop from another file that is fetched from an encrypted vault. So the secrets are not even visible on the command line after the batch file has been executed (and that CMD environment is destroyed when the batch file execution ends).
The batchfile for onlykey-cli looks like this if someone else is interested (in the beginning of the file I put the executable to the variable so I can easily change it):
for /F “usebackq tokens=*” %%A in (“%~1”) do (
ECHO CALL %ONLYKEY-CLI-EXE% %%A
CALL %ONLYKEY-CLI-EXE% %%A)
I drop one of the config files on top of the batch file and it picks it up as the first argument “%~1” from where the loop reads the instructions.
In the config file I have the commands like this (anything with semicolon as first char is ignored):
setslot 1a label google-pwd
;setslot 1a url
setslot 1a delay1 0
This would be the perfect way to inject my secrets to my onlykeys, if the password and other secrets could also be entered from the command line with the cli.